After spending most of the last years with OpenBSD I am building new FreeBSD 9.1 webserver now..
I am using a FreeBSD box at home to compile the ports into packages.
I have set the
PACKAGES environment variable
Code:
# env | grep pack
PACKAGES=/home/packages
This way a
# make config-recursive
and
# make package-recursive
results in nice package hierarchy:
Code:
# ls -l /home/packages | head -5
total 104
drwxr-xr-x 2 root wheel 3072 May 1 08:33 All
drwxr-xr-x 2 root wheel 2560 May 1 08:33 Latest
drwxr-xr-x 2 root wheel 512 Apr 28 00:57 archivers
drwxr-xr-x 2 root wheel 512 Apr 30 21:36 converters
I have about 100 packages built:
Code:
# ls /home/packages/All | wc -l
98
With
rsync these packages are copied to
/home/packages on the webserver. That way I can install them with
# pkg_add
.
portaudit now tells me two ports have security issues:
Code:
# portaudit
Affected package: joomla-2.5.6
Type of problem: Joomla -- XXS and DDoS vulnerabilities.
Reference: http://portaudit.FreeBSD.org/57df803e-af34-11e2-8d62-6cf0490a8c18.html
Affected package: phpMyAdmin-3.5.7
Type of problem: phpMyAdmin -- Multiple security vulnerabilities.
Reference: http://portaudit.FreeBSD.org/8c8fa44d-ad15-11e2-8cea-6805ca0b3d42.html
Affected package: phpMyAdmin-3.5.7
Type of problem: phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page.
Reference: http://portaudit.FreeBSD.org/7280c3f6-a99a-11e2-8cef-6805ca0b3d42.html
3 problem(s) in your installed packages found.
You are advised to update or deinstall the affected package(s) immediately.
I have not rsynced nor installed these packages on the webserver yet.
On April 7 I did a
portsnap(8) to get the ports tree on the package building box.
What would be be the best way to upgrade these ports on my package building box without going through the ports/packages equivalent of the Windows 2.x or 3.x DLL upgrade hell
?