Date: Mon, 13 Dec 2010 02:41:18 +0100 From: Matthias Andree <matthias.andree@gmx.de> To: freebsd-ports@freebsd.org Subject: Re: Security updates for packages? Message-ID: <4D0579BE.3000502@gmx.de> In-Reply-To: <AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR%2B@mail.gmail.com> References: <AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR%2B@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 12.12.2010 21:28, schrieb Kevin Kreamer: > Hi, > > Having not used FreeBSD for several years, I did a fresh install yesterday > of 8.1-RELEASE, and then used pkg_add -r to install several packages. I > then came across portaudit, ran it, and it indicated that I had three > vulnerable packages (git, ruby, and sudo). Looking at > http://www.vuxml.org/freebsd/, it appears that these were reported in July, > August, and September respectively. > > Basically, I would think a freshly installed system would not have security > vulnerabilities from months prior. Is that an erroneous assumption on my > part, am I just misunderstanding something, or do I have something > misconfigured? Do only ports get security updates, and not packages? Or is > this related to the fact that I picked RELEASE, versus CURRENT or STABLE? I'd advise to use portsnap to get an up to date ports tree (if you haven't used it, run "portsnap fetch extract" for the first time, and every time you feel like updating, you run "portsnap fetch update"). I'd also advise to install portmaster and upgrade your vulnerable ports with that, i. e.: portsnap fetch update # or extract if you're bootstrapping cd /usr/ports/ports-mgmt/portmaster make install clean # as root or toor or under sudo less /usr/src/UPDATING # check if there are relevant entries for your ports portmaster sudo git ruby That's it. For details, see the portsnap and portmaster manuals. HTH -- Matthias Andree
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D0579BE.3000502>