Sub navigation:

Keep FreeBSD system up-to-date

Keep ports collection up-to-date

Install portupgrade

In the previous release of FreeBSD, to update ports collection, tangled procedure using cvsup is needed.  However, in recent release, it is simplified by introducing portsnap program.  First, you need to install portupgrade.  It is in the ports-mgmt section.  Thus,

> cd /usr/ports/ports-mgmt/portupgrade
> sudo make install clean

Fetch latest ports data

Latest data of ports collection can be obtained by portsnap.  Portsnap is already installed in latest FreeBSD release.  To update ports data, (in the case of the very first time)

> sudo portsnap fetch extract update

It takes some time.  Once you have performed this command, next time, you only type,

> sudo portsnap fetch update

Next to fetch ports database file.  

> sudo portsdb -F

Subsequently, to compare installed ports version and latest version,

> sudo portversion -vL '='

This leads output of result like below.  

bitstream-vera-1.10_1	<	needs updating (port has 1.10_2)
expat-1.95.8_3 < needs updating (port has 2.0.0_1)
and so on. 

If the installed ports is older than latest one, you can update by the command,

> sudo portupgrade -aP

By these steps, ports collection are kept up-to-date.  For routine update command, you can use this command.  

> sudo portsnap fetch update && sudo portsdb -F && sudo portversion -vL '='

Portupgrade sometimes takes a lot of time.  Thus, this command should be performed separately.  

Applying FreeBSD security patch

FreeBSD developer team release new function day by day.  To apply such function, you should obtain source files from cvs repositories using cvsup and install them.  However, this procedure is too complicated for FreeBSD beginner such as using mergemaster.  I think, for normal server operation, conservative attitude against chasing latest FreeBSD function makes no serious drawback.  It is sufficient to apply security patch.  For this purpose, freebsd-update command is used.  To apply latest security patch to your FreeBSD system, only type

> sudo freebsd-update fetch install

This fixes all security defects.  If changes at /boot directory are displayed, reboot your system.  

That is all you have to do.  I think your FreeBSD system is kept up-to-date by these steps.