From owner-freebsd-ports@FreeBSD.ORG Mon Dec 13 00:12:05 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8666B1065670 for ; Mon, 13 Dec 2010 00:12:05 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.tyknet.dk (mail.tyknet.dk [IPv6:2002:d596:2a92:2:155::]) by mx1.freebsd.org (Postfix) with ESMTP id 40E198FC18 for ; Mon, 13 Dec 2010 00:12:05 +0000 (UTC) Received: from tykburk.tyknet.cn.dom (1503033810.dong.dbnet.dk [89.150.121.210]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.tyknet.dk (Postfix) with ESMTPSA id 41464638DAC for ; Mon, 13 Dec 2010 01:12:01 +0100 (CET) X-DKIM: OpenDKIM Filter v2.1.3 mail.tyknet.dk 41464638DAC DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1292199121; bh=gaLSpA5j1zpiDTJjecIMms/FgqnosFdWgGDBtXXFm28=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=PKocgwiJRP/nFoeOSMYzz6EJGKW7mblG3FtpLMCtsv+2vsKuPi2NUOY3RE6aIFeUz rAUXWETv2RZMTKgp6UPynLyKJcxw3R2XOdeMInQQmjdmIFyP8fJb1c57TPv4ns0qcU dhRnwzTLJimgxjmpfxciwKnYshVTMXf3Ze3sCgQ8= Message-ID: <4D0564D0.8080406@gibfest.dk> Date: Mon, 13 Dec 2010 01:12:00 +0100 From: Thomas Steen Rasmussen User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.9) Gecko/20101005 Lightning/1.0b2 Thunderbird/3.1.4 MIME-Version: 1.0 To: freebsd-ports@freebsd.org References: <4D0559E5.4030409@FreeBSD.org> In-Reply-To: <4D0559E5.4030409@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Security updates for packages? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 00:12:05 -0000 On 13.12.2010 00:25, Doug Barton wrote: > On 12/12/2010 12:28, Kevin Kreamer wrote: >> Hi, >> >> Having not used FreeBSD for several years, I did a fresh install >> yesterday >> of 8.1-RELEASE, and then used pkg_add -r to install several packages. I >> then came across portaudit, ran it, and it indicated that I had three >> vulnerable packages (git, ruby, and sudo). Looking at >> http://www.vuxml.org/freebsd/, it appears that these were reported in >> July, >> August, and September respectively. > > How did you install the package? > > He said he installed it using pkg_add -r, which will have pulled the package from the 8.1-RELEASE repository which is quite old by now. Kevin: You can set PACKAGESITE environment variable to a different path, to get packages that are more up to date: PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest pkg_add -r something Hope this helps, Thomas Steen Rasmussen