Again: Security updates of individual porst
Polytropon
freebsd at edvax.de
Thu Jan 24 15:31:00 UTC 2013
On Thu, 24 Jan 2013 16:17:34 +0100, Ralf Mardorf wrote:
> So I have to # portsnap fetch update?
Yes.
> If so, wouldn't it cause dependency
> issues, if I wouldn't update all ports?
If you use portmaster to deal with updating your installation,
it will take care of the dependencies. However, it might lead
to "unrelated" ports being udated, too.
Example:
foo-1.0 has vulnerabilities.
Updating ports tree.
foo-1.1 is the "safe" version.
You're running "portmaster foo".
foo is going to be be upgraded.
foo-1.1 relies on bar-2.5, whereas foo-1.0 relied on bar-2.2.
The portmaster run will also upgrade bar.
Possible problem:
baz-5.0 is installed and has been linked against bar-2.2.
baz itself doesn't need updating (not vulnerable).
Depending on how baz implements library calling (dependency),
it might have stopped working.
Solution:
Use "portmaster -a" to check all ports if they need updating.
Possible follow-up problem:
Ports you don't want to be updated (because you're totally happy
with the version you're running) will also be updated by this
command.
Solution:
Be selective in using portmaster and specify exactly the ports
you want to upgrade.
You can also use SVN to checkout only specific ports, but that
leads to an inconsistend ports tree which is not supported to
work (even though it _mostly_ will).
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list