From owner-freebsd-questions@FreeBSD.ORG Tue Aug 28 22:25:38 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 88898106566B for ; Tue, 28 Aug 2012 22:25:38 +0000 (UTC) (envelope-from dnewman@networktest.com) Received: from mail3.networktest.com (mail3.networktest.com [69.55.234.104]) by mx1.freebsd.org (Postfix) with ESMTP id 665508FC1D for ; Tue, 28 Aug 2012 22:25:38 +0000 (UTC) Received: from localhost (localhost [69.55.234.104]) by mail3.networktest.com (Postfix) with ESMTP id 36CAC2560D5 for ; Tue, 28 Aug 2012 15:25:37 -0700 (PDT) Received: from mail3.networktest.com ([69.55.234.104]) by localhost (mail3.networktest.com [69.55.234.104]) (maiad, port 10024) with ESMTP id 21311-05 for ; Tue, 28 Aug 2012 15:25:36 -0700 (PDT) Received: from dhcp146.eng.networktest.com (ns.networktest.com [205.147.16.129]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: dnewman@networktest.com) by mail3.networktest.com (Postfix) with ESMTPSA id 8160D2560D3 for ; Tue, 28 Aug 2012 15:25:35 -0700 (PDT) Message-ID: <503D455E.6010407@networktest.com> Date: Tue, 28 Aug 2012 15:25:34 -0700 From: David Newman Organization: Network Test Inc. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <503D1259.9080801@networktest.com> <503D13AE.1010003@shatow.net> In-Reply-To: <503D13AE.1010003@shatow.net> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: portaudit and automake14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2012 22:25:38 -0000 On 8/28/12 11:53 AM, Bryan Drewery wrote: > On 8/28/2012 1:47 PM, David Newman wrote: >> 1. On a 8.0-RELEASE system, I'm having a problem with the automake14 >> port, where the portaudit port reports this vulnerability: >> >> http://portaudit.freebsd.org/10f38033-e006-11e1-9304-000000000000.html >> >> Refreshing the ports collection with 'portsnap fetch extract' and then >> running 'portmaster automake14' returned the same error as before: >> >> automake -- Insecure 'distcheck' recipe granted world-writable distdir >> >> I then tried to do 'make deinstall && make reinstall' for automake14, >> but that just deinstalled the port. The system returns the same error as >> above when trying to reinstall. >> >> How to resolve? >> >> 2. This system also has a couple of other automake ports installed: >> >> automake-1.12.3 >> automake-wrapper-20101119 >> >> How to determine if these are necessary in addition to automake14? > > > automake14 is not vulnerable to this issue. The vuxml was recently > updated to show that it only affects 1.5 and up. > > http://www.vuxml.org/freebsd/36235c38-e0a8-11e1-9f4d-002354ed89bc.html > > Not sure when portaudit updates, but in the meantime you can ignore that > error: > > env DISABLE_VULNERABILITIES=1 portmaster ... > > You can also try deinstalling automake14 as it may not even be required > on your system and the newer 1.12 may automatically be used instead. > > To be clear, automake14 is super old. automake-1.12.3 is current. Thanks much for this. As noted, I've de-installed automake14 and haven't noticed any problems as a result. It can be reinstalled using that env flag you mentioned, but if it's not needed, then that's one less thing to go wrong. . . Thanks again. dn > > >> >> Thanks >> >> dn >> > > Bryan > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >