Re: update info on ports
On 30 Jul Mikhail Goriachev wrote: > dick hoogendijk wrote: > > So now I wonder, what is the difference of port apache-2.2.2 and the > > latest one "apache-2.2.2_1" > > Others already mentioned you about the vulnerability found in v2.2.2. > As an addition, you might want to consider installing this: > http://www.freebsd.org/cgi/url.cgi?ports/security/portaudit/pkg-descr > It'll check and report on a daily basis any vulnerabilities found in > your currently installed ports. Thank you for the replies. They were to be learned from ;-) I'll install portaudit and check the cvs and freshports more often. -- dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 6.1 ++ The Power to Serve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: update info on ports
dick hoogendijk wrote: > Normally I upgrade my ports if I see new versions. > But now I have a question: I saw a new apache22 version (apache-2.2.2_1) > but on the apache site I could not find anything related to security bugs > or whatever. I *did* find a version 2.2.3 though (not yet in ports!) > > So now I wonder, what is the difference of port apache-2.2.2 and the > latest one "apache-2.2.2_1" > Imho it should be nice to have some kind of info file in the port telling > the reasons to upgrade. Does anyone know? > Or should I just wait for apache-2.2.3 (can't be that long). > Others already mentioned you about the vulnerability found in v2.2.2. As an addition, you might want to consider installing this: http://www.freebsd.org/cgi/url.cgi?ports/security/portaudit/pkg-descr It'll check and report on a daily basis any vulnerabilities found in your currently installed ports. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: update info on ports
dick hoogendijk wrote: > Normally I upgrade my ports if I see new versions. > But now I have a question: I saw a new apache22 version (apache-2.2.2_1) > but on the apache site I could not find anything related to security bugs > or whatever. I *did* find a version 2.2.3 though (not yet in ports!) > > So now I wonder, what is the difference of port apache-2.2.2 and the > latest one "apache-2.2.2_1" > Imho it should be nice to have some kind of info file in the port telling > the reasons to upgrade. Does anyone know? > Or should I just wait for apache-2.2.3 (can't be that long). > You should check out freshports.org Fix security issue in mod_rewrite. All people using mod_rewrite are strongly encouraged to update. An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team Updates to latest versions will follow soon. In addition to show changelogs for the ports, freshports also lets you "watch" one or more ports and be pinged whenever there's a new version. You should also install portaudit. This will give a list of installed ports on your system with known security issues. Also, if installed, it will will warn you if you try to install a port with such issues, and prompt you to update your ports tree. Svein Halvor signature.asc Description: OpenPGP digital signature
Re: update info on ports
dick hoogendijk wrote: Normally I upgrade my ports if I see new versions. But now I have a question: I saw a new apache22 version (apache-2.2.2_1) but on the apache site I could not find anything related to security bugs or whatever. I *did* find a version 2.2.3 though (not yet in ports!) So now I wonder, what is the difference of port apache-2.2.2 and the latest one "apache-2.2.2_1" Imho it should be nice to have some kind of info file in the port telling the reasons to upgrade. Does anyone know? Or should I just wait for apache-2.2.3 (can't be that long). You can check the cvs commit logs, to determine what has changed: http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache22/Makefile As you can see, the mod_rewrite vulnerability is already fixed in 2.2.2_1, but it's still 2.2.2. -- Cheers, Gabor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
update info on ports
Normally I upgrade my ports if I see new versions. But now I have a question: I saw a new apache22 version (apache-2.2.2_1) but on the apache site I could not find anything related to security bugs or whatever. I *did* find a version 2.2.3 though (not yet in ports!) So now I wonder, what is the difference of port apache-2.2.2 and the latest one "apache-2.2.2_1" Imho it should be nice to have some kind of info file in the port telling the reasons to upgrade. Does anyone know? Or should I just wait for apache-2.2.3 (can't be that long). -- dick -- http://nagual.nl/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 6.1 +++ The Power to Serve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
