From owner-freebsd-questions Wed Oct 23 6:24: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 086FC37B401 for ; Wed, 23 Oct 2002 06:24:08 -0700 (PDT) Received: from rutger.owt.com (rutger.owt.com [204.118.6.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8764843E9E for ; Wed, 23 Oct 2002 06:24:07 -0700 (PDT) (envelope-from kstewart@owt.com) Received: from owt.com (owt-207-41-94-232.owt.com [207.41.94.232]) by rutger.owt.com (8.9.3/8.9.3) with ESMTP id GAA08647; Wed, 23 Oct 2002 06:24:00 -0700 Message-ID: <3DB6A2EE.7060903@owt.com> Date: Wed, 23 Oct 2002 06:23:58 -0700 From: Kent Stewart User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, es-mx MIME-Version: 1.0 To: Toomas Aas Cc: questions@freebsd.org Subject: Re: mergemaster problem References: <200210231044.g9NAi1u20546@lv.raad.tartu.ee> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Toomas Aas wrote: > Hi! > > >>Date: Tue, 22 Oct 2002 11:57:44 -0700 >>From: Kent Stewart >>Subject: Re: mergemaster problem > > > [... about upgrading the world ...] > >>If they fix a security related buffer overflow problem in one of the >>system libraries, you need to update all ports that use that library. > > > Isn't that the case only with statically linked binaries? > Yes! The problem is knowing which method they use. The normal assumption would be dynamic because it is less trouble and can be more efficient with respect to memory usage. The paranoid side of me, which worrys about security, would assume static unless told otherwise. Since I haven't rebuilt all of my old ports, I haven't worried about it too much :). I have never got that involved with a port make file with the exception of Code Crusader and I didn't pay attention to it. The port make files are so much more involved than anything I used on a vendor maintained OS. There was always a generator that you passed a directory and it created the basic make files for me. The first one I created on FreeBSD had 277 modules and was really painful to create. I think I did everything that I could do wrong first. Kent -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message