Re: FreeBSD Security Survey

[ Available lists | Index of freebsd-stable | Month of May 2006 | Week of 22 May 2006 | Raw email | View thread | Wrap long lines | Reply | Tag ]
From
Jonathan Noack <noackjr@alumni.rice.edu>
Date
22 May 2006 13:49:37
Subject
Re: FreeBSD Security Survey
Message-ID
4471C163.9060509@alumni.rice.edu

In reply to
Marian Hettwer, Marian Hettwer (freebsd-security)
References to
Colin Percival, Colin Percival (freebsd-security) , Brent Casavant, Brent Casavant (freebsd-security) , Scott Long, Scott Long (freebsd-security) , Marian Hettwer, Marian Hettwer (freebsd-security)

[ Hide this part ] 
On 05/22/06 05:40, Marian Hettwer wrote:
> Scott Long wrote:
>>> Brent Casavant wrote:
>>>> While I find ports to be the single most useful feature of the FreeBSD
>>>> experience, and can't thank contributors enough for the efforts, I on
>>>> the other hand find updating my installed ports collection (for security
>>>> reasons or otherwise) to be quite painful.  I typically use portupgrade
>>>> to perform this task.  On several occasions I got "bit" by doing a
>>>> portupgrade which wasn't able to completely upgrade all dependencies
>>>> (particularly when X, GUI's, and desktops are in the mix -- though I
>>>> always follow the special Gnome upgrade methods when appropriate).
>
> Like Scott pointed out below, stick with either building from source, or
> using packages. Mixing them may have strange side effects.
> To give an example.
> I usually use portupgrade without using packages. But last time I needed
> to update my ports (on a production server, though private not corporate
> server), I used portupgrade -P (to use packages if available).
> It updated php, using packages, but unluckily the packages were built
> against apache13. I'm using apache20, so my php installation was
> trashed. Argh.
> But even more painful is the fact that portupgrade _always_ fails on
> some perl modules. Usually p5-XML-Parser. I don't know why, but it's
> annoying...
 
Dropping security@...
 
Odd, I just did a 'portupgrade -fm "-s" p5-XML-Parser' and it worked
fine.  Note that I included the '-m "-s"' because it sometimes causes
port build breakage for me (postfix comes to mind).  Perhaps a
'portupgrade -Rf p5-XML-Parser' is in order?  The only dependencies are
perl and expat, so a recursive rebuild shouldn't take too long.  My
persistent port build breakages (that weren't caused by an error in the
port) have always been resolved by rebuilding all dependencies or
removing '-m "-s"'.
 
-Jonathan
 
--
Jonathan Noack | noackjr@alumni.rice.edu | OpenPGP: 0x991D8195
[ Show this part (application/pgp-signature) ]
Elapsed time: 0.550 seconds