From owner-freebsd-questions@FreeBSD.ORG Sat Oct 7 15:49:18 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38A2F16A494 for ; Sat, 7 Oct 2006 15:49:18 +0000 (UTC) (envelope-from th.lacoste@wanadoo.fr) Received: from smtp9.orange.fr (smtp9.orange.fr [193.252.22.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F80243D53 for ; Sat, 7 Oct 2006 15:49:12 +0000 (GMT) (envelope-from th.lacoste@wanadoo.fr) Received: from smtp-msa-out09.orange.fr (mwinf0904 [172.22.140.26]) by mwinf0910.orange.fr (SMTP Server) with ESMTP id 443CA408BAF for ; Sat, 7 Oct 2006 17:49:11 +0200 (CEST) Received: from aldebaran (ASte-Genev-Bois-151-1-43-65.w83-114.abo.wanadoo.fr [83.114.153.65]) by mwinf0904.orange.fr (SMTP Server) with SMTP id DD9D22400189 for ; Sat, 7 Oct 2006 17:49:09 +0200 (CEST) X-ME-UUID: 20061007154909907.DD9D22400189@mwinf0904.orange.fr Message-ID: <003901c6ea28$247fe230$0201a8c0@aldebaran> From: "Thierry Lacoste" To: Date: Sat, 7 Oct 2006 17:49:12 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 Subject: following RELENG_6_1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 15:49:18 -0000 I have a bunch of servers running FreeBSD 6.1-RELEASE. They perform crucial tasks like Samba domain control, LDAP directory, mail, etc... Though I'm reluctant to touch them I feel that the recent Security Advisories (especially about ssh ans ssl) are a very good reason to follow RELENG_6_1. I'd be grateful if someone could answer the following questions. Is it possible that an upgrade might break software installed from the port? I'm planning to use a build machine as explained in "Tracking for Multiple Machines" http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/small-lan.html What are the alternatives? Is there an easiest yet safe way to go? I was interested by /usr/ports/security/freebsd-update but some of my kernels have "options QUOTA" so I guess it rules out freebsd-update. Quoting FreeBSD-SA-06:23.openssl > NOTE: Any third-party applications, including those installed from the > FreeBSD ports collection, which are statically linked to libcrypto(3) > should be recompiled in order to use the corrected code. How can I find the applications which fall in this category? Best regards, Thierry.