Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Csvup on freebsd 4.10

Posted on 2005-03-14
Medium Priority
Last Modified: 2013-11-22
Hi Experts,

Please kindly guide me the command to update a specific port (squid) and to update the whole port collection.

Do we update any kernels or libraries needed in Freebsd to secure the box? Freebsd v4.10 fresh install.

Question by:lynnton
  • 6
  • 3

Accepted Solution

m0nk3yza earned 2000 total points
ID: 13536577
Hi Lynnton,

First make sure you installed:

Now, from within /usr/ports run
#portaudit -F
This will update the database (will take a few minutes)
Make sure all errors are addressed before continuing to next step.

Then run:
This will indicate any issues with your installed ports.
It's a good idea to sort these out for obvious reasons.

Then run:
#portupgrade squid
Depending on the severity of problems, you may or may not receive a long list of errors or inconsistencies.
Go through them and fix as required.
(post here for help on those errors).

Now, onto the cvsup:

You may want to look at this link first:


It includes a full list of cvsup mirrors.

My cvsup file (ports-supfile) for the ports collection looks like this:

*default host=cvsup.FreeBSD.org
#choose the mirror closest to you
*default base=/usr
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix
*default compress

From the root prompt run:
#cvsup ports-supfile
or, for a more verbose output:
#cvsup -g -L 2 ports-supfile

My source file (stable-supfile), will update the source:

*default host=cvsup.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs tag=RELENG_4_11
*default delete use-rel-suffix
*default compress

This file will update to the latest 4.11 release.

# cvsup stable-supfile

This may take a while depending on your connection speed.

After source is done:

#cd /usr/src/sys/i386/conf
find your kernel. (eg. MYKERNEL)
#config MYKERNEL
If your kernel is OK, you should get this message:
     Don't forget to do a ``make depend''
     Kernel build directory is ../../compile/MYKERNEL
#cd ../../compile/MYKERNEL
#make depend ; make ; make install
This will take some time depending on your machine, but is automated and will only fail in exceptional cases. (only happened to me once due to hardware failure).
Reboot and you should have a nice 4.11 release!

To make you box more secure includes many aspects, one of which would be updated software, but also a properly configure firewall (ipfw), correct user permissions and groups, and regular log file inspections are to name but a few requirements.

Good luck.


Author Comment

ID: 13536655

ok, i can see makefile under /usr/ports/net/cvsup-without-gui

is it "make clean install" or ?

Please kindly guide me to use the proper command.


Author Comment

ID: 13536688

You're really an amazing person, yes you are correct, i've read on the handbook..

Updating one port isn't enough, updating the tree will almost always solve the problem.

Just wanted to share..

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 13536730

Please don't forget the question I've ask.. I'm not sure how to install the makefile :-)


Author Comment

ID: 13536965

Sad to say when using pkg_add, the following error message appears.


bsdhost# pkg_add -r /usr/ports/net/cvsup-without-gui/makefile
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest//usr/ports/net/cvsup-without-gui/makefile.tgz: Service not available, closing control connection
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest//usr/ports/net/cvsup-without-gui/makefile.tgz' by URL

bsdhost# pkg_add -r /usr/ports/net/cvsup-without-gui
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest//usr/ports/net/cvsup-without-gui.tgz: Service not available, closing control connection
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.10-release/Latest//usr/ports/net/cvsup-without-gui.tgz' by URL

Author Comment

ID: 13537102

After running "portaudit" the following below showed up.


bsdhost# portaudit
Affected package: perl-5.6.1_15
Type of problem: perl -- File::Path insecure file/directory permissions.
Reference: <http://www.FreeBSD.org/ports/portaudit/c418d472-6bd1-11d9-93ca-000a95bc6fae.html>

Affected package: ruby-1.8.2.p2_1
Type of problem: ruby -- CGI DoS.
Reference: <http://www.FreeBSD.org/ports/portaudit/d656296b-33ff-11d9-a9e7-0001020eed82.html>

Affected package: apache-1.3.31_4
Type of problem: apache mod_include buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/6e6a6b8a-2fde-11d9-b3a2-0050fc56d258.html>

Affected package: gd-2.0.25,1
Type of problem: gd -- integer overflow.
Reference: <http://www.FreeBSD.org/ports/portaudit/62239968-2f2a-11d9-a9e7-0001020eed82.html>

Affected package: linux_base-7.1_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/ef253f8b-0727-11d9-b45d-000c41e2cdad.html>

Affected package: XFree86-libraries-4.4.0
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/ef253f8b-0727-11d9-b45d-000c41e2cdad.html>

6 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

Expert Comment

ID: 13538860
Hi  Lynnton,

To install the port:

#cd  /usr/ports/net/cvsup-without-gui
# make install
This should do it
you could also do:
#make clean
Just make sure you are in the  /usr/ports/net/cvsup-without-gui  directory.
If, for example, you are in  /usr/ports/net/  the "make clean" command will clean all ports under the /net subdirectory, even if nothing else is installed under that dir. (This will take a very long time).


