Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:07.xfree86

From: Kris Kennaway (kris@obsecurity.org)
Date: 02/02/01 

Date: Thu, 1 Feb 2001 15:48:47 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: John Baldwin <jhb@FreeBSD.org>

On Thu, Feb 01, 2001 at 01:52:11PM -0800, John Baldwin wrote:
>
> On 01-Feb-01 Kris Kennaway wrote:
> > On Thu, Feb 01, 2001 at 12:57:26PM -0700, Paul Andrews wrote:
> >> Does this issue affect only those that installed the XFree86 3.3.6 port or
> >> does it also affect those who have installed FreeBSD 4.2 RELEASE.
> >>
> >> If it does affect the RELEASE version what is the easiest why to fix this
> >> problem, without upgrading to XFree86 4.01.
> >
> > My understanding is that the XFree86 distribution is built from
> > whatever is in ports at the time of release. In fact, doesn't
> > sysinstall just install the port thesedays anyway?
> >
> > ls -l /var/db/pkg/XFree86*
> >
> > Kris
>
> No, it builds the distribution from ports, and then engages in evilness to
> package up the bits in tarballs that mimic the normal XFree distributions.

OK, and the reason we can't just leave it a port is because of General
Sysinstall Evilness<tm>?

kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Question about PORTUPDATE
    ... I have installed FREEBSD 5.3 some days ago, and while i was reading the ... scaned my ports with portaudit and got 11 results,for various packages. ... i Was waiting and waiting and waiting,but in vain.after 1 hour,nothing. ...
    (freebsd-questions)
  • Re: ports security branch
    ... I installed FreeBSD 6.0 together with all needed -RELEASE ports/packages ... Running security/portaudit after a while reveals that some of the installed packages have vulnerabilities. ... Debian GNU/Linux has its security package updates, OpenBSD has a separately maintained "errata" ports branch. ... Attached is a script I use to update my machines. ...
    (freebsd-stable)
  • Re: CVSup on current branch questions.
    ... > I just installed FreeBSD 5.2.1 and I'm a little confused about the branches. ... > stable version of 5.2.1 source as well as the ports. ... I've tried to CVSup the ports using the sample ... since support on the RELENG_5_2 branch will be dropped fairly shortly ...
    (freebsd-questions)
  • Oh, Jesus ... [WAS: Re: Patching and Updating]
    ... > Frankly I haven't even installed FreeBSD yet but it sounds like I ... every attempt to compile from source tells me that 'the compiler ... This is even happening in ports now, ... only designed to upgrade security aspects of the OS. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: FreeBSD 5.0 Ports collection?
    ... Is there a way to have all the source code for the ports ... But while the first suggestion will get all the dist files, ... restricted distribution preventing the from being distributed on CD ... Bill Vermillion - bv @ wjv. ...
    (comp.unix.bsd.freebsd.misc)