From owner-freebsd-questions@FreeBSD.ORG Thu Nov 20 01:25:50 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 826CC16A4CE for ; Thu, 20 Nov 2003 01:25:50 -0800 (PST) Received: from imf18aec.mail.bellsouth.net (imf18aec.mail.bellsouth.net [205.152.59.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29C0E43FBF for ; Thu, 20 Nov 2003 01:25:47 -0800 (PST) (envelope-from b_cassidy@bellsouth.net) Received: from bellsouth.net ([68.214.80.19]) by imf18aec.mail.bellsouth.netSMTP <20031120092546.TSOX2005.imf18aec.mail.bellsouth.net@bellsouth.net> for ; Thu, 20 Nov 2003 04:25:46 -0500 Date: Thu, 20 Nov 2003 04:30:33 -0600 From: Bryan Cassidy To: freebsd-questions@freebsd.org Message-Id: <20031120043033.6ebb0c87.b_cassidy@bellsouth.net> In-Reply-To: <001201c3af35$0f565730$0599a440@linuxops.com> References: <000801c3ae5b$44595cf0$0599a440@linuxops.com> <44fzgk4egj.fsf@be-well.ilk.org> <3FBBA719.5010404@dhap.com> <20031120011849.644d36fb.b_cassidy@bellsouth.net> <001201c3af35$0f565730$0599a440@linuxops.com> X-Mailer: Sylpheed version 0.9.7 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Security question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 09:25:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I personally use the ports tree for installing software. To update the whole ports tree you could run cvsup -g -L 2 /usr/share/examples/cvsup/ports-supfile to get the latest ports *with* the patches for that port. You can also use cvsup to update your source (/usr/src) I also use portupgrade to update the installed ports. I have never used pkg_* because I have always felt pretty comfortable with the ports and feel no need to switch. I'm sure if openssh has some patches/fixes or whatever done to the package it will be updated so you can use it. Example. If you used the ports and gaim-8.0 came out but you only had 0.70 or whatever then all you would need to do is update your ports (like I showed u above) and do a portupgrade gaim and it would update it with the latest fixes/patches/version changes or whatever and resolve any depends. you may need. Using the ports is just a personal reference. I do recommend it though. Plesae check out this for further reading on cvsup http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html On Wed, 19 Nov 2003 23:08:06 -0800 "Kevin McKay" wrote: > Thanks Bryan, > > Two other questions, if I do a pkg_add -r openssh today and then the > same command in 6 months will it always be the same precompiled binary > sitting on the server? Or are they updated with patches from time to > time? how does the openssh port binary differ from the oepnssh system > binary? I have looked all through the handbook and faq's but could not > find a definitive answer. > > Thanks > Kevin McKay > > ----- Original Message ----- > From: "Bryan Cassidy" > To: "Kevin McKay" > Cc: > Sent: Wednesday, November 19, 2003 11:18 PM > Subject: Re: Security question > > > > I don't know anything about using sysinstall for security > > patches/upgrades etc. WHat your looking for I think is cvsup. Please > > read the handbook on Using CVSUP to get the latests source updates, > > security patches for your release and even updating to a different > > RELEASE or -CURRENT or -STABLE. > > > > On Wed, 19 Nov 2003 09:23:37 -0800 > > Kevin McKay wrote: > > > > > So it will not just grab the latest patched binaries for 5.1? I am > > > not > > > > > > sure I understand. Is it just for updating between releases and > > > not for keeping the current release up to date? > > > > > > Kevin > > > > > > Lowell Gilbert wrote: > > > > > > >"Kevin McKay" writes: > > > > > > > > > > > > > > > >>I have read through the documentation but have not been able to > > > >find>a definite answer. I am running a pretty core install of 5.1 > > > >minimal>+ bind9, postfix, apache, ssh, no ports collection. Here > > > >is my>question. When I run the binary update from sysinstall will > > > >that>take care of the earlier ssh vulnerability and update apache > > > >postfix>and bind to the most current version? > > > >> > > > >> > > > > > > > >You normally need to run the sysinstall from the version you're > > > >updating to. You could configure your system's sysinstall to > > > >load in the later version, and it should be compatible, but I > > > >don't know the syntax for that offhand... > > > > > > > > > > > > > > _______________________________________________ > > > freebsd-questions@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > To unsubscribe, send any mail to > > > "freebsd-questions-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/vJfJjnOL7dYm/EQRAh42AJ9IoVVzzRF8Qb9ykPGV2twsFfpHIwCg4uMO QzUGdPvRWH7Y6Kf8NzRAIj0= =U+z7 -----END PGP SIGNATURE-----