Date: Tue, 9 Mar 2004 00:57:55 -0500 From: "Steve Ireland" <stevei@black-star.net> To: "FreeBSD Questions Mailing List" <freebsd-questions@freebsd.org> Subject: Re: Update utility Message-ID: <024101c4059b$7835d480$1a01a8c0@blackstar.net> References: <000401c40531$0ab88de0$0100000a@liberty><2121A5DA-7125-11D8-B6F7-000A956D2452@chrononomicon.com> <404CF285.8090007@daleco.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Bart Silverstrim" <bsilver@chrononomicon.com> Cc: "Ioannis Vranos" <ivr@emails.ru>; "FreeBSD Questions Mailing List" <freebsd-questions@freebsd.org> Sent: Monday, March 08, 2004 17:24 Subject: Re: Update utility > Bart Silverstrim wrote: > > > > > On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote: > > > >> Is there any utility in FreeBSD 4.9 to check for possible updates/bug > >> fixes > >> via internet? > >> > > > > I *think* have have kind of a handle on this on the server I just > > installed... > > > > I usually do a cvsup to update the list of the ports tree, then use a > > procedure I picked out of http://www.freebsddiary.org/portupgrade.php > > to update applications with portupgrade. > > > > If anyone else has a method other than this, I'd love to know the > > procedure :-) > > > > This only updates ports. Updating FreeBSD, I don't know of anything > > other than if you find a security advisory, you have to have the src > > tree and patch that portion and recompile whatever had the > > vulnerability, following the advisory instructions. I'm thinking that > > since most daemons/applications are from ports, keeping your ports > > tree updated should limit most remote exploits...I would be interested > > in knowing of a way to check whether the installation of the OS is up > > to date, though. > > > > Colin Percival has done something kinda new > and different (and interesting.....) he calls > "FreeBSD Update". I've not tried it, but IIRC > the details are at http://www.daemonology.net/freebsd-update/ > > HTH, > > Kevin Kinsey > DaleCo, S.P. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hello, Below is from a post to security@. It sounds like what you're looking for. I haven't tested it yet, but it my list of things to look into. HTH, Steve >On Thu, Mar 04, 2004 at 03:27:17PM +1100, Michael Vince wrote: >> Hi all >> I thought I would let you people know of a script that I coded that >> facilitates security patch updating on FreeBSD. When I wrote it I >> decided to called it Quickpatch for some reason even though because its >> source based its not necessarily the least bit quick at all :) I had >> kept it for my self for a while but I was recently provoked to release >> it as it could do greater good being out there on the net, because its >> in Perl its quite hackable for custom needs. >> >> http://www.roq.com/projects/quickpatch/ >> >> It has the ability to do a range of different update tasks. These >> features include the ability to easily verify (using PGP) any and all >> advisories, easy setup and use of CVSUP for source and ports tree >> updates. Ability to extract all the useful data out of the official >> FreeBSD security advisories, such as necessary patch commands, security >> advisory topic, exact hours since the patch was made/released, then can >> create ready to run patch files or display/email a full report of that >> information. Also, it can optionally apply the patch files with no >> attendance. Because its highly cronable you can schedule in a 'patch >> mode' kernel recompile and reboot at early morning hours to minimize >> down time inconvenience to others. > >Michael, that's terrific! We've contemplated switching to a >machine-readable format for advisories time and again. Now that >there is a tool that could make use of that, I'm going to investigate >switching again. > >Cheers, >-- >Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org >_______________________________________________ >freebsd-security@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?024101c4059b$7835d480$1a01a8c0>