where to find security updates?

Alex de Kruijff freebsd at akruijff.dds.nl
Thu Oct 14 05:33:08 PDT 2004


On Thu, Oct 14, 2004 at 01:57:35PM +0200, Matthias F. Brandstetter wrote:
> Hi all,
> 
> I am somewhat new to FreeBSD, and so not 100% used to this ports and 
> portaudit system.
> 
> My daily sec. output says, that my installed "mod_php4-4.3.8_2" has two 
> vulnerabilities. So I did an "cvsup /root/ports-supfile" and a "make 
> search=mod_php4" afterwards. But I can only see "mod_php4-4.3.6" now, 
> which does not look like an update to "mod_php4-4.3.8_2".

You go wrong here. There doesn't exist a command 'make search=...' it
should be 'make search name=mod_php4'. Because of this you have compiled
(but not installed) all recursive ports. To fix this do: make clean from
/usr/ports (this takes a while)

The most recent for me is: mod_php4-4.3.4_7,1

If you run 'pkg_version | grep php' then you can see if the port is
newer than the one you installed. A < means that this is the case.

> Now my question is: How should/can I update mod_php4, if there is no update 
> available?

First install portupgrade:
# cd /usr/ports/sysutils/portupgrade/
# make install && make clean

Then do:
# rehash
# portupgrade -fR mod_php4

The R also compiles all ports that php4 uses and the f force a recompile
of ports that are of the current version. Its not allways required but
I've had some trouble with php. This solved the problem for me.

-- 
Alex

Please copy the original recipients, otherwise I may not read your reply.
WWW: http://www.kruijff.org/alex/FreeBSD/


More information about the freebsd-questions mailing list