similar to: FreeBSD 5.2 -> 5.2.1 upgrade

CVSup is slow, insecure, and a memory hog. However, until now it's been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important. To provide a secure, lightweight, and fast alternative to CVSup, I've written portsnap. As the name suggests, this

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:07.sendmail Security Advisory The FreeBSD Project Topic: a second sendmail header parsing buffer overflow Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:07.sendmail Security Advisory The FreeBSD Project Topic: a second sendmail header parsing buffer overflow Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:16.fetch Security Advisory The FreeBSD Project Topic: Overflow error in fetch Category: core Module: fetch Announced: 2004-11-18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:16.fetch Security Advisory The FreeBSD Project Topic: Overflow error in fetch Category: core Module: fetch Announced: 2004-11-18

Hello.. I've noticed a delay between when the security advisories are sent and when the cvsup servers, ftp mirrors and web mirrors are updated. Is this delay on purpose to give the users some time to update/patch their system(s) before it hit pages like bugtraq, etc.. or is it just a caused by the delay between when the ftp/cvsup servers are synced? Best regard, Jesper Wallin

I am now building binary security updates for FreeBSD 5.x, for use with FreeBSD Update. This has taken rather longer than I expected -- I thought I would be at this point in mid-November -- but porting the update-building code to run on FreeBSD 5.x took rather longer than I expected. For details about how to use these updates, please see the FreeBSD Update web site at

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:06.ipv6 Security Advisory The FreeBSD Project Topic: setsockopt(2) IPv6 sockets input validation error Category: core Module: kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:06.ipv6 Security Advisory The FreeBSD Project Topic: setsockopt(2) IPv6 sockets input validation error Category: core Module: kernel

Hello. Dont know is this list right for this topic, but dont know witch one is. So I got 6.3-STABLE-200807-amd64-disc1.iso I have installed it cd /usr/ports/net/cvsup-without-gui/ make install make clean #cvsup some-stable-sup-file Connected to cvsup.xxxxxx.ru Bus error (core dumped) I cant get fresh src and ports trees and cant compile fresh 6.X-stable system with athlon64 optimization. :(

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:08.realpath Security Advisory The FreeBSD Project Topic: Single byte buffer overflow in realpath(3) Category: core Module: libc Announced:

This is issue never made it to this list, so i am posting it late, since I now have access to post to this list. -Chris FreeBSD Real-Quick(TM) NewsLetter. Things Happening in FreeBSD. Volume #2 Issue #2 February 1999 Release Information: FreeBSD 3.1 is available from Walnut Creek CDROM FreeBSD 4.0 is now the Development Version with no release scheduled. FreeBSD

Hello, it looks like updating source/ports via csup does not work for some time. I was using for a long time simple command sequence csup -h cvsup.freebsd.org /usr/share/examples/cvsup/stable-supfile csup -h cvsup.freebsd.org /usr/share/examples/cvsup/ports-supfile to update both source files and ports collection. For some (maybe five) days there is nothing updated. Is svn-to-cvs stil working?

freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You

Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect recent EoL (end-of-life) events. The new list is below (and should appear at <URL: http://www.freebsd.org/security/ > soon). FreeBSD 4.7 has `expired', but I have extended the EoL date for FreeBSD 5.1. If you are running FreeBSD 4.7 or older and you wish to be certain to get critical

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: Texindex temporary file privilege escalation Category: contrib Module: texinfo

> Date: Sat, 29 Oct 2005 07:34:28 -0700 > From: Colin Percival <cperciva@freebsd.org> > Subject: Re: Is the server portion of freebsd-update open source? > To: markzero <mark@darklogik.org> > Cc: freebsd-security@freebsd.org > Message-ID: <43638874.2020004@freebsd.org> > Content-Type: text/plain; charset=ISO-8859-1 > > markzero wrote: > > No this

Hello, I am very new to FreeBSD and just installed 4.8 release. I want to upgrade this to stable. I have printed some of the pages out for makeworld and CVSUP, I am wondering what the best method for doing the updates are, downloading the individual packages and installing or using the CVSUP to do this? Currently I used mostly Red Hat Linux but have wanted to give this a try for some time

Well, I *tried* to CC: freebsd-security... I'm forwarding this to get around the "posting from wrong address" filter. -------- Original Message -------- Subject: Re: FW:FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 04:42:48 -0800 From: Colin Percival <cperciva@freebsd.org> To: Jonathan Weiss <tomonage2@gmx.de> CC: freebsd-security@freebsd.org, FreeBSD-Hackers

The mailing list detained my email because I posted from the wrong address... hoepfully it will get through this time. -------- Original Message -------- Subject: Re: Fwd: FreeBSD hiding security stuff Date: Fri, 04 Mar 2005 05:35:32 -0800 From: Colin Percival <cperciva@freebsd.org> To: Devon H. O'Dell <dodell@sitetronics.com> CC: mike@sentex.net, freebsd-security@freebsd.org,