From owner-freebsd-questions@FreeBSD.ORG Tue Aug 28 18:53:36 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C4E401065673 for ; Tue, 28 Aug 2012 18:53:36 +0000 (UTC) (envelope-from bryan@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 623208FC08 for ; Tue, 28 Aug 2012 18:53:35 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=YWUQcC qNi5f2GjwBp7eS1JXcyDFWP1zegxkgZ0v/8nPFddGls3z9CjuhXyMXWVZ1Mu4mFu km+SufapcE0MNyzTu7RdUi0i8yWl49F+i54FeTF5T5J8WTHQ0Mr5SJ/RKt6/4f08 oPp9Dqc3ASymPHUcb5raTHZwkz/VxEkuYNGfQ= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sweb; bh=YoWtNBhFW2ZD 3WmEy/Hi+ryyWcU3fcLMVJzwDY0f9OQ=; b=sp6SuyVl3G0HyptGJriFMIJiMxxi kSowDkEqnzZ/Z4F171PoihfnPP5FbO9kRns1q2vZ4b0fKSN4HyDfK56GnRLCWTqQ M8sp+bbUO5nj3irSDJkc7qf2TFB/qSuZ7Pwgtrq6E4LOEonjfsh2FaowiCGSswUW zDjJgV3ix+iAksc= Received: (qmail 93137 invoked from network); 28 Aug 2012 13:53:34 -0500 Received: from unknown (HELO ?192.168.0.74?) (bryan@shatow.net@74.94.87.209) by sweb.xzibition.com with ESMTPA; 28 Aug 2012 13:53:34 -0500 Message-ID: <503D13AE.1010003@shatow.net> Date: Tue, 28 Aug 2012 13:53:34 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: David Newman References: <503D1259.9080801@networktest.com> In-Reply-To: <503D1259.9080801@networktest.com> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: portaudit and automake14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2012 18:53:36 -0000 On 8/28/2012 1:47 PM, David Newman wrote: > 1. On a 8.0-RELEASE system, I'm having a problem with the automake14 > port, where the portaudit port reports this vulnerability: > > http://portaudit.freebsd.org/10f38033-e006-11e1-9304-000000000000.html > > Refreshing the ports collection with 'portsnap fetch extract' and then > running 'portmaster automake14' returned the same error as before: > > automake -- Insecure 'distcheck' recipe granted world-writable distdir > > I then tried to do 'make deinstall && make reinstall' for automake14, > but that just deinstalled the port. The system returns the same error as > above when trying to reinstall. > > How to resolve? > > 2. This system also has a couple of other automake ports installed: > > automake-1.12.3 > automake-wrapper-20101119 > > How to determine if these are necessary in addition to automake14? automake14 is not vulnerable to this issue. The vuxml was recently updated to show that it only affects 1.5 and up. http://www.vuxml.org/freebsd/36235c38-e0a8-11e1-9f4d-002354ed89bc.html Not sure when portaudit updates, but in the meantime you can ignore that error: env DISABLE_VULNERABILITIES=1 portmaster ... You can also try deinstalling automake14 as it may not even be required on your system and the newer 1.12 may automatically be used instead. To be clear, automake14 is super old. automake-1.12.3 is current. > > Thanks > > dn > Bryan