If you're running 9.2-RELEASE it will track you to -p1, -p2 and so on. If you want to jump to a newer major release that can be specified using the -r X.Y-RELEASE.
Without argument, upgrade will attempt to upgrade all currently-installed packages.
portsnap
This is fairly simple two-step process to keep the ports tree updated
sudo portsnap fetch
sudo portsnap update
Once your ports tree is sync-up you case use utilities like portmaster and portaudit to check & fix the outdated ports you have installed.
portaudit
This is a great package auditor which will tell you which software ports installed on your local system have been identified as vulnerable or exploitable.
sudo pkg_add -r portaudit
sudo portaudit -Fa
However, portaudit is getting replaced by http://www.freebsd.org/cgi/man.cgi?query=pkg-audit&format=html pkg-audit] . Also, portaudit won't help you identify local base vulnerabilities, you'll want to subscribe to the mailing list for that, and use freebsd-update regularly.
portmaster
Written by Doug Barton, portmaster is a shell script that handles port updates in a similar fashion as portupgrade but without so many dependencies (e.g. ruby).
sudo portmaster -p security/clamav
Another incantation lets you update all your ports in one fell swoop.
sudo portmaster -a
Other Tips
creating packages
Building ports is fine for solitary systems, but what about when you have a multitude of FreeBSD systems that need a particular port? Time to build a package!
First create the folder where the packages will land.
mkdir -p /usr/ports/packages/All
Next, choose a package to build. The following will do that and also build all of it's dependent packages.
cd /usr/ports/net-mgmt/net-snmp
make package-recursive
Distributing the packages is another matter, but something like NFS would suffice.
Adding a new vulnerability to the database involves the following steps. Make sure your sources are up-to-date (see below).
cd /usr/ports/security/vuxml
cp vuln.xml vuln.xml.old
make newentry
This will open up your editor, vuxml file loaded and a blank (skeleton) entry towards the top.
--
SO-AND-SO reports:
.
2008-01-FIXME2008-01-08
Then you can edit the entry to fill in the blanks, so to speak. This step-by-step example is based on the maradns DOS vulnerability reported 2008-01-08.
Specify the package name (as found below /usr/ports/category/) and the version(s) that fix the problem, inside of lt tags which stands for less-than. Variations include le for less-than-or-equal-to, and ge for greater-than-or-equal-to. Use multiple containers when necessary.
The good news is that it only took me about 15 minutes to find and reproduce the bug that was causing the improper resource record rotation. The bad news is that the bug that causes the rotation is one that enables a remote denial of service.
Enter a paraphrased or quoted description from the announcement. If possible include the source URL in the cite=.
Save kern.flp and mfsroot.flp to your /var/vm/VMNAME/ folder (possible mkdir).
Using vmware-server-console, create a new VMNAME with 8GB disk using IDE drives. Attach kern.flp to the floppy drive. Boot, and when prompted reassign mfsroot.flp to the floppy and press enter. Partition the disk (see article above). When prompted for source, choose FTP site and specify the following:
host1# ifconfig fxp0 alias 192.168.1.12 netmask 0xffffffff or netmask 255.255.255.255 #use netmask of 255.255.255.255 if on same network as existing ip/device
How to remove an alias address on FreeBSD
host1# ifconfig fxp0 -alias 192.168.1.12
Periodic scripts
control with /etc/periodic.conf to suppress email output...use logging instead
cp /etc/defaults/periodic.conf /etc/periodic.conf
change daily_output="root" to daily_output="/var/log/daily.log" and so on.
But on older systems (3.4 etc) there is no mention of periodic.conf, so just tweak the /etc/crontab like so...