Forcing a portupgrade?
Chris
racerx at makeworld.com
Tue Feb 13 22:48:27 UTC 2007
Paul Schmehl wrote:
> --On Tuesday, February 13, 2007 16:25:23 -0600 Chris
> <racerx at makeworld.com> wrote:
>
>> Bob wrote:
>>> # portupgrade mozilla
>>> ---> Upgrading 'mozilla-1.7.12_5,2' to
>>> 'mozilla-1.7.13_2,2' (www/mozilla)
>>>
>>> [...]
>>>
>>> ===> mozilla-1.7.13_2,2 has known vulnerabilities:
>>> => mozilla -- multiple vulnerabilities.
>>> Reference:
>>> <http://www.FreeBSD.org/ports/portaudit/e6296105-449b-11db-ba89-000c6ec7
>>> 75d9.html> => mozilla -- multiple vulnerabilities. Reference:
>>> <http://www.FreeBSD.org/ports/portaudit/e2a92664-1d60-11db-88cf-000c6ec7
>>> 75d9.html> => Please update your ports tree and try again. *** Error
>>> code 1
>>>
>>> My ports tree IS up to date, and I have a copy of mozilla-1.7.13_2,2
>>> in /usr/ports/distfiles, but obviously there is no current fix for the
>>> vulnerability(s). I would still like to upgrade Mozilla to 1.7.13_2,2.
>>> Is there a way to force the upgrade despite the port-vulnerability stop?
>>>
>>> Bob
>>>
>>
>> An easy fix - remove the database portaudit uses. Loog somewhere in
>> /var/db ....
>>
>> Then rerun your portupgrade
>
> Yikes! That's a bit drastic. What's wrong with make
> DISABLE_VULNERABILITIES install?
>
> Paul Schmehl (pauls at utdallas.edu)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
As I mentioned in a posting (not made it here yet) that is a drastic
move and the Op may have installed portaudit without understanding what
it means and does.
With that assumtion - I think my pending posting somewhat covers the
reason as to NOT do that.
--
Best regards,
Chris
Nothing is ever accomplished by a reasonable man.
More information about the freebsd-questions
mailing list