Re: Security updates

2013-01-23 Thread Jens Jahnke 
Hi,

On Wed, 23 Jan 2013 12:42:00 +0100
Ralf Mardorf ralf.mard...@alice-dsl.net wrote:

RM Because compiling does take very long, I will not update the whole
RM ports tree that often, I alos like to keep software versions that
RM fit to my needs when ever possible, but I guess without breaking
RM dependencies it theoretically should be possible to update Internet
RM browsers, MUAs etc. only from time to time, for security reasons.
RM 
RM Is it possible to update just some Internet stuff?

yes, using some tools. Take a look at portmaster or portupgrade. Maybe
you should install portaudit too. It tells you for which ports security
flaws have been found.

To update a single port using portmaster you would run 
# portmaster www/firefox
for example.

Regards,

Jens

-- 
23. Hartung 2013, 13:02
Homepage : http://www.jan0sch.de

The student in question is performing minimally for his peer group and
is an emerging underachiever.


pgp8UwSjWD1xW.pgp
Description: PGP signature

Re: security updates

2008-08-15 Thread Manolis Kiagias 

jdd sur free wrote:

Hello :-)
I'm new to freeBSD, so forgive me if my question is boring :-(

I just discover than my computer hosting company allow the use of 
freeBSD 
(http://www.ovh.com/fr/particulier/items/distributions/free_bsd.xml?sort=bsdgm=pop) 
on they cheap (20€/month 
http://www.ovh.com/fr/particulier/produits/kimsufi08.xml) systems.


until now I used on my hosted computer my linux of choice, that is 
openSUSE, but on a cheap, that is with little power, server, openSUSE 
is overkill


so I plan to use freBSD soon.

However, as said, I don't now yet freeBSD. I have some sort of 
experience of openBSD, but only on old fashioned computer (SS1, 
SS20...) but I think there will not be major difference and I plan 
anyway to install freebsd on virtualbox first to test it.


I'm an old linux hacker and compiling is not really a problem, even if 
I feel better without :-)


so then, my question: what about security updates? with openSUSE I 
have an automatic update. For freeBSD, I didn't find anything on this 
archive list and the google search sent me to old doc (2003)


http://www.daemonology.net/freebsd-update/binup.html

where is freeBSD in this respect?

thanks
jdd



The FreeBSD base system gets security updates through freebsd-update, 
very easily:


freebsd-update fetch
freebsd-update update

(assuming you install a -RELEASE version)

For third party applications (what you install from ports or packages) 
you can use a variety of utilities to update / check them:


ports-mgmt/portaudit will warn you when an installed application has  a 
known security problem
ports-mgmt/portupgrade will allow you to upgrade any (or all) 
applications to their latest versions.


There are quite a few more programs that deal with application 
install/upgrade, I suggest you have a look at the ports-mgmt directory




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2008-08-15 Thread Amitabh Kant 
On Fri, Aug 15, 2008 at 12:39 PM, jdd sur free [EMAIL PROTECTED] wrote:
 Hello :-)
 so then, my question: what about security updates? with openSUSE I have an
 automatic update. For freeBSD, I didn't find anything on this archive list
 and the google search sent me to old doc (2003)

 http://www.daemonology.net/freebsd-update/binup.html

 where is freeBSD in this respect?

 thanks
 jdd



freebsd-update is now included in the base system itself, so you can
use it without any problems for all updates. You can still compile the
updates though.

Amitabh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2008-08-15 Thread Norberto Meijome 
On Fri, 15 Aug 2008 09:09:01 +0200
jdd sur free [EMAIL PROTECTED] wrote:

 Hello :-)
 I'm new to freeBSD, so forgive me if my question is boring :-(
[...]

Welcome jjd!
 
 so then, my question: what about security updates? with openSUSE I 
 have an automatic update. For freeBSD, I didn't find anything on this 
 archive list and the google search sent me to old doc (2003)
 
 http://www.daemonology.net/freebsd-update/binup.html
 

Kernel + Base :
If you use the GENERIC kernel, freebsd-update will work great. It is part of 
the 7.x series, man freebsd-update :)

in pre-7 versions, i think you could install it from ports.

If you are past GENERIC, then you should read 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html 

Ports : 
you should read 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html
and
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/portsnap.html

Good luck,
b
_
{Beto|Norberto|Numard} Meijome

If you don't have the time to do it right, where are you going to find the time 
to do it over?

