From owner-freebsd-questions@FreeBSD.ORG  Tue Feb 13 22:41:29 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B7D6416A406
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Feb 2007 22:41:29 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from smtp2.utdallas.edu (smtp2.utdallas.edu [129.110.10.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 9C72413C441
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Feb 2007 22:41:29 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28])
	by smtp2.utdallas.edu (Postfix) with ESMTP id 456E55C192
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Feb 2007 16:41:29 -0600 (CST)
Date: Tue, 13 Feb 2007 16:41:29 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: freebsd-questions@freebsd.org
Message-ID: <BE10B4684C6890C58F1EA982@utd59514.utdallas.edu>
In-Reply-To: <45D23AD3.4060506@makeworld.com>
References: <20070213172123.620e32b3@tania.servebbs.org>
	<45D23AD3.4060506@makeworld.com>
X-Mailer: Mulberry/4.0.6 (Linux/x86)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=sha1;
	protocol="application/pkcs7-signature";
	boundary="==========E00057E1502C20360719=========="
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: Forcing a portupgrade?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2007 22:41:29 -0000

--==========E00057E1502C20360719==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--On Tuesday, February 13, 2007 16:25:23 -0600 Chris <racerx@makeworld.com> =

wrote:

> Bob wrote:
>> # portupgrade mozilla
>> --->  Upgrading 'mozilla-1.7.12_5,2' to
>> 'mozilla-1.7.13_2,2' (www/mozilla)
>>
>> [...]
>>
>> =3D=3D=3D>  mozilla-1.7.13_2,2 has known vulnerabilities:
>> =3D> mozilla -- multiple vulnerabilities.
>>    Reference:
>> <http://www.FreeBSD.org/ports/portaudit/e6296105-449b-11db-ba89-000c6ec7
>> 75d9.html> =3D> mozilla -- multiple vulnerabilities. Reference:
>> <http://www.FreeBSD.org/ports/portaudit/e2a92664-1d60-11db-88cf-000c6ec7
>> 75d9.html> =3D> Please update your ports tree and try again. *** Error
>> code 1
>>
>> My ports tree IS up to date, and I have a copy of mozilla-1.7.13_2,2
>> in /usr/ports/distfiles, but obviously there is no current fix for the
>> vulnerability(s). I would still like to upgrade Mozilla to 1.7.13_2,2.
>> Is there a way to force the upgrade despite the port-vulnerability stop?
>>
>> Bob
>>
>
> An easy fix - remove the database portaudit uses. Loog somewhere in
> /var/db ....
>
> Then rerun your portupgrade

Yikes!  That's a bit drastic.  What's wrong with make=20
DISABLE_VULNERABILITIES install?

Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

--==========E00057E1502C20360719==========--