Re: Ports security updates in 5.1 or 5.2

2012-09-18 Thread Yusof Khalid - FreeBSD / OpenBSD 
Hi,

You can export PKG_PATH in your  .profile if you want.
 On 18 Sep 2012 01:59, "Alessandro Baggi" 
wrote:

> Hi list,
> sorry for late, but you are talking about update, and I've a question
> about this.
>
> I'm installing software precompiled using pkg_add -r
>
ftp://ftp.openbsd.org/../**openvpn-version.tgz
>
> How to see if there are update/security fix for openvpn?
>
> From "Ports" ml?
>
> Thanks in advance.
>
>
>
> On 09/01/2012 07:26 AM, Tomas Bodzar wrote:
>
>> On Fri, Aug 31, 2012 at 6:06 PM, Sébastien Marie
>>   wrote:
>>
>>> On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson wrote:
>>>
 On 2012-08-30, Sébastien
Marie>
  wrote:

> I not used all pervious ports, and some are used in "safe" usage (like
>
 using postgresql ports, but not for server). It just a question to
>> known what
>> follow, in order to keep updated...
>>
>>> really, in order to keep updated, following -current is a good policy.

>>> sure, updates in -current are more "fresh" ! but the investissement may
>>> be
>>>
>> important, as it is required to upgrade the system before add or upgrade
>> ports...
>>
>>> I think I will consider installing -current on an external disk, in
>>> order to
>>>
>> "see and learn" upgrade process (via snapshots) before definitively
>> switch to
>> -current on my laptop.
>>
>> You will find it very quick and easy:
>>
>> boot bsd.rd and choose (U)pgrade
>> reboot
>> sysmerge -s $ -x $
>> maybe reboot
>> check current.html for possible manual steps
>> pkg_add -ui
>>
>> It's possible to have modest machine to be completely updated in about
>> 10 minutes completely binary way.
>>
>>  Thanks Stuart.
>>> --
>>> Sebastien Marie

Re: Ports security updates in 5.1 or 5.2

2012-09-18 Thread Barry Grumbine 
On Tue, Sep 18, 2012 at 11:06 AM, Alessandro Baggi
 wrote:
> ah, sorry
> but when run pkg_add -a -u I must give also
> ftp://ftp.openbsd.org/pathamd64repo/... ?
>

http://www.openbsd.org/faq/faq15.html#Easy

and read about PKG_PATH in pkg_add(1)

 -u   Update the given installed pkgname(s), and anything it depends
  upon.  If no pkgname is given, pkg_add will update all installed
  packages.  This relies on PKG_PATH to figure out the new package
  names.

Re: Ports security updates in 5.1 or 5.2

2012-09-18 Thread Alessandro Baggi 

ah, sorry
but when run pkg_add -a -u I must give also 
ftp://ftp.openbsd.org/pathamd64repo/... ?




On 09/18/2012 07:56 PM, Alessandro Baggi wrote:

Hi Robert,
thanks for the tips.

If I give -u without parameters, it will update all system or only 
installed packages?


Another, it's useful read Ports ml for update and vulnerability?

Thanks in advance.


On 09/18/2012 02:16 AM, Robert Connolly wrote:
See 'man pkg_add'... the -a, -u, -n, and -i options might be of 
interest to you.


I use pkg_add -a -u


On Mon, Sep 17, 2012 at 10:56 AM, Alessandro Baggi 
mailto:alessandro.ba...@gmail.com>> wrote:


Hi list,
sorry for late, but you are talking about update, and I've a
question about this.

I'm installing software precompiled using pkg_add -r
ftp://ftp.openbsd.org/../openvpn-version.tgz

How to see if there are update/security fix for openvpn?

>From "Ports" ml?

Thanks in advance.



On 09/01/2012 07:26 AM, Tomas Bodzar wrote:

On Fri, Aug 31, 2012 at 6:06 PM, Sébastien Marie
mailto:semarie-open...@latrappe.fr>>  wrote:

On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson
wrote:

On 2012-08-30, Sébastien
Mariemailto:semarie-open...@latrappe.fr>>  wrote:

I not used all pervious ports, and some are used
in "safe" usage (like

using postgresql ports, but not for server). It just a
question to known what
follow, in order to keep updated...

really, in order to keep updated, following -current
is a good policy.

sure, updates in -current are more "fresh" ! but the
investissement may be

important, as it is required to upgrade the system before add
or upgrade
ports...