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2008-08-15 Thread jdd 

Manolis Kiagias a écrit :

The FreeBSD base system gets security updates through freebsd-update, 
very easily:


freebsd-update fetch
freebsd-update update

(assuming you install a -RELEASE version)


of course, for such use I will take the or stable version :-)

I was sure it was easy :-)

thanks
jdd


--
http://www.dodin.net
http://valerie.dodin.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2008-08-15 Thread Josh Carroll 
 of course, for such use I will take the or stable version :-)

 I was sure it was easy :-)

 thanks
 jdd

Just to clarify, X-STABLE does not indicate end-user stability. It
indicates the ABI is (generally) stable (ABI-compatibility is
maintained within a branch). There are exceptions, but this generally
holds true. That said, -RELEASE is a better idea for a production
system, unless you have some dire need for a feature/enhancement in
-STABLE.

You can read more about the FreeBSD release engineering process here:

http://www.freebsd.org/doc/en_US.ISO8859-1/articles/releng/index.html

Regards,
Josh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: security updates

2005-02-09 Thread Sander Holthaus - Orange XL 
 I got this message today from cron, apparently my security 
 update failed.
 
 Any Idea how to resolve this. I am also get a similar message 
 on a 5.3 box.
 
 
 Fetching updates signature...
 fetch: http://update.daemonology.net/i386/4.9/updates.sig: 
 Not FoundError fetching updates
 
 
 Jeff Maxwell
 POS Department Manager
 Uni-Marts, LLC
 Voice   570-829-0888 Ext. 421
 Fax 570-829-4390

From their main site (http://update.daemonology.net/):

Due to hardware failures, update.daemonology.net is currently
unavailable. FreeBSD Update will be back online sometime soon 

Kind Regards,
Sander Holthaus

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2005-02-09 Thread Erik Norgaard 
Jeff Maxwell wrote:
I got this message today from cron, apparently my security update failed.
Any Idea how to resolve this. I am also get a similar message on a 5.3 box.
Fetching updates signature...
fetch: http://update.daemonology.net/i386/4.9/updates.sig: Not 
FoundError fetching updates
It appears that you are running a custom update script, would help if 
you published it. And try run it by hand, it should be located in 
/etc/periodic/security or similar. Then send whatever debug info you can 
deduce from the output.

Cheers, Erik
--
Ph: +34.666334818   web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2005-02-09 Thread Kevin Kinsey 
Jeff Maxwell wrote:
I got this message today from cron, apparently my security update failed.
Any Idea how to resolve this. I am also get a similar message on a 5.3 
box.

Fetching updates signature...
fetch: http://update.daemonology.net/i386/4.9/updates.sig: Not 
FoundError fetching updates

Jeff Maxwell

Looks like Colin is having some troubles with his servers or hosting 
company:

%lynx www.daemonology.net
Due to hardware failures, daemonology.net is currently unavailable. 
Portsnap users: Assuming the dns
  magic works, portsnap should start operating correctly soon. FreeBSD 
Update users: I need to upload
  a bunch of files to the location where I'm temporarily hosting the 
update.daemonology.net domain --
  this should be done on Wednesday or Thursday. Everybody else looking 
for content here: I'm currently
  looking for a new permanent home for this site... recommendations for 
*low cost* dedicated servers
  (or even better, a donated server) are welcome. Contact me at my 
freebsd.org address --
  daemonology.net email is currently broken.

Kevin Kinsey
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2005-02-09 Thread Anthony Atkielski 
What are security updates?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2005-02-09 Thread Anthony Atkielski 
Hexren writes:

 How does it sound ;)

 If a bug that affects security is found, an update to fix is
 produced. In my definition this counts as security update.

Fine.  So what's the connection to cron?

-- 
Anthony


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: security updates

2005-02-09 Thread Jeff Maxwell 
I run freebsd-update as a cron job to check for security updates daily.
At 07:16 PM 2/9/05 +0100, you wrote:
Hexren writes:
 How does it sound ;)

 If a bug that affects security is found, an update to fix is
 produced. In my definition this counts as security update.
Fine.  So what's the connection to cron?
--
Anthony
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Jeff Maxwell
POS Department Manager
Uni-Marts, LLC
Voice   570-829-0888 Ext. 421
Fax 570-829-4390
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Security Updates and Patching Two Choices?

2004-03-30 Thread Chuck Swiger 
Giorgos Keramidas wrote:
On 2004-03-29 15:07, Charles Swiger [EMAIL PROTECTED] wrote:
On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote:
[ ... ]
If a tag just the 4_9 Release in the CVSupfile can i just ignore the
mergemaster? also can I just CVSup the sources and build the ones I
want? (see above)
Generally one can ignore doing the mergemaster simply for a security
patch.
Unless, of course, the security patch fixes problems in /etc files that
mergemaster *must* update.  It's not very difficult to run mergemaster.
I wouldn't recomment avoiding it altogether.   [ ... ]
Oh, I agree with you: I think mergemaster is a useful tool, and I don't think 
it's very difficult to use.

Reasonable people disagree, however.  In particular, people who aren't 
familiar with diff generally find mergemaster to be incomprehensible.  :-)

--
-Chuck
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Security Updates and Patching Two Choices?

