Date: Sat, 14 Jun 2003 17:49:59 -0700 From: Richard Schilling <rschi@rsmba.biz> To: freebsd-stable@freebsd.org Subject: cvsup daemon vulnerabilities (was: Re: cvsup with tag=. on src and upgrading (in general)) Message-ID: <20030615004959.GA357@foghorn.rsmba.biz> In-Reply-To: <200306141612.20890.ianjhart@ntlworld.com>; from ianjhart@ntlworld.com on Sat, Jun 14, 2003 at 08:12:20 -0700 References: <20030613180849.GE12049@foghorn.rsmba.biz> <200306132105.45620.ianjhart@ntlworld.com> <20030614020946.GK16068@foghorn.rsmba.biz> <200306141612.20890.ianjhart@ntlworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm comfortable now with the tagging of the repository. I cvsup'd src-all without a tag= in the file and got all the revisions (installed it into a staging area). It'll be a handy reference. Thanks again all for taking time to field my newbe questions (the archives are sooo big). I also cvsup'd the port-all (tag=.) and src-all (tag=RELENG_4), rebuilt everything according to the instructions and it all works great. Using the cvsup-mirror is next on my list :-) Has anyone reported security problems/vulnerabilities running the cvsup daemon? --Richard On 2003.06.14 08:12 ian j hart wrote: > On Saturday 14 June 2003 3:09 am, Richard Schilling wrote: > > As for /usr/local/etc/cvsup, I did create it because the > documentation > > used that directory in the examples for CVSup's status files. I > also > > practiced uploading to a non-/usr directory first just to build > > confidence. I just used that directory because after reading it in > the > > documentation I knew I'd remember it. Changed the base, however to > my > > own staging area. > > > > > > Here's the example from the documentation: > > > > # > > > > Putting it all together: > > > > Here is the entire supfile for our example: > > > > *default tag=. > > *default host=cvsup666.FreeBSD.org > > *default prefix=/usr > > *default base=/usr/local/etc/cvsup > > *default release=cvs delete use-rel-suffix compress > > > > src-all > > > > > > --Richard Schilling > > > > So this fetches the src for CURRENT. In your original post you said > you wanted > to "review changes/diffs". This will not allow you to do that because > you > only have a snapshot of the source. To put this another way, you have > nothing > to diff against. > > Also forgot to say that the simplest way to fetch a local copy of the > repository is to install the cvsup-mirror port. Disable its cron job > and run > the update script whenever you need to. > > -- > ian j hart > > Quoth the raven, bite me! > Salem Saberhagen (Episode LXXXI: The Phantom Menace) > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030615004959.GA357>