# Can't run cvsup on FreeBSD 7.0-RELEASE



## question (Sep 4, 2014)

I host my own server for my site (_mod: url redacted_) and I need to update my clamav and my security ports collection but cvsup is failing with this error:


```
# cvsup ports-supfile
Connected to cvsup9.us.FreeBSD.org
Server message: Unknown collection "ports-security"
Skipping collection ports-security/cvs
Finished successfully
```

Does FreeBSD still use ports, cvsup, etc?  Or did it switch to something else?  Is my default source wrong, is there a new one that works?  Can I get a little help here?


----------



## junovitch@ (Sep 4, 2014)

To answer your question, yes FreeBSD uses still uses ports however CVS has been removed a couple years ago in favor of SVN.  However, FreeBSD 7.0-RELEASE has not been supported at all since 2009 and the 'Topics about unsupported FreeBSD versions' applies. https://forums.freebsd.org/viewtopic.php?f=49&t=40469   Bottom line, you need to upgrade and you can use SVN or portsnap to update your ports tree once you upgrade.


----------



## kpa (Sep 4, 2014)

FreeBSD uses SVN for sources, ports and docs. Support for CVS has ended. 

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html

For ports(7) there is also a lighter tool to check out just the ports tree without the SVN metadata, portsnap(8).

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html

Be warned though, 7.0 is long gone as far as any support goes. You are advised to upgrade to at least 8.4 to be able to use the ports tree. 

https://www.freebsd.org/security/unsupported.html

Also the old package tools like pkg_add are no longer supported (the tools have not been removed from FreeBSD releases that used them previously but the package repositories are moved to archives most likely), instead the so called PKGNG tools are used now.

https://www.freebsd.org/doc/en_US.ISO88 ... intro.html


----------



## question (Sep 4, 2014)

junovitch said:
			
		

> To answer your question, yes FreeBSD uses still uses ports however CVS has been removed a couple years ago in favor of SVN.  However, FreeBSD 7.0-RELEASE has not been supported at all since 2009 and the 'Topics about unsupported FreeBSD versions' applies. https://forums.freebsd.org/viewtopic.php?f=49&t=40469   Bottom line, you need to upgrade and you can use SVN or portsnap to update your ports tree once you upgrade.



Thanks for the quick reply!  My server for my site (_mod: url redacted_) is working great and in my experience, if it ain't broke, don't fix it.  What a headache.  So I guess I just need to install clamav from it's own source, or is there another way to update my ports without upgrading my entire server?


----------



## question (Sep 5, 2014)

kpa said:
			
		

> FreeBSD uses SVN for sources, ports and docs. Support for CVS has ended.
> 
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html
> 
> ...



So in plain English you are saying that I can use portsnap to upgrade FreeBSD 7.0-RELEASE ports tree, even though it's not supported?


----------



## kpa (Sep 5, 2014)

question said:
			
		

> kpa said:
> 
> 
> 
> ...



Yes you can but the ports tree you'll get will not work on FreeBSD 7.0. There is only one ports tree that supports only the supported versions of FreeBSD, it's not versioned by FreeBSD releases.


----------



## question (Sep 5, 2014)

*O*k, so in plain English, it's impossible, in any way, to use ports or packages with FreeBSD 7.0-RELEASE, correct? So the only way to install software on FreeBSD 7.0-RELEASE is from the software's own sources?  Correct?


----------



## SirDice (Sep 5, 2014)

question said:
			
		

> if it ain't broke, don't fix it.


Actually, it is broken. FreeBSD 7.0 contains several security issues which will not be fixed. So you're currently running a very vulnerable website. And by proclaiming you're running an old and unsupported version you just painted a very large target on your back.


----------



## question (Sep 5, 2014)

SirDice said:
			
		

> question said:
> 
> 
> 
> ...



I've fixed any security issues long ago.  Go ahead, make my day... My site (_mod: url redacted_) is a secure web site.


----------



## SirDice (Sep 5, 2014)

question said:
			
		

> Go ahead, make my day... My site is a secure web site.


Your website may be secure but the underlying OS certainly isn't. It's as if you've built a bunker on top of quicksand. The question isn't "Will it sink?", the question is "When will it sink?".


----------



## kpa (Sep 5, 2014)

I challenge you to prove that your system running your website isn't vulnerable to these security issues that were discovered quite recently in the FreeBSD base system and were very likely in 7.0 as well:

TCP reassembly vulnerability:
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc

glob(3) related resource exhaustion:
https://www.freebsd.org/security/advisories/FreeBSD-SA-13:02.libc.asc

Those two are just examples that I picked by taking a quick look at the full list:

https://www.freebsd.org/security/advisories.html

You sure that your system is safe against any of those that might apply to 7.0?


----------



## SirDice (Sep 5, 2014)

Just in case anybody decides to try, there are a few OpenSSH 5.3 remote root exploits floating around on the internet. THEY'RE ALL FAKE!!! Seriously, don't run any of them. The worst one I've seen checks if you're running the "exploit" as root, then proceeds to `rm -rf /`.  §e


----------



## protocelt (Sep 5, 2014)

Given the OP's apparent confidence in the security of his website despite supposedly using an unsupported version of FreeBSD, and the number of times a link to the website is mentioned in his posts, I'm inclined to believe (*though I may be wrong*) that the OP is using this thread for marketing purposes. While I applaud the OP's inventiveness in marketing tactics (if this is indeed really the purpose of this thread), using the Forums in this way to bring better visibility and positive search ranking to his website is "doing it wrong" IMHO.



			
				SirDice said:
			
		

> Just in case anybody decides to try, there are a few OpenSSH 5.3 remote root exploits floating around on the internet. THEY'RE ALL FAKE!!! Seriously, don't run any of them. The worst one I've seen checks if you're running the "exploit" as root, then proceeds to `rm -rf /`.  §e



That's good information to know. Thanks for posting that.


----------



## SirDice (Sep 5, 2014)

protocelt said:
			
		

> Given the OP's apparent confidence in the security of his website despite supposedly using an unsupported version of FreeBSD, and the number of times a link to the website is mentioned in his posts, I'm inclined to believe (*though I may be wrong*) that the OP is using this thread for marketing purposes. While I applaud the OP's inventiveness in marketing tactics (if this is indeed really the purpose of this thread), using the Forums in this way to bring better visibility and positive search ranking to his website is "doing it wrong" IMHO.


Good point! URLs removed


----------

