Re: Security updates
Hi, On Wed, 23 Jan 2013 12:42:00 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: RM Because compiling does take very long, I will not update the whole RM ports tree that often, I alos like to keep software versions that RM fit to my needs when ever possible, but I guess without breaking RM dependencies it theoretically should be possible to update Internet RM browsers, MUAs etc. only from time to time, for security reasons. RM RM Is it possible to update just some Internet stuff? yes, using some tools. Take a look at portmaster or portupgrade. Maybe you should install portaudit too. It tells you for which ports security flaws have been found. To update a single port using portmaster you would run # portmaster www/firefox for example. Regards, Jens -- 23. Hartung 2013, 13:02 Homepage : http://www.jan0sch.de The student in question is performing minimally for his peer group and is an emerging underachiever. pgp8UwSjWD1xW.pgp Description: PGP signature
Re: security updates
jdd sur free wrote: Hello :-) I'm new to freeBSD, so forgive me if my question is boring :-( I just discover than my computer hosting company allow the use of freeBSD (http://www.ovh.com/fr/particulier/items/distributions/free_bsd.xml?sort=bsdgm=pop) on they cheap (20€/month http://www.ovh.com/fr/particulier/produits/kimsufi08.xml) systems. until now I used on my hosted computer my linux of choice, that is openSUSE, but on a cheap, that is with little power, server, openSUSE is overkill so I plan to use freBSD soon. However, as said, I don't now yet freeBSD. I have some sort of experience of openBSD, but only on old fashioned computer (SS1, SS20...) but I think there will not be major difference and I plan anyway to install freebsd on virtualbox first to test it. I'm an old linux hacker and compiling is not really a problem, even if I feel better without :-) so then, my question: what about security updates? with openSUSE I have an automatic update. For freeBSD, I didn't find anything on this archive list and the google search sent me to old doc (2003) http://www.daemonology.net/freebsd-update/binup.html where is freeBSD in this respect? thanks jdd The FreeBSD base system gets security updates through freebsd-update, very easily: freebsd-update fetch freebsd-update update (assuming you install a -RELEASE version) For third party applications (what you install from ports or packages) you can use a variety of utilities to update / check them: ports-mgmt/portaudit will warn you when an installed application has a known security problem ports-mgmt/portupgrade will allow you to upgrade any (or all) applications to their latest versions. There are quite a few more programs that deal with application install/upgrade, I suggest you have a look at the ports-mgmt directory ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
On Fri, Aug 15, 2008 at 12:39 PM, jdd sur free [EMAIL PROTECTED] wrote: Hello :-) so then, my question: what about security updates? with openSUSE I have an automatic update. For freeBSD, I didn't find anything on this archive list and the google search sent me to old doc (2003) http://www.daemonology.net/freebsd-update/binup.html where is freeBSD in this respect? thanks jdd freebsd-update is now included in the base system itself, so you can use it without any problems for all updates. You can still compile the updates though. Amitabh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
On Fri, 15 Aug 2008 09:09:01 +0200 jdd sur free [EMAIL PROTECTED] wrote: Hello :-) I'm new to freeBSD, so forgive me if my question is boring :-( [...] Welcome jjd! so then, my question: what about security updates? with openSUSE I have an automatic update. For freeBSD, I didn't find anything on this archive list and the google search sent me to old doc (2003) http://www.daemonology.net/freebsd-update/binup.html Kernel + Base : If you use the GENERIC kernel, freebsd-update will work great. It is part of the 7.x series, man freebsd-update :) in pre-7 versions, i think you could install it from ports. If you are past GENERIC, then you should read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html Ports : you should read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/portsnap.html Good luck, b _ {Beto|Norberto|Numard} Meijome If you don't have the time to do it right, where are you going to find the time to do it over? I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
Manolis Kiagias a écrit : The FreeBSD base system gets security updates through freebsd-update, very easily: freebsd-update fetch freebsd-update update (assuming you install a -RELEASE version) of course, for such use I will take the or stable version :-) I was sure it was easy :-) thanks jdd -- http://www.dodin.net http://valerie.dodin.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
