Re: for understanding correctly -- Up-to-date - Upgread ..

• Previous message: Vahric MUHTARYAN: "RE: It's very relevant replying me, please"
• In reply to: Vahric MUHTARYAN: "for understanding correctly -- Up-to-date - Upgread .."
• Next in thread: Mark Weinem: "Re: for understanding correctly -- Up-to-date - Upgread .."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 7 Dec 2003 12:13:01 +0000
To: Vahric MUHTARYAN <vahric@doruk.net.tr>

On Sun, Dec 07, 2003 at 01:08:33PM +0200, Vahric MUHTARYAN wrote:

> 1) Now I'm using FreeBSD 5.1-RELEASE I don't know how offen new
> release announced but When I want to upgread to new release when it
> available Which way is true to that ; Binary Update Mechanism to move
> from release to release ( using freebsd-update-1.4 ports is correct or
> Do you know any ports ) or Using New release CD and using sysinstall
> program ...

New versions are released approximately every 4 months. 5.2-RELEASE
is due in the next few weeks. However, you should subscribe to
freebsd-announce@.. or freebsd-security@... so you catch any
announcements of new security patches.
 
> 2) Using and installing programs with ports really easy and
> really easy to update ports with portupgrade because ports also have
> patches for vulnerabillity. But I'm watching the list some programs like
> ssh or sendmail are in base system and I have to track those programs
> bugs Does it enough to watching Security Advisories from www.freebsd.org
> and apply patches for up-to-date base system without sync. entire src.
> Tree ...

Yes -- security advisories will contain patches for the base system,
and very often it will be possible to apply the patches, recompile
just the affected part of the system and install the fixed binaries.
Sometimes however it won't, and you have to do a full kernel / world
build plus install and reboot.

Note that the patches in S.A.s always fix the problem, but don't
necessarily update version numbers and so forth, so your system may
still appear to be potentially vulnerable to those who know no better.

> 3) I know that not like linux FreeBSD is structured that the
> entire system is avaiable in source form . Does it means When I
> download or up-to-date the source via CVSup and use make world at this
> moment I have updated , patched and new binaries FreeBSD ?!!

FreeBSD (unlike Linux) makes a clear distinction between what is part
of the system, and what is externally contributed code -- ie. ports.
If you cvsup, recompile and re-install your system then, yes, you will
have upgraded to the latest FreeBSD version on whatever branch you
choose to track.

You will need to update ports and other third party stuff
independently of the base system.

 
> 4) Some books thay said that " make world also not a guaranteed
> process . I want to ask When I have high-profile production server Does
> it true to use make world ?! Whats the way to protect/up-to-date
> high-profile production servers ?!!!

For a production server, you should be tracking 4.9-RELEASE. As it's
a -RELEASE branch it's been thoroughly tested and known to compile
correctly. The only updates you'll get on that branch are security
fixes, which are usually fairly small. For production servers, you
should consider using a separate build/test box, where you can break
things without unpleasant consequences. Once you've got things built
correctly and tested throughly, you can mount the /usr/src and
/usr/obj directories from the build box onto your production server,
and quickly reinstall ad reboot with minimum downtime.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

• application/pgp-signature attachment: stored

• Previous message: Vahric MUHTARYAN: "RE: It's very relevant replying me, please"
• In reply to: Vahric MUHTARYAN: "for understanding correctly -- Up-to-date - Upgread .."
• Next in thread: Mark Weinem: "Re: for understanding correctly -- Up-to-date - Upgread .."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: www/drupal4 and www/drupal5: Multiple security vulnerabilities ... ports: www/drupal4 and www/drupal5. ... The following are the security advisories that were posted: ... While patches are available for 4.7.7 and 5.2, ... (FreeBSD-Security) Re: PR backlog ... to those working on updating ports. ... and have sent patches but never got a reply in 9 months. ... The current system of patch review and ... (freebsd-stable) Re: Very Beginning CVSup Questions ... track -STABLE once I get the hang of CVSup, make buildworld, etc. ... "ports compiled on earlier builds should work in later builds". ... seconds to fetch and apply 169 patches: ... | Fetching snapshot tag from portsnap1.FreeBSD.org... ... (freebsd-questions) error when patching cyrus-imapd-2.3.11 port ... I'm also using these two University of Athens patches: ... The FreeBSD ports system changes the Makefiles for their own build system, and the autocreate patch has to change the makefiles since the sieve libraries are needed also in other places. ... (freebsd-questions) Re: Security Patches & OpenBSD Newbie ... Patches for the base system requires compiling. ... Compile kernel, reboot, compile base, done. ... As for installed ports, most ports are also released as binary packages (at ... (comp.unix.bsd.openbsd.misc)