ports, security and updates
Jose Carlos Pereria
freebsd at abismo.org
Wed May 5 05:46:06 PDT 2004
Hello there
I'm fairly recent to FreeBSD, and a issue regarding the ports has come
up that is bothering me a little (FreeBSD 4.9-RELEASE-p4 , i386).
I installed portaudit which has been warning me about a problem with the
mysql I have installed.
portaudit -a
Affected package: mysql-client-4.0.18_1
Type of problem: MySQL insecure temporary file creation (mysqlbug).
Reference: <http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html>
1 problem(s) in your installed packages found.
Although this bug isn't bothering me (chmod 0000
/usr/local/bin/mysqlbug), the fact that no port fix has come out is! :)
This is either due to:
a) a fix hasn't been applied to the port
b) I'm doing something wrong in the cvsup
Before today I was inclinded for option b), but I have just updated a
few security related packages (png,rsync,...) using the same method, but
I'd like to be sure...
The steps I follow:
cvsup -L 2 supfile
portsdb -Uu
pkgdb -F
portversion -l "<"
portupgrade -r packages_to_upgrade
supfile:
##################################################
*default host=cvsup.uk.FreeBSD.org
*default base=/usr/local/etc/cvsup
*default prefix=/usr
*default release=cvs delete use-rel-suffix compress
*default tag=RELENG_4_9
src-all
ports-all tag=.
##################################################
Any comments/advice?
thanks in advance
--
José Carlos Pereira
More information about the freebsd-questions
mailing list