barner at in.tum.de
Mon Mar 8 10:18:03 PST 2004
Bart Silverstrim wrote:
> On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote:
> >Is there any utility in FreeBSD 4.9 to check for possible updates/bug
> >via internet?
> I *think* have have kind of a handle on this on the server I just
> I usually do a cvsup to update the list of the ports tree, then use a
> procedure I picked out of http://www.freebsddiary.org/portupgrade.php
> to update applications with portupgrade.
> If anyone else has a method other than this, I'd love to know the
> procedure :-)
For third party applications, portupgrade should be the tool of
> This only updates ports. Updating FreeBSD, I don't know of anything
> other than if you find a security advisory, you have to have the src
> tree and patch that portion and recompile whatever had the
> vulnerability, following the advisory instructions. I'm thinking that
> since most daemons/applications are from ports, keeping your ports tree
> updated should limit most remote exploits...I would be interested in
> knowing of a way to check whether the installation of the OS is up to
> date, though.
This is what the so-called security branches are good for: Just CVSup
your source tree, do a full buildworld cycle, and you should be fine.
Valid security branches (for use in your supfile) are for example RELENG_4_9
If you prefer binary updates, there is a special port
(security/freebsd-update), but it will only work on an unaltered
installation (i.e. you did not do any buildworlds), and of course, you
can run the freebsd-update port incrementally.
However, once you use a source based update method, the port will not work
any longer, since your installation will consist of custom binaries that do
not match the recorded checksums.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040308/3180222c/attachment.bin
More information about the freebsd-questions