Date: Tue, 13 Feb 2007 16:48:10 -0600 From: Chris <racerx@makeworld.com> To: Paul Schmehl <pauls@utdallas.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Forcing a portupgrade? Message-ID: <45D2402A.1030802@makeworld.com> In-Reply-To: <BE10B4684C6890C58F1EA982@utd59514.utdallas.edu> References: <20070213172123.620e32b3@tania.servebbs.org> <45D23AD3.4060506@makeworld.com> <BE10B4684C6890C58F1EA982@utd59514.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schmehl wrote: > --On Tuesday, February 13, 2007 16:25:23 -0600 Chris > <racerx@makeworld.com> wrote: > >> Bob wrote: >>> # portupgrade mozilla >>> ---> Upgrading 'mozilla-1.7.12_5,2' to >>> 'mozilla-1.7.13_2,2' (www/mozilla) >>> >>> [...] >>> >>> ===> mozilla-1.7.13_2,2 has known vulnerabilities: >>> => mozilla -- multiple vulnerabilities. >>> Reference: >>> <http://www.FreeBSD.org/ports/portaudit/e6296105-449b-11db-ba89-000c6ec7 >>> 75d9.html> => mozilla -- multiple vulnerabilities. Reference: >>> <http://www.FreeBSD.org/ports/portaudit/e2a92664-1d60-11db-88cf-000c6ec7 >>> 75d9.html> => Please update your ports tree and try again. *** Error >>> code 1 >>> >>> My ports tree IS up to date, and I have a copy of mozilla-1.7.13_2,2 >>> in /usr/ports/distfiles, but obviously there is no current fix for the >>> vulnerability(s). I would still like to upgrade Mozilla to 1.7.13_2,2. >>> Is there a way to force the upgrade despite the port-vulnerability stop? >>> >>> Bob >>> >> >> An easy fix - remove the database portaudit uses. Loog somewhere in >> /var/db .... >> >> Then rerun your portupgrade > > Yikes! That's a bit drastic. What's wrong with make > DISABLE_VULNERABILITIES install? > > Paul Schmehl (pauls@utdallas.edu) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ As I mentioned in a posting (not made it here yet) that is a drastic move and the Op may have installed portaudit without understanding what it means and does. With that assumtion - I think my pending posting somewhat covers the reason as to NOT do that. -- Best regards, Chris Nothing is ever accomplished by a reasonable man.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D2402A.1030802>