I think I will consider installing -current on an external
disk, in order to

"see and learn" upgrade process (via snapshots) before
definitively switch to
-current on my laptop.

You will find it very quick and easy:

boot bsd.rd and choose (U)pgrade
reboot
sysmerge -s $ -x $
maybe reboot
check current.html for possible manual steps
pkg_add -ui

It's possible to have modest machine to be completely updated
in about
10 minutes completely binary way.

Thanks Stuart.
--
Sebastien Marie

Re: Ports security updates in 5.1 or 5.2

2012-09-18 Thread Alessandro Baggi 

Hi Robert,
thanks for the tips.

If I give -u without parameters, it will update all system or only 
installed packages?


Another, it's useful read Ports ml for update and vulnerability?

Thanks in advance.


On 09/18/2012 02:16 AM, Robert Connolly wrote:
See 'man pkg_add'... the -a, -u, -n, and -i options might be of 
interest to you.


I use pkg_add -a -u


On Mon, Sep 17, 2012 at 10:56 AM, Alessandro Baggi 
mailto:alessandro.ba...@gmail.com>> wrote:


Hi list,
sorry for late, but you are talking about update, and I've a
question about this.

I'm installing software precompiled using pkg_add -r
ftp://ftp.openbsd.org/../openvpn-version.tgz

How to see if there are update/security fix for openvpn?

>From "Ports" ml?

Thanks in advance.



On 09/01/2012 07:26 AM, Tomas Bodzar wrote:

On Fri, Aug 31, 2012 at 6:06 PM, Sébastien Marie
mailto:semarie-open...@latrappe.fr>>  wrote:

On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson
wrote:

On 2012-08-30, Sébastien
Mariemailto:semarie-open...@latrappe.fr>>  wrote:

I not used all pervious ports, and some are used
in "safe" usage (like

using postgresql ports, but not for server). It just a
question to known what
follow, in order to keep updated...

really, in order to keep updated, following -current
is a good policy.

sure, updates in -current are more "fresh" ! but the
investissement may be

important, as it is required to upgrade the system before add
or upgrade
ports...

I think I will consider installing -current on an external
disk, in order to

"see and learn" upgrade process (via snapshots) before
definitively switch to
-current on my laptop.

You will find it very quick and easy:

boot bsd.rd and choose (U)pgrade
reboot
sysmerge -s $ -x $
maybe reboot
check current.html for possible manual steps
pkg_add -ui

It's possible to have modest machine to be completely updated
in about
10 minutes completely binary way.

Thanks Stuart.
--
Sebastien Marie

Re: Ports security updates in 5.1 or 5.2

2012-09-17 Thread Alessandro Baggi 

Hi list,
sorry for late, but you are talking about update, and I've a question 
about this.


I'm installing software precompiled using pkg_add -r 
ftp://ftp.openbsd.org/../openvpn-version.tgz


How to see if there are update/security fix for openvpn?

From "Ports" ml?

Thanks in advance.



On 09/01/2012 07:26 AM, Tomas Bodzar wrote:

On Fri, Aug 31, 2012 at 6:06 PM, Sébastien Marie
  wrote:

On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson wrote:

On 2012-08-30, Sébastien Marie  wrote:

I not used all pervious ports, and some are used in "safe" usage (like

using postgresql ports, but not for server). It just a question to known what
follow, in order to keep updated...

really, in order to keep updated, following -current is a good policy.

sure, updates in -current are more "fresh" ! but the investissement may be

important, as it is required to upgrade the system before add or upgrade
ports...

I think I will consider installing -current on an external disk, in order to

"see and learn" upgrade process (via snapshots) before definitively switch to
-current on my laptop.

You will find it very quick and easy:

boot bsd.rd and choose (U)pgrade
reboot
sysmerge -s $ -x $
maybe reboot
check current.html for possible manual steps
pkg_add -ui

It's possible to have modest machine to be completely updated in about
10 minutes completely binary way.


Thanks Stuart.
--
Sebastien Marie

Re: Ports security updates in 5.1 or 5.2

2012-08-31 Thread Tomas Bodzar 
On Fri, Aug 31, 2012 at 6:06 PM, Sébastien Marie
 wrote:
> On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson wrote:
>> On 2012-08-30, Sébastien Marie  wrote:
>> >
>> > I not used all pervious ports, and some are used in "safe" usage (like
using postgresql ports, but not for server). It just a question to known what
follow, in order to keep updated...
>>
>> really, in order to keep updated, following -current is a good policy.
>
> sure, updates in -current are more "fresh" ! but the investissement may be
important, as it is required to upgrade the system before add or upgrade
ports...
>
> I think I will consider installing -current on an external disk, in order to
"see and learn" upgrade process (via snapshots) before definitively switch to
-current on my laptop.

