From owner-freebsd-questions@FreeBSD.ORG Tue Feb 13 22:48:27 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 28ABA16A41F for ; Tue, 13 Feb 2007 22:48:27 +0000 (UTC) (envelope-from racerx@makeworld.com) Received: from omr3.networksolutionsemail.com (omr3.networksolutionsemail.com [205.178.146.53]) by mx1.freebsd.org (Postfix) with ESMTP id E31F413C4B3 for ; Tue, 13 Feb 2007 22:48:26 +0000 (UTC) (envelope-from racerx@makeworld.com) Received: from mail.networksolutionsemail.com (ns-omr3.mgt.netsolmail.com [10.49.6.66]) by omr3.networksolutionsemail.com (8.13.6/8.13.6) with SMTP id l1DMmPrX023200 for ; Tue, 13 Feb 2007 17:48:26 -0500 Received: (qmail 11548 invoked by uid 78); 13 Feb 2007 22:48:15 -0000 Received: from unknown (HELO ?192.168.15.200?) (racerx@makeworld.com@71.113.176.4) by ns-omr3.lb.hosting.dc2.netsol.com with SMTP; 13 Feb 2007 22:48:15 -0000 Message-ID: <45D2402A.1030802@makeworld.com> Date: Tue, 13 Feb 2007 16:48:10 -0600 From: Chris User-Agent: Thunderbird 1.5.0.9 (X11/20070212) MIME-Version: 1.0 To: Paul Schmehl References: <20070213172123.620e32b3@tania.servebbs.org> <45D23AD3.4060506@makeworld.com> In-Reply-To: X-Enigmail-Version: 0.94.2.0 OpenPGP: id=C01BC363 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Forcing a portupgrade? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: racerx@makeworld.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 22:48:27 -0000 Paul Schmehl wrote: > --On Tuesday, February 13, 2007 16:25:23 -0600 Chris > wrote: > >> Bob wrote: >>> # portupgrade mozilla >>> ---> Upgrading 'mozilla-1.7.12_5,2' to >>> 'mozilla-1.7.13_2,2' (www/mozilla) >>> >>> [...] >>> >>> ===> mozilla-1.7.13_2,2 has known vulnerabilities: >>> => mozilla -- multiple vulnerabilities. >>> Reference: >>> >> 75d9.html> => mozilla -- multiple vulnerabilities. Reference: >>> >> 75d9.html> => Please update your ports tree and try again. *** Error >>> code 1 >>> >>> My ports tree IS up to date, and I have a copy of mozilla-1.7.13_2,2 >>> in /usr/ports/distfiles, but obviously there is no current fix for the >>> vulnerability(s). I would still like to upgrade Mozilla to 1.7.13_2,2. >>> Is there a way to force the upgrade despite the port-vulnerability stop? >>> >>> Bob >>> >> >> An easy fix - remove the database portaudit uses. Loog somewhere in >> /var/db .... >> >> Then rerun your portupgrade > > Yikes! That's a bit drastic. What's wrong with make > DISABLE_VULNERABILITIES install? > > Paul Schmehl (pauls@utdallas.edu) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ As I mentioned in a posting (not made it here yet) that is a drastic move and the Op may have installed portaudit without understanding what it means and does. With that assumtion - I think my pending posting somewhat covers the reason as to NOT do that. -- Best regards, Chris Nothing is ever accomplished by a reasonable man.