From owner-freebsd-questions@FreeBSD.ORG Fri May 20 14:56:44 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7674E16A4D4 for ; Fri, 20 May 2005 14:56:44 +0000 (GMT) Received: from smtpauth09.mail.atl.earthlink.net (smtpauth09.mail.atl.earthlink.net [209.86.89.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2EED43D48 for ; Fri, 20 May 2005 14:56:43 +0000 (GMT) (envelope-from rpratt1950@earthlink.net) Received: from [71.3.76.93] (helo=kt.weeble.com) by smtpauth09.mail.atl.earthlink.net with asmtp (Exim 4.34) id 1DZ8vZ-0005gU-O1; Fri, 20 May 2005 10:56:42 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=test1; d=earthlink.net; h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References:X-Mailer:Mime-Version:Content-Type:Content-Transfer-Encoding; b=mBsxrtnYUNyApyACtgAZVDHvytx3TdMU2FZfl5feF4m0aRKOmTDO3HKuPJDQ1tT1; Date: Fri, 20 May 2005 10:56:36 -0400 From: Randy Pratt To: Chris Message-Id: <20050520105636.15a2d6f0.rpratt1950@earthlink.net> In-Reply-To: <3aaaa3a05052005436414e0a3@mail.gmail.com> References: <20050517144200.T26182@mail.goinet.com> <3aaaa3a05052005436414e0a3@mail.gmail.com> X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-portbld-freebsd4.11) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ELNK-Trace: 96132b9c1759af1df21c5f5255d6c174239a348a220c26098dd66f390c7d89ab11398eaea1eb667a548b785378294e88350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 71.3.76.93 cc: tshadwick@goinet.com cc: freebsd-questions@freebsd.org Subject: Re: portaudit is being stubborn X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 14:56:44 -0000 On Fri, 20 May 2005 13:43:29 +0100 Chris wrote: > This annoys me as well, I expect portaudit to alert me when an update > is available to fix an exploit, but wget has no update so what is the > point of the warning, there also seems to be no way to shut it up. > > Chris > > On 5/17/05, Tony Shadwick wrote: > > This is driving me nuts. I just downloaded the latest portaudit database > > and ran it on my system: > > > > mx02# portaudit -ad > > Database created: Tue May 17 13:40:02 CDT 2005 > > Affected package: wget-1.8.2_7 > > Type of problem: wget -- multiple vulnerabilities. > > Reference: > > > > > > 1 problem(s) in your installed packages found. > > > > You are advised to update or deinstall the affected package(s) > > immediately. > > > > > > Okay....so, that vulnerability isn't of much concern to me, but just to be > > sure I'm current: > > > > mx02# portversion ftp/wget > > wget = > > > > So life is good there, so I got back and add this to my > > /usr/local/etc/portaudit.conf file: > > > > # Make portaudit ignore wget vulnerability (no shell users here anyway) > > portaudit_fixed="06f142ff-4df3-11d9-a9e7-0001020eed82" > > > > > > I then re-ran portaudit....it gives me the same output. :( I want to have > > this cron'ed where I only get ouput when something that actually concerns > > me comes up. Is the portaudit_fixed variable no longer supported? > > > > Tony I think the ftp/wget-devel version has addressed the security concerns. I switched to ftp/wget-devel and portaudit doesn't show any problems. I've not noticed any differences in using that version. I had a few other ports which depended on ftp/wget so I used portupgrade to switch the dependencies to ftp/wget-devl: portupgrade -o ftp/wget-devel ftp/wget According to the portupgrade man page, all the dependencies on the old package will be succeeded to the new package cleanly without leaving inconsistencies. There may be occasions when an update to a port which depended on the old ftp/wget may cause pkgdb to complain about a stale dependency on ftp/wget and you will need to repoint the dependency to the ftp/wget-devel package. If at some point the ftp/wget gets fixed, then it could be switched back from ftp/wget-devel with portupgrade. Randy --