interim port versions

Charles Swiger cswiger at mac.com
Tue Oct 26 13:53:33 PDT 2004 

On Oct 26, 2004, at 3:52 PM, Spiral Eyed Girl wrote:
> Quick question: Whats a port freeze?

Normally, the port committers make changes to the ports tree all of the  
time, on a continuing basis.  A ports freeze occurs to help get the  
ports tree caught up and avoid making sweeping changes just before a  
new version of the OS is released.

See: http://www.freebsd.org/releng/index.html

During a ports freeze, changes need to be approved by portmgr.

	------

On Oct 21, 2004, at 7:48 PM, Aaron P. Martinez wrote:
> I'm new to the bsd's, came from linux and i'm having a bit of  
> difficulty
> figuring out the general philosophy.

OK.  (Welcome!)

> One of the major reasons that i decided to try out the 'bsds'  is
> because of the security.  I'm having a hard time however figuring out
> how security issues in the ports get dealt with when there is a port
> freeze, like now.  The best example i can think of is gaim...(i almost
> didn't recheck the port on the 4.10 tree, it's now mysteriously up to
> date, phew.)

As I mentioned above, the ports tree still changes during a freeze.
Security fixes to ports are very likely to get quick approval by  
portmgr.

> ......slightly altered next paragraph....
> lets say i found out there is a msn slp buffer overflow (like  
> currently)
> and i wanted to protect myself....so i cvsuped my ports tree and then
> wanted to portupgrade....... problem is...since it's a port freeze...up
> until a few days ago it's still at 0.82  not the 1.02 that is out now,  
> I
> watched it and never saw version 1.00 or 1.01.  Are the ports frozen
> _except_for_security_fixes or am i missing something.

I was going to say, "the latter", but maybe it's a little of both.  :-)

Note that you are free to update ports manually.  Try looking for a PR  
containing the changes to update the port(s) you care about, or perhaps  
by doing the work yourself.

> I looked around on the lists for this but didn't see it and it seems
> like a fairly big deal if security issues arise during a freeze.

This issue was recently discussed here:

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=146244+0+/usr/local/www/ 
db/text/2004/freebsd-current/20041017.freebsd-current
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=149246+0+archive/2004/ 
freebsd-current/20041017.freebsd-current

-- 
-Chuck

More information about the freebsd-questions mailing list