Hi everyone,
Bare with me here, i'm kind of new to BSD
There are some pieces of software that are included in the base install (ssl, ssh, bind, etc)... but these pieces of software are also included in the ports collection. Let's say there is a brand new vulnerability unveiled in the version of ssh that is included with freebsd. what do you do? if you try to install the one in ports, what happens to the base one? what's a good way to upgrade these pieces of software in such situations?
what about openssl? a lot of software rely on it nowadays. if you installed the copy from ports, what would happen to all the dependencies? what do you need to do to fix them?
I know it's a lot of questions but I really need to know
Thanks a lot
Full Version: updating base software... confused
The best way to do this is to keep your base system up to date. Whenever there are security issues in the base system, updated releases are made for all branches that have not reached end of life. Alternatively, you can just run STABLE on your server and do regular updates.
i dont understand... do you mean that all of the software that is included in the base (ssl, ssh, etc) are updated when there are security advisories about them?
if so, how would you get/install these updates? do you do a usual cvsup and then ... ? what do i do next? do i have to rebuild the whole system (buildworld) ?
also, i'm running the latest stable 4 release, 4.11, and i'll always try to do this since this is going to be a "production server"
thanks a lot for your help
if so, how would you get/install these updates? do you do a usual cvsup and then ... ? what do i do next? do i have to rebuild the whole system (buildworld) ?
also, i'm running the latest stable 4 release, 4.11, and i'll always try to do this since this is going to be a "production server"
thanks a lot for your help
Userland tools and base daemons such as sshd are part of the base distribution and can be patched by cvsupping the latest OS source. Check the handbook for details.
The buildworld process can be intimidating at first glance. Once you run through it a couple times it's not so bad. It is far easier to keep your standard daemons up to date using buildworld than it is to try and change them out for the ports system, plus you get the added benefit of any kernel patches or various other userland patches that may have come down the tree. Take a good read through the handbook, and check out this thread. I would recommend setting up a BSD box at home to experiment with if you are able to. Good luck!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.