Am 20.11.2012 13:47, schrieb John Bayly:
On 20/11/12 12:15, Gary Palmer wrote:
On Tue, Nov 20, 2012 at 10:49:13AM +0000, John Bayly wrote:
Regarding the 2012 compromise, I'm a little confused as to what was and
wasn't affected:
>From the release:
or of any ports compiled from trees obtained via any means other than
through svn.freebsd.org or one of its mirrors
Does that mean that any ports updated using the standard "portsnap
fetch" may have been affected, I'm guessing yes.
" We have also verified that the most recently-available portsnap(8) snapshot
matches the ports Subversion repository, and so can be fully trusted."
I suppose that implies that the previous portsnap snapshots couldn't be
[completely] trusted. Basically I wanted to know whether I had to go
through all the ports I've updated from the snapshots within the given
time frame and to a portupgrade --force on them. In the end I decided
yes (luckily it's only on a single box)[email protected]"
So what ist the way to get a 'secure' portscollection?
first update with 'portsnap -f /etc/portsnap.conf fetch update '
and then 'portupgrade -caDf'
--
Dipl.Ing.Bader Richard GmbH, Helferichstrasse 32, 80999 Muenchen
Tel.: +49 89 892205 31
Fax.: +49 89 892205 33
http://www.bader-muenchen.de
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
