The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Freebsd 5.4 vuln packages!

Discussion in 'General Discussion' started by jackie46, Apr 30, 2006.

  1. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    I ran portaudit against my installed packages and detected security issue with many packages installed.

    Which of these modules can be upgraded manually without breaking Cpanel? What the recommended upgrade path? Cpanel is obviously not upgrading these but there are lots of vuln packages here that need updating.
     
  2. astridas

    astridas Member

    Joined:
    Jun 20, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    You can upgrade all of those packages relatively easily using portupgrade. If you don't have portupgrade installed you can do so by:

    cd /usr/ports/sysutils/portupgrade
    make install clean

    If you don't have experience upgrading Perl I would recommend using the Perl installer found on cpanel.net. MySQL could be tricky but there are plenty of guides around for that as well.
     
  3. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Im sure i can use portupgrade but my question is why doesnt cpanel keep these updated? Doesnt it look though the ports during UPCP and isnt it supposed to upgrade them automatically or maybe im missing something. What is the purpose of upcp if it cannot keep my software up-to-date? I think i asked this question before and that was, do we need to keep our own modules updated or will cpanel do it for us. Some people said leave it alone and cpanel will update whats needed but now im starting to think they didnt have the foggiest idea as you can see above all these are vuln and outdated.
     
  4. astridas

    astridas Member

    Joined:
    Jun 20, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I'm sorry I misunderstood you before. I have never trusted cpanel to upgrade my packages. The upcp program is okay when you are upgrading cpanel, but as for everything else I upgrade myself. I went so far as to disable the upcp cron as it would overwrite my ports tree every night and not upgrade anything relevant.
     
  5. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Interesting, so what modifcations do we need to make to ensure that these ports are up-to-date? Do you have any pointers?
     
  6. astridas

    astridas Member

    Joined:
    Jun 20, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I use portsnap to manage the ports tree and portupgrade to upgrade all the ports. Portsnap is great because it is secure and designed for small updates unlike cvsup. You can set up a cron to upgrade your ports tree with portsnap. The only minor problem is that cpanel will hose your portsnap created tree. Unless you are using automatic updates with cpanel, which I wouldn't recommend anyway, You would need to disable your upcp cron entry. After that it would be easy enough to run a 'portversion | grep \<' to see which ports need to be upgraded and then 'portupgrade <list of ports>' or 'portupgrade -a' if you want to upgrade all of your ports.

    Quick Command Example Set

    # portsnap fetch
    # portsnap extract (first time only - or if cpanel overwrites ports tree)
    # portsnap update
    # portversion | grep \<
    # portupgrade example-port example-port2
     
  7. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Im not sure i understand hehe but thank you.
     
  8. yonez

    yonez Active Member

    Joined:
    Apr 22, 2006
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    What are we saying here, it is OK to update ports package using portupgrade under freebsd. Can cpanel staff gurantee that it wont break cpanel application? Why can they follow port collection style. A lot easier to maintain. It just my personal opinion.

    regards,
    yonez
     
Loading...

Share This Page