You will find it very quick and easy:

boot bsd.rd and choose (U)pgrade
reboot
sysmerge -s $ -x $
maybe reboot
check current.html for possible manual steps
pkg_add -ui

It's possible to have modest machine to be completely updated in about
10 minutes completely binary way.

>
> Thanks Stuart.
> --
> Sebastien Marie

Re: Ports security updates in 5.1 or 5.2

2012-08-31 Thread Sébastien Marie 
On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson wrote:
> On 2012-08-30, Sébastien Marie  wrote:
> >
> > I not used all pervious ports, and some are used in "safe" usage (like 
> > using postgresql ports, but not for server). It just a question to known 
> > what follow, in order to keep updated...
> 
> really, in order to keep updated, following -current is a good policy.

sure, updates in -current are more "fresh" ! but the investissement may be 
important, as it is required to upgrade the system before add or upgrade 
ports...

I think I will consider installing -current on an external disk, in order to 
"see and learn" upgrade process (via snapshots) before definitively switch to 
-current on my laptop.

Thanks Stuart.
-- 
Sebastien Marie

Re: Ports security updates in 5.1 or 5.2

2012-08-31 Thread Pierre-Emmanuel André 
On Thu, Aug 30, 2012 at 10:21:35AM +0200, Sébastien Marie wrote:
> On Wed, Aug 29, 2012 at 09:34:22PM +0200, Patrick Lamaiziere wrote:
> > Le Wed, 29 Aug 2012 09:59:46 +0200,
> > Sebastien Marie  a écrit :
> 
> Hello,
> 
> > 
> > > I currently follow STABLE branch for openbsd (and so, for ports too),
> > > which is OPENBSD_5_1.
> > > 
> > > But, I saw that the last security updates for ports go to OPENBSD_5_2
> > > and not to OPENBSD_5_1.
> > 
> > Any examples ? The probleme may not be present in 5.1.
> >
> 
> databases/postgresql
>   version 9.1.4 (in OPENBSD_5_1) is vulnerable to CVE-2012-3488 and 
> CVE-2012-3489
> CVE-2012-3488 : insecure use of xslt (xslt is in contrib, so need 
> activation)
> CVE-2012-3489 : insecure use of libxml2 (XXE possible)
> 
>   OPENBSD_5_2 has upgraded from 9.1.4 to 9.1.5

I have an update for this and I will commit it asap (lack of time..)

-- 
Pierre-Emmanuel André 
GPG key: 0x7AE329DC

Re: Ports security updates in 5.1 or 5.2

2012-08-30 Thread Stuart Henderson 
On 2012-08-30, Sébastien Marie  wrote:
>
> I not used all pervious ports, and some are used in "safe" usage (like using 
> postgresql ports, but not for server). It just a question to known what 
> follow, in order to keep updated...

really, in order to keep updated, following -current is a good policy.

some fixes will get backported to a -stable release, but relatively
little, and there will often be things "quietly" fixed by upstreams
which are more important than they might seem.

Re: Ports security updates in 5.1 or 5.2

2012-08-30 Thread LEVAI Daniel 
On cs, aug 30, 2012 at 10:21:35 +0200, Sébastien Marie wrote:
> On Wed, Aug 29, 2012 at 09:34:22PM +0200, Patrick Lamaiziere wrote:
> > Le Wed, 29 Aug 2012 09:59:46 +0200,
> > Sebastien Marie  a écrit :
> 
> Hello,
> 
> > 
> > > I currently follow STABLE branch for openbsd (and so, for ports too),
> > > which is OPENBSD_5_1.
> > > 
> > > But, I saw that the last security updates for ports go to OPENBSD_5_2
> > > and not to OPENBSD_5_1.
> > 
> > Any examples ? The probleme may not be present in 5.1.
[...]

I find freshbsd.org a little misleading, in that it won't list some
patches that were in reality tagged with OPENBSD_5_1 in CVS, even so the
OPENBSD_5_1 branch was selected as a search criteria on the site;
eg.: the php-5.3.13 patch for 5.1.

Just watch the ports-changes@ list and/or apply you're favourite filter
solution for the mails containing "Tag: OPENBSD".


