View Single Post
  #1   (View Single Post)  
Old 1st May 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Upgrading ports/packages

After spending most of the last years with OpenBSD I am building new FreeBSD 9.1 webserver now..
I am using a FreeBSD box at home to compile the ports into packages.

I have set the PACKAGES environment variable
Code:
#  env | grep pack
PACKAGES=/home/packages
This way a # make config-recursive and # make package-recursive results in nice package hierarchy:
Code:
#  ls -l /home/packages | head -5
total 104
drwxr-xr-x  2 root  wheel  3072 May  1 08:33 All
drwxr-xr-x  2 root  wheel  2560 May  1 08:33 Latest
drwxr-xr-x  2 root  wheel   512 Apr 28 00:57 archivers
drwxr-xr-x  2 root  wheel   512 Apr 30 21:36 converters
I have about 100 packages built:
Code:
# ls /home/packages/All | wc -l
      98
With rsync these packages are copied to /home/packages on the webserver. That way I can install them with # pkg_add.

portaudit now tells me two ports have security issues:

Code:
# portaudit
Affected package: joomla-2.5.6
Type of problem: Joomla  -- XXS and DDoS vulnerabilities.
Reference: http://portaudit.FreeBSD.org/57df803e-af34-11e2-8d62-6cf0490a8c18.html

Affected package: phpMyAdmin-3.5.7
Type of problem: phpMyAdmin -- Multiple security vulnerabilities.
Reference: http://portaudit.FreeBSD.org/8c8fa44d-ad15-11e2-8cea-6805ca0b3d42.html

Affected package: phpMyAdmin-3.5.7
Type of problem: phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page.
Reference: http://portaudit.FreeBSD.org/7280c3f6-a99a-11e2-8cef-6805ca0b3d42.html

3 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
I have not rsynced nor installed these packages on the webserver yet.

On April 7 I did a portsnap(8) to get the ports tree on the package building box.

What would be be the best way to upgrade these ports on my package building box without going through the ports/packages equivalent of the Windows 2.x or 3.x DLL upgrade hell ?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote