On Wednesday 22 December 2004 09:06, Mark Andrews wrote: > > Hello, > > > > Due to the recently discovered vulnerability in PHP versions older than > > 4.3.10 and 5.0.3, I decided to take a look at portupgrade to see if it > > is a good way to keep the ports collection up-to-date with respect to > > security issues. I ran cvsup on the security branch (tag=RELENG_5_3), > > then portsdb -Uu. However, portupgrade didn't find any ports that > > needed an upgrade. > > > > Am I doing something wrong or is portupgrade not the best tool to keep > > up with security advisories in ports? > > cvsup of ports does not use tag=RELENG_5_3. > > e.g. > *default host=cvsup.FreeBSD.org > *default base=/usr > *default prefix=/usr > *default release=cvs > *default delete use-rel-suffix > *default tag=. > ports-all > > Use portaudit to track security issues in ports.
Thanks a lot for your reply. If I understand things correctly, I need to maintain two cvsup files - one that tracks security issues in the base FreeBSD 5.3 system (tag=RELENG_5_3, src-all) and one for the ports collection (tag=. , ports-all). Then every time I receive a FreeBSD security advisory I run cvsup on the former, and every time portaudit tells me about a new security issue in the ports collection, I run cvsup on the latter, then use portupgrade to upgrade vulnerable ports. Is this correct? I went through the security chapter of the FreeBSD handbook, but I found it disappointing that it doesn't explain how to keep a FreeBSD system up-to-date of security issues. Also, "The Complete FreeBSD" book by Greg Lehey doesn't even mention the existence of portaudit. Thanks again :-) _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
