cvsup daemon vulnerabilities (was: Re: cvsup with tag=. on src and upgrading (in general))

Richard Schilling rschi at rsmba.biz
Sat Jun 14 17:52:35 PDT 2003 

I'm comfortable now with the tagging of the repository.   I cvsup'd 
src-all without a tag= in the file and got all the revisions (installed 
it into a staging area).  It'll be a handy reference.  Thanks again all 
for taking time to field my newbe questions (the archives are sooo big).

I also cvsup'd the port-all (tag=.) and src-all (tag=RELENG_4), rebuilt 
everything according to the instructions and it all works great.

Using the cvsup-mirror is next on my list :-)

Has anyone reported security problems/vulnerabilities running the cvsup 
daemon?

--Richard





On 2003.06.14 08:12 ian j hart wrote:
> On Saturday 14 June 2003 3:09 am, Richard Schilling wrote:
> > As for /usr/local/etc/cvsup, I did create it because the
> documentation
> > used that directory in the examples for CVSup's status files.  I
> also
> > practiced uploading to a non-/usr directory first just to build
> > confidence.  I just used that directory because after reading it in
> the
> > documentation I knew I'd remember it.  Changed the base, however to
> my
> > own staging area.
> >
> >
> > Here's the example from the documentation:
> >
> > #
> >
> > Putting it all together:
> >
> > Here is the entire supfile for our example:
> >
> > *default tag=.
> > *default host=cvsup666.FreeBSD.org
> > *default prefix=/usr
> > *default base=/usr/local/etc/cvsup
> > *default release=cvs delete use-rel-suffix compress
> >
> > src-all
> >
> >
> > --Richard Schilling
> >
> 
> So this fetches the src for CURRENT. In your original post you said
> you wanted
> to "review changes/diffs". This will not allow you to do that because
> you
> only have a snapshot of the source. To put this another way, you have
> nothing
> to diff against.
> 
> Also forgot to say that the simplest way to fetch a local copy of the
> repository is to install the cvsup-mirror port. Disable its cron job
> and run
> the update script whenever you need to.
> 
> --
> ian j hart
> 
> Quoth the raven, bite me!
> 	Salem Saberhagen (Episode LXXXI: The Phantom Menace)
> 
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to 
> "freebsd-stable-unsubscribe at freebsd.org"
> 
>

More information about the freebsd-stable mailing list