Re: PHP 4.1.2

From: Christopher Schulte (schulte+freebsd@nospam.schulte.org)
Date: 03/12/02


Date: Tue, 12 Mar 2002 16:34:50 -0600
To: batz <batsy@vapour.net>, Christopher Schulte <schulte+freebsd@nospam.schulte.org>
From: Christopher Schulte <schulte+freebsd@nospam.schulte.org>

At 05:04 PM 3/12/2002 -0500, batz wrote:
>By what you are saying, I can infer that RELENG_4_X also includes security
>fixes in ports which I can cvsup on a daily basis, and by doing this, fix
>any ports which have been declared vulnerable. I should further be able
>to automaticly upgrade any ports which use the vulnerable one as a
>dependency, by cvsup'ing RELENG_4_X.

The ports live on their own cvs island, there is no RELENG_ANYTHING
associated with them. The combined tree is maintained separately from the
source code of the actual Operating System and bundled applications.

Check out the supfile samples in /usr/share/examples/cvsup/ :

###############################################################################
#
# DANGER! WARNING! LOOK OUT! VORSICHT!
#
# If you add any of the ports collections to this file, be sure to
# specify them like this:
#
# ports-all tag=.
#
# If you leave out the "tag=." portion, CVSup will delete all of
# the files in your ports tree. That is because the ports collections
# do not use the same tags as the main part of the FreeBSD source tree.
#
###############################################################################

Just cvsup your ports tree daily, you'll pick up the new ports as the
maintainers fix/add them. You can then opt to reinstall ports already in
use on your system. If it's a new port install, you'll get the newest and
greatest automatically. /usr/ports/sysutils/portupgrade is great for
keeping track of this kind of thing.

I hope that sheds some light.

Followups might be appropriate to -questions...

>--
>batz

--
Christopher Schulte
http://www.schulte.org/
Do not un-munge my @nospam.schulte.org
email address.  This address is valid.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message