From owner-freebsd-security-notifications Mon Dec 18 7:36:30 2000 From owner-freebsd-security-notifications@FreeBSD.ORG Mon Dec 18 07:36:19 2000 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 071BE37B400; Mon, 18 Dec 2000 07:36:19 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs Message-Id: <20001218153619.071BE37B400@hub.freebsd.org> Date: Mon, 18 Dec 2000 07:36:19 -0800 (PST) Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:77 Security Advisory FreeBSD, Inc. Topic: Several vulnerabilities in procfs Category: core Module: procfs Announced: 2000-12-18 Affects: Problem #1: FreeBSD 4.x prior to the correction date. FreeBSD 3.x is unaffected. Problem #2, #3: FreeBSD 4.x and 3.x prior to the correction date. Corrected: 2000-12-16 (FreeBSD 4.2-STABLE) 2000-12-18 (FreeBSD 3.5.1-STABLE) Credits: Frank van Vliet Joost Pol (Problem #1, #2) Esa Etelavuori (Problem #3) FreeBSD only: NO I. Background procfs is the process filesystem, which presents a filesystem interface to the system process table, together with associated data. II. Problem Description There were several problems discovered in the procfs code: 1) Unprivileged local users can gain superuser privileges due to insufficient access control checks on the /proc//mem and /proc//ctl files, which gives access to a process address space and perform various control operations on the process respectively. The attack proceeds as follows: the attacker can fork() a child process and map the address space of the child in the parent. The child process then exec()s a utility which runs with root or other increased privileges. The parent process incorrectly retains read and write access to the address space of the child process which is now running with increased privileges, and can modify it to execute arbitrary code with those privileges. 2) Unprivileged local users can execute a denial of service against the local machine by mmap()ing a processes own /proc//mem file in the procfs filesystem. This will cause the system to enter into an infinite loop in the kernel, effectively causing the system to hang until manually rebooted by an administrator on the system console. 3) Users with superuser privileges on the machine, including users with root privilege in a jail(8) virtual machine, can overflow a buffer in the kernel and bypass access control checks placed on the abilities of the superuser. These include the ability to "break out" of the jail environment (jail is often used as a compartmentalization tool for security purposes), to lower the system securelevel without requiring a reboot, and to introduce new (possibly malicious) code into the kernel on systems where loading of KLDs (kernel loadable modules) has been disabled. III. Impact 1) On vulnerable FreeBSD 4.x systems where procfs is mounted, unprivileged local users can obtain root privileges. 2) On vulnerable FreeBSD 4.x and 3.x systems where procfs is mounted, unprivileged local users can cause the system to hang. 3) On vulnerable FreeBSD 4.x and 3.x systems, superusers who can load the procfs filesystem, or on systems where it is already mounted, can bypass access control checks in the kernel which would otherwise limit their abilities. Consequences include the ability to break out of a jail environment, to lower securelevel or to introduce malicious code into the kernel on systems where loading of KLDs has been disabled. For many systems this vulnerability is likely to have minor impact. IV. Workaround To work around problems 1 and 2, perform the following steps as root: Unmount all instances of the procfs filesystem using the umount(8) command: # umount -f -a -t procfs Disable the automatic mounting of all instances of procfs in /etc/fstab: remove or comment out the line(s) of the following form: proc /proc procfs rw 0 0 The linprocfs filesystem, which provides additional interfaces to Linux binaries to emulate the Linux procfs filesystem, is believed not to be vulnerable to the problems described in this advisory and therefore does not need to be unmounted. Note however that some Linux binaries may require the presence of both procfs and linprocfs in order to function correctly. To work around problem 3 is more difficult since it involves the superuser, but the following steps are believed to be sufficient: * Unmount all procfs filesystems which are visible from within jail environments, to prevent a jail root compromise from compromising the entire system. Since jailed users do not have the ability to mount filesystems, a successful jail root compromise in a jail without procfs visible cannot exploit this vulnerability. * Remove the "options PROCFS" line from your kernel configuration file, if present, and compile a new kernel as described in http://www.freebsd.org/handbook/kernelconfig.html If the running kernel was compiled with "options PROCFS", then any user who has root privileges can mount procfs and exploit vulnerability 3, regardless of system securelevel. If the kernel does not include this option, then an attempt to mount procfs will trigger a load of the procfs.ko KLD module, which is denied at securelevel greater than zero. Since this vulnerability only has meaning (in the case of unjailed root users) on systems which are kept in a securelevel greater than zero, this will always be true, and such systems are not vulnerable to the problem. Note that unmounting procfs may have a negative impact on the operation of the system: under older versions of FreeBSD it is required for some aspects of the ps(1) command, and it may also break use of userland inter-process debuggers such as