Bart Silverstrim wrote:
> On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote:
> >Is there any utility in FreeBSD 4.9 to check for possible updates/bug 
> >fixes
> >via internet?
> >
> I *think* have have kind of a handle on this on the server I just 
> installed...
> I usually do a cvsup to update the list of the ports tree, then use a 
> procedure I picked out of 
> to update applications with portupgrade.
> If anyone else has a method other than this, I'd love to know the 
> procedure :-)

For third party applications, portupgrade should be the tool of

> This only updates ports.  Updating FreeBSD, I don't know of anything 
> other than if you find a security advisory, you have to have the src 
> tree and patch that portion and recompile whatever had the 
> vulnerability, following the advisory instructions.  I'm thinking that 
> since most daemons/applications are from ports, keeping your ports tree 
> updated should limit most remote exploits...I would be interested in 
> knowing of a way to check whether the installation of the OS is up to 
> date, though.

This is what the so-called security branches are good for: Just CVSup
your source tree, do a full buildworld cycle, and you should be fine.

Valid security branches (for use in your supfile) are for example RELENG_4_9
or RELENG_5_2.

If you prefer binary updates, there is a special port
(security/freebsd-update), but it will only work on an unaltered
installation (i.e. you did not do any buildworlds), and of course, you
can run the freebsd-update port incrementally.

However, once you use a source based update method, the port will not work
any longer, since your installation will consist of custom binaries that do
not match the recorded checksums.


Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to