From owner-freebsd-questions@FreeBSD.ORG Thu Jan 24 15:31:00 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 0B5F7B6F for ; Thu, 24 Jan 2013 15:31:00 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id BC236F55 for ; Thu, 24 Jan 2013 15:30:59 +0000 (UTC) Received: from r56.edvax.de (port-92-195-8-191.dynamic.qsc.de [92.195.8.191]) by mx02.qsc.de (Postfix) with ESMTP id 764DB27656; Thu, 24 Jan 2013 16:30:51 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id r0OFUs5n006107; Thu, 24 Jan 2013 16:30:55 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Thu, 24 Jan 2013 16:30:54 +0100 From: Polytropon To: "Ralf Mardorf" Subject: Re: Again: Security updates of individual porst Message-Id: <20130124163054.1c9b3cb1.freebsd@edvax.de> In-Reply-To: References: Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD quest X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2013 15:31:00 -0000 On Thu, 24 Jan 2013 16:17:34 +0100, Ralf Mardorf wrote: > So I have to # portsnap fetch update? Yes. > If so, wouldn't it cause dependency > issues, if I wouldn't update all ports? If you use portmaster to deal with updating your installation, it will take care of the dependencies. However, it might lead to "unrelated" ports being udated, too. Example: foo-1.0 has vulnerabilities. Updating ports tree. foo-1.1 is the "safe" version. You're running "portmaster foo". foo is going to be be upgraded. foo-1.1 relies on bar-2.5, whereas foo-1.0 relied on bar-2.2. The portmaster run will also upgrade bar. Possible problem: baz-5.0 is installed and has been linked against bar-2.2. baz itself doesn't need updating (not vulnerable). Depending on how baz implements library calling (dependency), it might have stopped working. Solution: Use "portmaster -a" to check all ports if they need updating. Possible follow-up problem: Ports you don't want to be updated (because you're totally happy with the version you're running) will also be updated by this command. Solution: Be selective in using portmaster and specify exactly the ports you want to upgrade. You can also use SVN to checkout only specific ports, but that leads to an inconsistend ports tree which is not supported to work (even though it _mostly_ will). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...