gdb. Other installed binaries including emulated Linux binaries may require access to procfs for correct operation. V. Solution Upgrade your vulnerable FreeBSD system to 4.2-STABLE after the correction date, or patch your present system source code and rebuild. To patch your present system: download the relevant patch from the below location, and execute the following commands as root: [FreeBSD 3.5.1-RELEASE] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.patch.asc Verify the detached PGP signature using your PGP utility. [FreeBSD 4.1-RELEASE and FreeBSD 4.1.1-RELEASE] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.patch.asc Verify the detached PGP signature using your PGP utility. [FreeBSD 4.2-RELEASE] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.patch.asc Verify the detached PGP signature using your PGP utility. # cd /usr/src/sys # patch -p < /path/to/patch If procfs is statically compiled into the kernel (e.g. the kernel configuration file contains the line 'options PROCFS'), then rebuild and reinstall your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system with the new kernel for the changes to take effect. If procfs is dynamically loaded by KLD (use the kldstat command to verify whether this is the case) and the system securelevel has not been raised, then the system can be patched at run-time without requiring a reboot, by performing the following steps after patching the source as described above: # cd /usr/src/sys/modules/procfs # make all install # umount -f -a -t procfs # kldunload procfs # kldload procfs # mount -f -a -t procfs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOj4uH1UuHi5z0oilAQG4GAP6ArdnOC6dolMGQt4p6yrd+ssEKD62Uh7a y0EGd/7iFi7exxe+jWHQJVQmtyD4o8QYmO6qSJ+lb2iNYJTyKOlPWFWDlUlIhu3e UvsArp9ns/4ERR7eYDvpK095np1ZB6qnLXChQf/oxj7W41QBzmK7Yc/+WW57pwLl DS2/5AzXxXM= =Yol+ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Wed Dec 20 6:29: 1 2000 From owner-freebsd-security-notifications@FreeBSD.ORG Wed Dec 20 06:28:54 2000 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 6BE3137B400; Wed, 20 Dec 2000 06:28:54 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:78.bitchx Message-Id: <20001220142854.6BE3137B400@hub.freebsd.org> Date: Wed, 20 Dec 2000 06:28:54 -0800 (PST) Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:78 Security Advisory FreeBSD, Inc. Topic: bitchx allows remote code execution Category: ports Module: bitchx Announced: 2000-12-20 Credits: nimrood Affects: Ports collection prior to the correction date. Corrected: 2000-12-12 Vendor status: Updated version released FreeBSD only: NO I. Background bitchx is a popular IRC client. II. Problem Description The bitchx port, versions prior to 1.0c17_1, contains a remote vulnerability. Through a stack overflow in the DNS parsing code, a malicious remote user in control of their reverse DNS records may crash a bitchx session, or cause arbitrary code to be executed by the user running bitchx. The bitchx port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4200 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Malicious remote users may execute arbitrary code as the user running bitchx. If you have not chosen to install the bitchx port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the bitchx port/package, if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the bitchx port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/BitchX-1.0c17_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/BitchX-1.0c17_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/BitchX-1.0c17_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/BitchX-1.0c17_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/BitchX-1.0c17_1.tgz NOTE: It may be several days before updated packages are available. 3) download a new port skeleton for the bitchx port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOkDAmFUuHi5z0oilAQHj7QP+O0BAQ/wrl5FYqTb63fYO1hDncbWGxn/4 MhH2NTMj3izZS6Kw+oWDq59DspN1wCPTR8BaickNge2E82Kcg1hggXwu/3eRt7y3 FpT5oDZFk9rLSTl+VWsyV3ljA9LA3e7yCc9vnN1+65uQnW1rChUw8Hi2C5Fu5INJ /a+HgmkMcEI= =xnU+ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Wed Dec 20 6:41: 8 2000 From owner-freebsd-security-notifications@FreeBSD.ORG Wed Dec 20 06:41:00 2000 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 4B3B637B400; Wed, 20 Dec 2000 06:41:00 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:79:oops Message-Id: <20001220144100.4B3B637B400@hub.freebsd.org> Date: Wed, 20 Dec 2000 06:41:00 -0800 (PST) Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:79 Security Advisory FreeBSD, Inc. Topic: oops allows remote code execution Category: ports Module: oops Announced: 2000-12-20 Credits: |CyRaX| Affects: Ports collection prior to the correction date. Corrected: 2000-12-14 Vendor status: Updated version released FreeBSD only: NO I. Background oops is a caching WWW proxy server. II. Problem Description The oops port, versions prior to 1.5.2, contains remote vulnerabilities through buffer and stack overflows in the HTML parsing code. These vulnerabilities may allow remote users to execute arbitrary code as the user running oops. The oops port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4200 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Malicious remote users may execute arbitrary code as the user running oops. If you have not chosen to install the oops port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the oops port/package, if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the oops port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/oops-1.5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/oops-1.5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/oops-1.5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/oops-1.5.