Date: Mon, 8 Mar 2004 19:17:33 +0100 From: Simon Barner <barner@in.tum.de> To: Bart Silverstrim <bsilver@chrononomicon.com> Cc: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: Update utility Message-ID: <20040308181733.GG891@zi025.glhnet.mhn.de> In-Reply-To: <2121A5DA-7125-11D8-B6F7-000A956D2452@chrononomicon.com> References: <000401c40531$0ab88de0$0100000a@liberty> <2121A5DA-7125-11D8-B6F7-000A956D2452@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Zrag5V6pnZGjLKiw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Bart Silverstrim wrote: > On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote: > >Is there any utility in FreeBSD 4.9 to check for possible updates/bug=20 > >fixes > >via internet? > > >=20 > I *think* have have kind of a handle on this on the server I just=20 > installed... >=20 > I usually do a cvsup to update the list of the ports tree, then use a=20 > procedure I picked out of http://www.freebsddiary.org/portupgrade.php=20 > to update applications with portupgrade. >=20 > If anyone else has a method other than this, I'd love to know the=20 > procedure :-) For third party applications, portupgrade should be the tool of choice... > This only updates ports. Updating FreeBSD, I don't know of anything=20 > other than if you find a security advisory, you have to have the src=20 > tree and patch that portion and recompile whatever had the=20 > vulnerability, following the advisory instructions. I'm thinking that=20 > since most daemons/applications are from ports, keeping your ports tree= =20 > updated should limit most remote exploits...I would be interested in=20 > knowing of a way to check whether the installation of the OS is up to=20 > date, though. This is what the so-called security branches are good for: Just CVSup your source tree, do a full buildworld cycle, and you should be fine. Valid security branches (for use in your supfile) are for example RELENG_4_9 or RELENG_5_2. If you prefer binary updates, there is a special port (security/freebsd-update), but it will only work on an unaltered installation (i.e. you did not do any buildworlds), and of course, you can run the freebsd-update port incrementally. However, once you use a source based update method, the port will not work any longer, since your installation will consist of custom binaries that do not match the recorded checksums. Simon --Zrag5V6pnZGjLKiw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATLi9Ckn+/eutqCoRAsPuAJ43L7dKs6aG4VTitj83pahzMfzgSwCePxL4 z/bKZXOniNFqw1b+YpUNe9M= =A2sb -----END PGP SIGNATURE----- --Zrag5V6pnZGjLKiw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040308181733.GG891>