From owner-freebsd-questions@FreeBSD.ORG Mon Mar 8 10:18:03 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 629C016A4CE for ; Mon, 8 Mar 2004 10:18:03 -0800 (PST) Received: from mailout1.informatik.tu-muenchen.de (mailout1.informatik.tu-muenchen.de [131.159.0.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF80243D2D for ; Mon, 8 Mar 2004 10:18:02 -0800 (PST) (envelope-from barner@in.tum.de) Received: by zi025.glhnet.mhn.de (Postfix, from userid 1000) id 88BBB5B41; Mon, 8 Mar 2004 19:17:33 +0100 (CET) Date: Mon, 8 Mar 2004 19:17:33 +0100 From: Simon Barner To: Bart Silverstrim Message-ID: <20040308181733.GG891@zi025.glhnet.mhn.de> References: <000401c40531$0ab88de0$0100000a@liberty> <2121A5DA-7125-11D8-B6F7-000A956D2452@chrononomicon.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Zrag5V6pnZGjLKiw" Content-Disposition: inline In-Reply-To: <2121A5DA-7125-11D8-B6F7-000A956D2452@chrononomicon.com> User-Agent: Mutt/1.5.5.1i X-Virus-Scanned: by amavisd-new at informatik.tu-muenchen.de cc: FreeBSD Questions Mailing List Subject: Re: Update utility X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Mar 2004 18:18:03 -0000 --Zrag5V6pnZGjLKiw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bart Silverstrim wrote: > On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote: > >Is there any utility in FreeBSD 4.9 to check for possible updates/bug=20 > >fixes > >via internet? > > >=20 > I *think* have have kind of a handle on this on the server I just=20 > installed... >=20 > I usually do a cvsup to update the list of the ports tree, then use a=20 > procedure I picked out of http://www.freebsddiary.org/portupgrade.php=20 > to update applications with portupgrade. >=20 > If anyone else has a method other than this, I'd love to know the=20 > procedure :-) For third party applications, portupgrade should be the tool of choice... > This only updates ports. Updating FreeBSD, I don't know of anything=20 > other than if you find a security advisory, you have to have the src=20 > tree and patch that portion and recompile whatever had the=20 > vulnerability, following the advisory instructions. I'm thinking that=20 > since most daemons/applications are from ports, keeping your ports tree= =20 > updated should limit most remote exploits...I would be interested in=20 > knowing of a way to check whether the installation of the OS is up to=20 > date, though. This is what the so-called security branches are good for: Just CVSup your source tree, do a full buildworld cycle, and you should be fine. Valid security branches (for use in your supfile) are for example RELENG_4_9 or RELENG_5_2. If you prefer binary updates, there is a special port (security/freebsd-update), but it will only work on an unaltered installation (i.e. you did not do any buildworlds), and of course, you can run the freebsd-update port incrementally. However, once you use a source based update method, the port will not work any longer, since your installation will consist of custom binaries that do not match the recorded checksums. Simon --Zrag5V6pnZGjLKiw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATLi9Ckn+/eutqCoRAsPuAJ43L7dKs6aG4VTitj83pahzMfzgSwCePxL4 z/bKZXOniNFqw1b+YpUNe9M= =A2sb -----END PGP SIGNATURE----- --Zrag5V6pnZGjLKiw--