Tracking Security in Ports and Base System

Chris Maness chris at
Wed Mar 1 14:32:02 PST 2006

On Wed, 1 Mar 2006, Randy Pratt wrote:

> On Wed, 1 Mar 2006 10:09:51 -0800 (PST)
> chris at wrote:
>>> On Wed, 8 Feb 2006, Chris Maness wrote:
>>>> How should I set up cvsup to just track security updates for ports. And
>> would the best thing to do after I synced CVS, do portupgrade -a so
>> that everything selected gets rebuilt.
>>> I'm not sure there is a way to do this for ports, other than manually
>> checking what's been changed and whether you consider that to be a
>> security upgrade, then upgrading each applicable port by hand. As far as
>> I understand, there is only one tag for ports ("tag=."), which gets you
>> the "current" ports tree. I *can* guarantee that others know more about
>> this than I do.
> There is a port which does this for you (security/portaudit):
>  portaudit provides a system to check if installed ports are
>  listed in a database of published security vulnerabilities.
>  After installation it will update this security database
>  automatically and include its reports in the output of the
>  daily security run.
>>>> What is the equivalent for the base system?
>>> Much simpler: just track RELENG_your_release to get security updates and
>> bug fixes and nothing else. For example, mine is RELENG_5_4 and
>>> therefore tracks 5.4-RELEASE.
> Additionally, I'd suggest subscribing to one of these mailing list so
> that you are notified when a SA is issued:
>  security-advisories at
>  freebsd-announce at
> HTH,
> Randy
> -- 

Thanks, I do have port audit installed.  I was refering to system 
security.  The base system + FreeBSD userland.  I wanted to do this 
because I did get a notice from the security list today.  Do I do a make 
buildworld, to update the system?  Do I do this in /usr/src ?

More information about the freebsd-questions mailing list