Daniel

-- 
LÉVAI Dániel
PGP key ID = 0x83B63A8F
Key fingerprint = DBEC C66B A47A DFA2 792D  650C C69B BE4C 83B6 3A8F

Re: Ports security updates in 5.1 or 5.2

2012-08-30 Thread Sébastien Marie 
On Wed, Aug 29, 2012 at 09:34:22PM +0200, Patrick Lamaiziere wrote:
> Le Wed, 29 Aug 2012 09:59:46 +0200,
> Sebastien Marie  a écrit :

Hello,

> 
> > I currently follow STABLE branch for openbsd (and so, for ports too),
> > which is OPENBSD_5_1.
> > 
> > But, I saw that the last security updates for ports go to OPENBSD_5_2
> > and not to OPENBSD_5_1.
> 
> Any examples ? The probleme may not be present in 5.1.
>

databases/postgresql
  version 9.1.4 (in OPENBSD_5_1) is vulnerable to CVE-2012-3488 and 
CVE-2012-3489
CVE-2012-3488 : insecure use of xslt (xslt is in contrib, so need 
activation)
CVE-2012-3489 : insecure use of libxml2 (XXE possible)

  OPENBSD_5_2 has upgraded from 9.1.4 to 9.1.5

editors/emacs23
  same version in OPENBSD_5_1 (emacs-23.4) and OPENBSD_5_2 (emacs-23.4p2)
  vulnerable to CVE-2012-3479 (GNU Emacs "enable-local-variables" Variable 
Processing Vulnerability)

games/openttd
  same version in OPENBSD_5_1 (openttd-1.1.5) and OPENBSD_5_2 (openttd-1.1.5p1)
  vulnerable to CVE-2012-3436 (Denial of service (server) using ships on half 
tiles and landscaping)

net/tor
  same version in OPENBSD_5_1 (tor-0.2.2.37) and OPENBSD_5_2_BASE
  OPENBSD_5_2 upgrade to tor-0.2.2.38
  
  Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
  fixes a remotely triggerable crash bug; and fixes a timing attack that
  could in theory leak path information.

www/py-django
  OPENBSD_5_1 has version 1.3p3
  NIST reports version before 1.3.2 are vulnerable (for CVE-2012-3442 at least)

  CVE-2012-3442 CVE-2012-3443 CVE-2012-3444


Others ports that would need more investigation for determine if vulnerable or 
not in OPENBSD_5_1:
  graphics/GraphicsMagick CVE-2012-3438
  graphics/ImageMagick CVE-2012-3437
  mail/roundcubemail CVE-2012-3508


I not used all pervious ports, and some are used in "safe" usage (like using 
postgresql ports, but not for server). It just a question to known what follow, 
in order to keep updated...

Thanks.

-- 
Sebastien Marie

Re: Ports security updates in 5.1 or 5.2

2012-08-29 Thread Patrick Lamaiziere 
Le Wed, 29 Aug 2012 09:59:46 +0200,
Sebastien Marie  a écrit :

Hello,

> I currently follow STABLE branch for openbsd (and so, for ports too),
> which is OPENBSD_5_1.
> 
> But, I saw that the last security updates for ports go to OPENBSD_5_2
> and not to OPENBSD_5_1.

Any examples ? The probleme may not be present in 5.1.

> According to the FAQ
> (http://www.openbsd.org/faq/faq15.html#PortsSecurity), "only the
> current and last release are updated". But "the current release is
> OPENBSD_5_1" (see http://www.openbsd.org/).
> 
> Should I expect security updates will arrived somedays to
> OPENBSD_5_1 ? (but I doubt)

Yes you can expect it, see the commits on 5.1 ports:
http://www.freshbsd.org/search?project=openbsd-ports&branch=OPENBSD_5_1

Regards.

Ports security updates in 5.1 or 5.2

2012-08-29 Thread Sebastien Marie 
Hi,

I currently follow STABLE branch for openbsd (and so, for ports too), which is 
OPENBSD_5_1.

But, I saw that the last security updates for ports go to OPENBSD_5_2 and not 
to OPENBSD_5_1.

According to the FAQ (http://www.openbsd.org/faq/faq15.html#PortsSecurity), 
"only the current and last release are updated". But "the current release is 
OPENBSD_5_1" (see http://www.openbsd.org/).

Should I expect security updates will arrived somedays to OPENBSD_5_1 ? (but I 
doubt)
Should I switch to OPENBSD_5_2 (for base and ports) ? And if yes, should I 
fetch + build from source, like doing old-stable to stable update (and build 
from source all my ports) ?

Thanks.
-- 
Sebastien Marie