Skip site navigation (1)Skip section navigation (2) 
Date:      27 Feb 2005 10:44:04 -0500
From:      Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To:        wo_shi_big_stomach <wo_shi_big_stomach@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: updating system version of OpenSSH
Message-ID:  <44ll9ahut7.fsf@be-well.ilk.org>
In-Reply-To: <20050227013552.66030.qmail@web41607.mail.yahoo.com>
References:  <20050227013552.66030.qmail@web41607.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
wo_shi_big_stomach <wo_shi_big_stomach@yahoo.com> writes:

> Phil Schulz wrote:
> 
> > If you can't afford to upgrade the base OS and you do not want to 
> > install OpenSSH from the ports
> 
> Sorry, I wasn't clear. I have no problem installing or
> upgrading OpenSSH from ports. Indeed, that's all I
> know how to do.

It's generally the best option for people who need to upgrade to the
latest version string, such as for satisfying corporate security
"experts".  Beyond that, the only real use of ports upgrades is for
people who insist on staying with older base versions.

> My question is how to upgrade OpenSSH as included with
> 5.2.1. If a ports install will do this, great.

It will.

> The more general question is how to upgrade system
> software, especially in cases where it's not included
> in the ports collection.

There are several answers, but the usual one is to update the entire
base system.  FreeBSD is designed to be a complete operating system,
rather than to be updated piecemeal; the advantage is that you don't
have to worry about dependencies between the pieces, but the
disadvantage is that, well, you have to update everything at once.
In the case of people still running 5.2.1, I'd definitely recommend
updating the whole thing -- after all, 5.2.1 wasn't recommended for
production use at the time it was released, and 5.3 was.

Another answer is the FreeBSD-update port (security/freebsd-update),
but it doesn't support custom kernels.  If you're updating because of
a security problem that had a security advisory issued for it, then
the advisory will generally include patches and directions for
applying and building them.  Doing this for arbitrary sets of code
updates is usually possible, but  difficult for anyone who doesn't
have developer-level understanding of source code control.

Good luck.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44ll9ahut7.fsf>