You don't need to use the pkg-add command, the Makefile is automatically created / updated with cvsup.
Just make sure your ports tree has been updated first (use cvsup).

If you continue to receive "Service not available" errors, check your make file (/etc/make.conf)

Mine looks like this:


NO_SENDMAIL=    true    # do not build sendmail and related programs
NO_X=           true    # do not compile in XWindows support (e.g. doscmd)
NOGAMES=        true    # do not build games (games/ subdir)


HTTP_PROXY=     cache.yourserver.com:8080



You want to have a look at the "MASTER_SITE_BACKUP" line, try an alternative location
Also change "HTTP_PROXY= "  to the hostname of the proxy server you use (if you use one)


Regarding your portaudit results:

They all refer to vulrenabilities in your installed ports.
This means that there are potential or existing exploits for these issues.
Depending on you bandwith (DSL, T1 etc) the answer is to update your ports daily (my cvsup runs every 12 hours), once you've updated your ports start with the first problem:

(1) perl-5.6.1_15.
Perhaps upgrade to perl-5.8.4 (/usr/ports/lang/perl5.8) unless you need to use ver 5.6?
I think the new version of perl doesn't need the following: but the last time I upgraded perl (about a year ago), I had to run this command:
#use.perl port
Which will force bsd to use the perl version installed from ports.

(2) ruby-1.8.2.p2_1
Type of problem: ruby -- CGI DoS
Denial of Service attacks could cripple your system or just be an annoyance - you need to run cvsup until a new version is available.

(3)  apache-1.3.31_4
apache mod_include buffer overflow vulnerability
Another exploit.
If you use this box as your webserver for public access, address this asap.
If it's on your LAN and used for http access to your intranet, it's not that big an issue.

(4) gd-2.0.25,1
gd -- integer overflow.
Wasn't sure what this does, but followed the link in the output you received:
Has a nice explanation.
Doesn't seem too serious.

(5)  linux_base-7.1_7
xpm -- image decoding vulnerabilities
You might want to upgrade to: /usr/ports/emulators/linux_base-8

(6)  XFree86-libraries-4.4.0
xpm -- image decoding vulnerabilities.
This is only used when you run a X-server on the box (not a good idea for a production server).


The portaudit error messages are very helpful, take time to follow the links in the output.
(I know, time is an issue for all sys admins, but it's worth it).
Usually you'll be able to determine whether this requires your immediate attention or not.
6 errors aren't bad, Ive seen 40+ issues on some neglected servers!

You seem to regard security as an important issue, therefore consider upgrading to 4.11.
If you have extra hardware and some time to experiment, have a look at 5.3 (pf is excelent!).

Hope this helps,

Author Comment

ID: 13539718

Sad, I can't add any feedback since I've already close the question.

I'll still get a change though, I was goign to add "Jo is Simply the Best" in your feedback.

Please see below for error message, seems there's another one running? how do we proceed?


--- building in FreeBSD4 ---
new source -> compiling ../src/Upass.i3
new source -> compiling ../src/Secret.i3
new source -> compiling ../src/Secret.m3
new source -> compiling ../src/Main.m3
 -> linking cvpasswd
===>  Installing for cvsup-without-gui-16.1h
===>   Generating temporary packing list
===>  Checking if net/cvsup-without-gui already installed
===>   cvsup-without-gui-16.1h is already installed
      You may wish to ``make deinstall'' and install this port again
      by ``make reinstall'' to upgrade it properly.
      If you really wish to overwrite the old port of net/cvsup-without-gui
      without deleting it first, set the variable "FORCE_PKG_REGISTER"
      in your environment or the "make install" command line.
*** Error code 1

Stop in /usr/ports/net/cvsup-without-gui.

Expert Comment

ID: 13547225
Hi  Lynnton,

This error is fairly common and was probably caused by your previous attempt to install cvsup-without-gui..
All you do is:
#cd /usr/ports/net/cvsup-without-gui
#make deinstall
This might take a minute or two.
Then do:
#make reinstall
That's it.
If the port was allready successfully installed, and you do:
#make install
Then you will get no output, just a root prompt, like this:

Good luck,

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month14 days, 11 hours left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question