Date: Tue, 28 Aug 2012 15:25:34 -0700 From: David Newman <dnewman@networktest.com> To: freebsd-questions@freebsd.org Subject: Re: portaudit and automake14 Message-ID: <503D455E.6010407@networktest.com> In-Reply-To: <503D13AE.1010003@shatow.net> References: <503D1259.9080801@networktest.com> <503D13AE.1010003@shatow.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/28/12 11:53 AM, Bryan Drewery wrote: > On 8/28/2012 1:47 PM, David Newman wrote: >> 1. On a 8.0-RELEASE system, I'm having a problem with the automake14 >> port, where the portaudit port reports this vulnerability: >> >> http://portaudit.freebsd.org/10f38033-e006-11e1-9304-000000000000.html >> >> Refreshing the ports collection with 'portsnap fetch extract' and then >> running 'portmaster automake14' returned the same error as before: >> >> automake -- Insecure 'distcheck' recipe granted world-writable distdir >> >> I then tried to do 'make deinstall && make reinstall' for automake14, >> but that just deinstalled the port. The system returns the same error as >> above when trying to reinstall. >> >> How to resolve? >> >> 2. This system also has a couple of other automake ports installed: >> >> automake-1.12.3 >> automake-wrapper-20101119 >> >> How to determine if these are necessary in addition to automake14? > > > automake14 is not vulnerable to this issue. The vuxml was recently > updated to show that it only affects 1.5 and up. > > http://www.vuxml.org/freebsd/36235c38-e0a8-11e1-9f4d-002354ed89bc.html > > Not sure when portaudit updates, but in the meantime you can ignore that > error: > > env DISABLE_VULNERABILITIES=1 portmaster ... > > You can also try deinstalling automake14 as it may not even be required > on your system and the newer 1.12 may automatically be used instead. > > To be clear, automake14 is super old. automake-1.12.3 is current. Thanks much for this. As noted, I've de-installed automake14 and haven't noticed any problems as a result. It can be reinstalled using that env flag you mentioned, but if it's not needed, then that's one less thing to go wrong. . . Thanks again. dn > > >> >> Thanks >> >> dn >> > > Bryan > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?503D455E.6010407>