of course, for such use I will take the or stable version :-) I was sure it was easy :-) thanks jdd Just to clarify, X-STABLE does not indicate end-user stability. It indicates the ABI is (generally) stable (ABI-compatibility is maintained within a branch). There are exceptions, but this generally holds true. That said, -RELEASE is a better idea for a production system, unless you have some dire need for a feature/enhancement in -STABLE. You can read more about the FreeBSD release engineering process here: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/releng/index.html Regards, Josh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: security updates
I got this message today from cron, apparently my security update failed. Any Idea how to resolve this. I am also get a similar message on a 5.3 box. Fetching updates signature... fetch: http://update.daemonology.net/i386/4.9/updates.sig: Not FoundError fetching updates Jeff Maxwell POS Department Manager Uni-Marts, LLC Voice 570-829-0888 Ext. 421 Fax 570-829-4390 From their main site (http://update.daemonology.net/): Due to hardware failures, update.daemonology.net is currently unavailable. FreeBSD Update will be back online sometime soon Kind Regards, Sander Holthaus ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
Jeff Maxwell wrote: I got this message today from cron, apparently my security update failed. Any Idea how to resolve this. I am also get a similar message on a 5.3 box. Fetching updates signature... fetch: http://update.daemonology.net/i386/4.9/updates.sig: Not FoundError fetching updates It appears that you are running a custom update script, would help if you published it. And try run it by hand, it should be located in /etc/periodic/security or similar. Then send whatever debug info you can deduce from the output. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
Jeff Maxwell wrote: I got this message today from cron, apparently my security update failed. Any Idea how to resolve this. I am also get a similar message on a 5.3 box. Fetching updates signature... fetch: http://update.daemonology.net/i386/4.9/updates.sig: Not FoundError fetching updates Jeff Maxwell Looks like Colin is having some troubles with his servers or hosting company: %lynx www.daemonology.net Due to hardware failures, daemonology.net is currently unavailable. Portsnap users: Assuming the dns magic works, portsnap should start operating correctly soon. FreeBSD Update users: I need to upload a bunch of files to the location where I'm temporarily hosting the update.daemonology.net domain -- this should be done on Wednesday or Thursday. Everybody else looking for content here: I'm currently looking for a new permanent home for this site... recommendations for *low cost* dedicated servers (or even better, a donated server) are welcome. Contact me at my freebsd.org address -- daemonology.net email is currently broken. Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
What are security updates? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
Hexren writes: How does it sound ;) If a bug that affects security is found, an update to fix is produced. In my definition this counts as security update. Fine. So what's the connection to cron? -- Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: security updates
I run freebsd-update as a cron job to check for security updates daily. At 07:16 PM 2/9/05 +0100, you wrote: Hexren writes: How does it sound ;) If a bug that affects security is found, an update to fix is produced. In my definition this counts as security update. Fine. So what's the connection to cron? -- Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Jeff Maxwell POS Department Manager Uni-Marts, LLC Voice 570-829-0888 Ext. 421 Fax 570-829-4390 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security Updates and Patching Two Choices?
Giorgos Keramidas wrote: On 2004-03-29 15:07, Charles Swiger [EMAIL PROTECTED] wrote: On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote: [ ... ] If a tag just the 4_9 Release in the CVSupfile can i just ignore the mergemaster? also can I just CVSup the sources and build the ones I want? (see above) Generally one can ignore doing the mergemaster simply for a security patch. Unless, of course, the security patch fixes problems in /etc files that mergemaster *must* update. It's not very difficult to run mergemaster. I wouldn't recomment avoiding it altogether. [ ... ] Oh, I agree with you: I think mergemaster is a useful tool, and I don't think it's very difficult to use. Reasonable people disagree, however. In particular, people who aren't familiar with diff generally find mergemaster to be incomprehensible. :-) -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security Updates and Patching Two Choices?
* Chuck Swiger [EMAIL PROTECTED] [2004-03-30 11:14]: Giorgos Keramidas wrote: On 2004-03-29 15:07, Charles Swiger [EMAIL PROTECTED] wrote: On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote: [ ... ] If a tag just the 4_9 Release in the CVSupfile can i just ignore the mergemaster? also can I just CVSup the sources and build the ones I want? (see above) Generally one can ignore doing the mergemaster simply for a security patch. Unless, of course, the security patch fixes problems in /etc files that mergemaster *must* update. It's not very difficult to run mergemaster. I wouldn't recomment avoiding it altogether. [ ... ] Oh, I agree with you: I think mergemaster is a useful tool, and I don't think it's very difficult to use. Reasonable people disagree, however. In particular, people who aren't familiar with diff generally find mergemaster to be incomprehensible. :-) From a [relative] newbie; it's only incomprehensible the first time or two. -- Joshua A woman should have compassion. -- Kirk, Catspaw, stardate 3018.2 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security Updates and Patching Two Choices?
On Monday 29 March 2004 01:28 pm, Sean Murphy wrote: I would like to stay patched with the latest security advisories. However usually I wait until the next release iso becomes available and do a fresh install that includes all the known exploites. My reason behind this is the makeworld, CVSup, and mergemaster is very time consuming/complicated. Mergemaster especially when I'm merging /etc files that I have no clue what they do. I also don't want all sources compiled on my system. I like a minimized OS. I don't want to build all sources when I just need these on my system (bin, man, and crypto). The same selection I use from a new install from /stand/sysinstall. Is that possible? Then perhaps freebsd-update is for you? (/usr/ports/security/freebsd-update) From the file pkg-descr: more pkg-descr This is the client half of the FreeBSD Update system; it fetches and applies binary security updates. WWW: http://www.daemonology.net/freebsd-update/ -- Best regards, Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security Updates and Patching Two Choices?
On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote: I don't want to build all sources when I just need these on my system (bin, man, and crypto). The same selection I use from a new install from /stand/sysinstall. Is that possible? If you look at /etc/default/make.conf for a bunch of components starting with NO_, you can set those to get something close to what you've asked for. It seem the makeworld process is the only way to keep the system patched. Someone (Colin Percival?) has a binary updating system available for FreeBSD which might be easier for you to use. If a tag just the 4_9 Release in the CVSupfile can i just ignore the mergemaster? also can I just CVSup the sources and build the ones I want? (see above) Generally one can ignore doing the mergemaster simply for a security patch. Yes, you can use CVSup to update your local sources with the fix instead of applying a patch by hand. Using a tag of RELENG_4 (aka STABLE) or RELENG_4_9 (aka security branch of 4.9) should be what you want. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security Updates and Patching Two Choices?
On 2004-03-29 15:07, Charles Swiger [EMAIL PROTECTED] wrote: On Mar 29, 2004, at 2:28 PM, Sean Murphy wrote: I don't want to build all sources when I just need these on my system (bin, man, and crypto). The same selection I use from a new install from /stand/sysinstall. Is that possible? If you look at /etc/default/make.conf for a bunch of components starting with NO_, you can set those to get something close to what you've asked for. Good idea :-) If a tag just the 4_9 Release in the CVSupfile can i just ignore the mergemaster? also can I just CVSup the sources and build the ones I want? (see above) Generally one can ignore doing the mergemaster simply for a security patch. Unless, of course, the security patch fixes problems in /etc files that mergemaster *must* update. It's not very difficult to run mergemaster. I wouldn't recomment avoiding it altogether. Instead, I'd probably recommend one of two things, or both at the same time: a. Read the available documentation about /etc files. You don't have to learn all the (admittedly, mostly boring) details about every single file there is. Just skim through the manpages to get a general idea of what purpose each file serves. b. Install (almost blindly) all the files that mergemaster wants to update, unless you are absolutely certain you have made manually some changes to the installed version. c. Merging the files which contain local changes is easy enough, as long as you spend a few moments to read the sdiff(1) manpage. This is the tool mergemaster uses to merge the files it updates. Please, do not skip running mergemaster :-) - Giorgos ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]