FreeBSD Security Survey
Jonathan Noack
noackjr at alumni.rice.edu
Mon May 22 06:49:42 PDT 2006
On 05/22/06 05:40, Marian Hettwer wrote:
> Scott Long wrote:
>>> Brent Casavant wrote:
>>>> While I find ports to be the single most useful feature of the FreeBSD
>>>> experience, and can't thank contributors enough for the efforts, I on
>>>> the other hand find updating my installed ports collection (for security
>>>> reasons or otherwise) to be quite painful. I typically use portupgrade
>>>> to perform this task. On several occasions I got "bit" by doing a
>>>> portupgrade which wasn't able to completely upgrade all dependencies
>>>> (particularly when X, GUI's, and desktops are in the mix -- though I
>>>> always follow the special Gnome upgrade methods when appropriate).
>
> Like Scott pointed out below, stick with either building from source, or
> using packages. Mixing them may have strange side effects.
> To give an example.
> I usually use portupgrade without using packages. But last time I needed
> to update my ports (on a production server, though private not corporate
> server), I used portupgrade -P (to use packages if available).
> It updated php, using packages, but unluckily the packages were built
> against apache13. I'm using apache20, so my php installation was
> trashed. Argh.
> But even more painful is the fact that portupgrade _always_ fails on
> some perl modules. Usually p5-XML-Parser. I don't know why, but it's
> annoying...
Dropping security at ...
Odd, I just did a 'portupgrade -fm "-s" p5-XML-Parser' and it worked
fine. Note that I included the '-m "-s"' because it sometimes causes
port build breakage for me (postfix comes to mind). Perhaps a
'portupgrade -Rf p5-XML-Parser' is in order? The only dependencies are
perl and expat, so a recursive rebuild shouldn't take too long. My
persistent port build breakages (that weren't caused by an error in the
port) have always been resolved by rebuilding all dependencies or
removing '-m "-s"'.
-Jonathan
--
Jonathan Noack | noackjr at alumni.rice.edu | OpenPGP: 0x991D8195
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060522/6e56c836/signature.pgp
More information about the freebsd-stable
mailing list