2004-03-30 Thread Joshua Lokken 
* Chuck Swiger [EMAIL PROTECTED] [2004-03-30 11:14]:
 Giorgos Keramidas wrote:
 On 2004-03-29 15:07, Charles Swiger [EMAIL PROTECTED] wrote:
 On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote:
 [ ... ]
 If a tag just the 4_9 Release in the CVSupfile can i just ignore the
 mergemaster? also can I just CVSup the sources and build the ones I
 want? (see above)
 
 Generally one can ignore doing the mergemaster simply for a security
 patch.
 
 Unless, of course, the security patch fixes problems in /etc files that
 mergemaster *must* update.  It's not very difficult to run mergemaster.
 I wouldn't recomment avoiding it altogether.   [ ... ]
 
 Oh, I agree with you: I think mergemaster is a useful tool, and I don't 
 think it's very difficult to use.
 
 Reasonable people disagree, however.  In particular, people who aren't 
 familiar with diff generally find mergemaster to be incomprehensible.  :-)
 

From a [relative] newbie; it's only incomprehensible the first time or
two. 

-- 
Joshua

A woman should have compassion.
-- Kirk, Catspaw, stardate 3018.2
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Security Updates and Patching Two Choices?

2004-03-29 Thread Chris 
On Monday 29 March 2004 01:28 pm, Sean Murphy wrote:
 I would like to stay patched with the latest security advisories.
 However usually I wait until the next release iso becomes available and
 do a fresh install that includes all the known exploites.  My reason
 behind this is the makeworld, CVSup, and mergemaster is very time
 consuming/complicated.  Mergemaster especially when I'm merging /etc
 files that I have no clue what they do.  I also don't want all
 sources compiled on my system.  I like a minimized OS.  I don't want to
 build all sources when I just need these on my system (bin, man, and
 crypto).  The same selection I use from a new install from
 /stand/sysinstall.  Is that possible?

Then perhaps freebsd-update is for you? (/usr/ports/security/freebsd-update)
From the file pkg-descr:

more pkg-descr 
This is the client half of the FreeBSD Update system; it fetches and
applies binary security updates.

WWW: http://www.daemonology.net/freebsd-update/

-- 
Best regards,
Chris
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Security Updates and Patching Two Choices?

2004-03-29 Thread Charles Swiger 
On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote:
I don't want to build all sources when I just need these on my 
system (bin, man, and crypto).  The same selection I use from a new 
install from /stand/sysinstall.  Is that possible?
If you look at /etc/default/make.conf for a bunch of components 
starting with NO_, you can set those to get something close to what 
you've asked for.

It seem the makeworld process is the only way to keep the system 
patched.
Someone (Colin Percival?) has a binary updating system available for 
FreeBSD which might be easier for you to use.

If a tag just the 4_9 Release in the CVSupfile can i just ignore the 
mergemaster? also can I just CVSup the sources and build the ones I 
want? (see above)
Generally one can ignore doing the mergemaster simply for a security 
patch.

Yes, you can use CVSup to update your local sources with the fix 
instead of applying a patch by hand.  Using a tag of RELENG_4 (aka 
STABLE) or RELENG_4_9 (aka security branch of 4.9) should be what you 
want.

--
-Chuck
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Security Updates and Patching Two Choices?

2004-03-29 Thread Giorgos Keramidas 
On 2004-03-29 15:07, Charles Swiger [EMAIL PROTECTED] wrote:
On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote:
I don't want to build all sources when I just need these on my
system (bin, man, and crypto).  The same selection I use from a new
install from /stand/sysinstall.  Is that possible?

 If you look at /etc/default/make.conf for a bunch of components
 starting with NO_, you can set those to get something close to what
 you've asked for.

Good idea :-)

 If a tag just the 4_9 Release in the CVSupfile can i just ignore the
 mergemaster? also can I just CVSup the sources and build the ones I
 want? (see above)

 Generally one can ignore doing the mergemaster simply for a security
 patch.

Unless, of course, the security patch fixes problems in /etc files that
mergemaster *must* update.  It's not very difficult to run mergemaster.
I wouldn't recomment avoiding it altogether.  Instead, I'd probably
recommend one of two things, or both at the same time:

a. Read the available documentation about /etc files.  You don't
have to learn all the (admittedly, mostly boring) details about every
single file there is.  Just skim through the manpages to get a general
idea of what purpose each file serves.

b. Install (almost blindly) all the files that mergemaster wants
to update, unless you are absolutely certain you have made manually
some changes to the installed version.

c. Merging the files which contain local changes is easy enough,
as long as you spend a few moments to read the sdiff(1) manpage.  This
is the tool mergemaster uses to merge the files it updates.

Please, do not skip running mergemaster :-)

- Giorgos

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]