Date: Sun, 27 Nov 2016 12:44:57 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: "Herbert J. Skuhra" <herbert@mailbox.org> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: Dealing with (multiple) pkgs with security vulnerabilities. Message-ID: <CAAdA2WO15vE18iCLdL5ukhRmHf1FE5yoFijv_rN=FS5YwZhLPw@mail.gmail.com> In-Reply-To: <868ts5uw17.wl-herbert@mailbox.org> References: <CAAdA2WMFMYT8ss2DqqdeFWmv5atU3cj7DxYHiPCNBBB_TYxEgw@mail.gmail.com> <868ts5uw17.wl-herbert@mailbox.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 November 2016 at 12:11, Herbert J. Skuhra <herbert@mailbox.org> wrote: > Odhiambo Washington wrote: > > > > Hi, > > Part of my security run output contains a long list of packages with > > vulnerabilities. > > 'pkg audit -F' returns a listing of these pkgs with enough details, but > > pkg update && pkg upgrade returns nothing so I suppose there is a better > > way to deal with these. > > Output of 'uname -a' is missing. > Yeah, I am sorry I didn't supply that. I forgot. > > - you are running a version that is EOL (e.g.: FreeBSD 8.x) > That is so true!! But I also have some servers running 9.3 and 10.3. Would it be different dealing with this situation in 9.3|10.3 ?? > => update base first and then try pkg update/upgrade again > - you are running a platform (e.g. arm) for which packages are not > built/updated > - the url in your repository file (e.g. /etc/pkg/FreeBSD.conf) is wrong > url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", > > I know I can manually do 'make -C /path/to/port/directory clean reinstall > > clean', but that is so manual and tirng even just for 10 pkgs to be > updated. > > > > What is the easiest way of doing a batch update for all the listed pkgs? > > - checkout/update /usr/ports with svn(lite) or portsnap > I use portsnap. > - install ports-mgmt/portmaster > I use portupgrade. > - run 'portmaster -a' > So, `portupgrade -1` ?? Okay. I always find that scary. I guess I have to upgrade these systems to 10.3, or maybe 11. > You haven't updated for a long time (more than a year). So maybe it's > better to remove all installed ports (pkg delete -a) and reinstall > them one by one. > Sounds sensibe, but I usually just update the ports that I know as most active - those for which the server was build. Anyway, I get the point now. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WO15vE18iCLdL5ukhRmHf1FE5yoFijv_rN=FS5YwZhLPw>