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/oops-1.5.2.tgz NOTE: It may be several days before updated packages are available. 3) download a new port skeleton for the oops port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOkDD+VUuHi5z0oilAQF/GQQAphFsq7DIG9Gez7F6ry71W/c9vwC0RMgz 4IWDeYtkLQhB86n2nkQFMeRQi6EAAOKrOeVJtGhjgtOib6nR6sPCJxbY+s7G/RCw /hz1q6xG4MOw+obhFUsKO8UyWfONYGnKNB5JLqi/dbzXPXwSuuf6wKPClZbXRNEv aR8tF+briCU= =ZwXz -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Wed Dec 20 7: 2:31 2000 From owner-freebsd-security-notifications@FreeBSD.ORG Wed Dec 20 07:02:24 2000 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id F1B4937B400; Wed, 20 Dec 2000 07:02:23 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:80.halflifeserver Message-Id: <20001220150223.F1B4937B400@hub.freebsd.org> Date: Wed, 20 Dec 2000 07:02:23 -0800 (PST) Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:80 Security Advisory FreeBSD, Inc. Topic: halflifeserver allows remote code execution Category: ports Module: halflifeserver Announced: 2000-12-20 Credits: Mark Cooper Affects: Ports collection prior to the correction date. Corrected: 2000-11-29 Vendor status: Updated version released FreeBSD only: NO I. Background halflifeserver is a dedicated server for hosting Half-Life games. II. Problem Description The halflifeserver port, versions prior to 3.1.0.4, contains local and remote vulnerabilities through buffer overflows and format string vulnerabilities. These vulnerabilities may allow remote users to execute arbitrary code as the user running halflifeserver. The halflifeserver port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4200 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered after the releases. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Malicious remote users may execute arbitrary code as the user running the halflifeserver software. If you have not chosen to install the halflifeserver port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the halflifeserver port/package, if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the halflifeserver port. 2) download a new port skeleton for the halflifeserver port from: http://www.freebsd.org/ports/ and use it to rebuild the port. Due to license restrictions no binary package is provided for the halflifeserver port. 3) Use the portcheckout utility to automate option (2) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOkDIQVUuHi5z0oilAQGcqQQApE+76gPjqdkQf9TvbGBThPxcSocU8F+N GHiBPzkrgVHqCLYee0sywsQ4KRg2awuq+sP6EcqLTfaIGLZqPgS4xNZ6gqOrrgLP wxvGdtlqgad5lXLEvs1uYwBmj+lTNteYWy6KC04za2rLHYdkZce21kyj+6preXZs trAQ2uVDvsM= =s4GT -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message From owner-freebsd-security-notifications Wed Dec 20 7:27: 5 2000 From owner-freebsd-security-notifications@FreeBSD.ORG Wed Dec 20 07:26:59 2000 Return-Path: Delivered-To: freebsd-security-notifications@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 4B36B37B404; Wed, 20 Dec 2000 07:26:59 -0800 (PST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:81.ethereal Message-Id: <20001220152659.4B36B37B404@hub.freebsd.org> Date: Wed, 20 Dec 2000 07:26:59 -0800 (PST) Sender: owner-freebsd-security-notifications@FreeBSD.ORG Precedence: bulk Reply-To: postmaster@freebsd.org X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:81 Security Advisory FreeBSD, Inc. Topic: ethereal allows remote code execution Category: ports Module: ethereal Announced: 2000-12-20 Credits: mat@hacksware.com Affects: Ports collection prior to the correction date. Corrected: 2000-11-21 Vendor status: Updated version released FreeBSD only: NO I. Background ethereal is a tool for monitoring network activity. II. Problem Description The ethereal port, versions prior to 0.8.14, contains buffer overflows which allow a remote attacker to crash ethereal or execute arbitrary code on the local system as the user running ethereal, typically the root user. These vulnerabilities are identical to those described in advisory 00:61 relating to tcpdump. The ethereal port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 4200 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 are vulnerable to this problem since it was discovered after the releases. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Remote users can cause the local ethereal process to crash, or to execute arbitrary code as the user running ethereal (usually root). IV. Workaround Do not use vulnerable versions of ethereal in network environments which may contain packets from untrusted sources. Deinstall the ethereal port/package, if you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the ethereal port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/ethereal-0.8.14.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ethereal-0.8.14.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/ethereal-0.8.14.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/ethereal-0.8.14.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/ethereal-0.8.14.tgz 3) download a new port skeleton for the ethereal port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBOkDOpVUuHi5z0oilAQFETAP/dV59JADazj/mrRLSW8a6JQluGrU4ZnYY 60KmcRkiuCte+WehA3ZE0h2WRz+RbWuszeyIZ21j6Kz4a0mbb0WURcHtj5CtlQZj BMgezi15rnSfIzfFX4lEZX6bzR9xaPuJSfrRNaMhWY+ioWLQ+fFL8OcllTfa+LYx HUzOVq9kWQk= =s7BI -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security-notifications" in the body of the message