From owner-freebsd-questions@FreeBSD.ORG Thu May 18 19:09:34 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A088816A42A for ; Thu, 18 May 2006 19:09:34 +0000 (UTC) (envelope-from gerard@seibercom.net) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22D5343D46 for ; Thu, 18 May 2006 19:09:33 +0000 (GMT) (envelope-from gerard@seibercom.net) Received: by wr-out-0506.google.com with SMTP id i28so471469wra for ; Thu, 18 May 2006 12:09:33 -0700 (PDT) Received: by 10.54.146.17 with SMTP id t17mr21576wrd; Thu, 18 May 2006 12:09:32 -0700 (PDT) Received: from ?192.168.0.4? ( [216.45.217.148]) by mx.gmail.com with ESMTP id g3sm784053wra.2006.05.18.12.09.31; Thu, 18 May 2006 12:09:32 -0700 (PDT) Date: Thu, 18 May 2006 15:09:35 -0400 From: Gerard Seibert To: freebsd-questions@freebsd.org Organization: Seibercom In-Reply-To: <20060518182737.27187.qmail@web50004.mail.yahoo.com> References: <20060518182737.27187.qmail@web50004.mail.yahoo.com> X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR nSNPNr*/^~StawWU9KDJ-CT0k$f#@t2^K&BS_f|?ZV/.7Q Message-Id: <20060518150207.01F9.GERARD@seibercom.net> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Mailer: Becky! ver. 2.25 [en] Subject: Re: portaudit report vs. portupgrade report X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 May 2006 19:09:35 -0000 Jim Angstadt wrote: > Hi All, > > I'm new to FreeBSD. > > The daily security report lists 9 problems with > installed packages. > > In an earlier message I was advised to use the ports > system to avoid dealing with package dependencies. > Thanks to all for that advice. > > So I have done the cvsup, buildworld, buildkernel, > .., process and completed without errors. (Thanks to > all who have posted helpful messages on this subject.) > > Running "portaudit -Fa" advised me that the same 9 > packages were still a problem. > > Running "portupgrade -n firefox" advised me: > > ** No need to upgrade 'firefox-1.0.7_1,1' (>= > firefox-1.0.7_1,1). > > Same thing with mozilla: > > ** No need to upgrade 'mozilla-1.7.12,2' (>= > mozilla-1.7.12,2). > > I did not check the other 7 packages in question. > > On the surface, to me, it seems as if these two tools > are giving me opposite information. > > So, ... what is going on here? What should I do to > get right. > > Please see below for the actual console traffic, > slightly snipped. > > > # ----------- actual console traffic ----------- > > tiny# uname -a > FreeBSD tiny.brc.localnet 6.0-RELEASE-p7 FreeBSD > 6.0-RELEASE-p7 #0: Wed May 17 16:26:53 PDT 2006 > root@tiny.brc.localnet:/usr/obj/usr/src/sys/GENERIC > i386 > > > tiny# portaudit -Fa > auditfile.tbz 100% of > 35 kB 154 kBps > New database installed. > Affected package: firefox-1.0.7_1,1 > Type of problem: mozilla -- multiple vulnerabilities. > Reference: > 00c6ec775d9.html> > > Affected package: mozilla-1.7.12,2 > Type of problem: mozilla -- multiple vulnerabilities. > Reference: > 00c6ec775d9.html> > > [ 7 other packages snipped ] > > 9 problem(s) in your installed packages found. > > You are advised to update or deinstall the affected > package(s) immediately. > > > tiny# portupgrade -n firefox > ---> Session started at: Wed, 17 May 2006 18:55:20 > -0700 > [Rebuilding the pkgdb in > /var/db/pkg ... - 241 packages found (-0 +241) > ................................................................................................................................................................................................................................................ > done] > [Updating the portsdb in > /usr/ports ... - 13306 port entries found > ........1000.........2000.........3000.........4000.........5000.........6000.........7000.........8000.........9000.........10000.........11000.........12000.........13000... > .... done] > ** No need to upgrade 'firefox-1.0.7_1,1' (>= > firefox-1.0.7_1,1). (specify -f to force) > ---> Listing the results (+:done / -:ignored / > *:skipped / !:failed) > - www/firefox (firefox-1.0.7_1,1) > ---> Packages processed: 0 done, 1 ignored, 0 skipped > and 0 failed > ---> Session ended at: Wed, 17 May 2006 18:57:17 > -0700 (consumed 00:01:57) > > > tiny# portupgrade -n mozilla > ---> Session started at: Wed, 17 May 2006 18:58:49 > -0700 > ** No need to upgrade 'mozilla-1.7.12,2' (>= > mozilla-1.7.12,2). (specify -f to force) > ---> Listing the results (+:done / -:ignored / > *:skipped / !:failed) > - www/mozilla (mozilla-1.7.12,2) > ---> Packages processed: 0 done, 1 ignored, 0 skipped > and 0 failed > ---> Session ended at: Wed, 17 May 2006 18:58:53 > -0700 (consumed 00:00:03) > > > # ------------- end of console traffic --------- Portaudit is reporting problems with certain ports. You need to update your ports tree, might I suggest portsnap, before you can correct the problem. Even then, a new version of the port that corrects the problem may not be available. If it is not, keep trying every day or so and it will usually be make available to you. Obviously you need to update your ports tree on a regular schedule. You might want to investigate using CRON to automate this procedure for you. Also, you might want to give portmanager a look. Personally, I prefer it to portupgrade. Strictly a personal choice though. I just think it handles dependencies in a far superior manner. -- Gerard Seibert gerard@seibercom.net Ruth rode upon my motor bike directly in back of me. I hit a bump at 95 and rode on Ruthlessly.