portaudit report vs. portupgrade report

Gerard Seibert gerard at seibercom.net
Thu May 18 12:09:35 PDT 2006 

Jim Angstadt wrote:

> Hi All,
> 
> I'm new to FreeBSD.
> 
> The daily security report lists 9 problems with
> installed packages.  
> 
> In an earlier message I was advised to use the ports
> system to avoid dealing with package dependencies. 
> Thanks to all for that advice.
> 
> So I have done the cvsup, buildworld, buildkernel,
> .., process and completed without errors.  (Thanks to
> all who have posted helpful messages on this subject.)
> 
> Running "portaudit -Fa" advised me that the same 9
> packages were still a problem.
> 
> Running "portupgrade -n firefox" advised me:
> 
>   ** No need to upgrade 'firefox-1.0.7_1,1' (>=
> firefox-1.0.7_1,1).
> 
> Same thing with mozilla:
> 
>   ** No need to upgrade 'mozilla-1.7.12,2' (>=
> mozilla-1.7.12,2).
> 
> I did not check the other 7 packages in question.
> 
> On the surface, to me, it seems as if these two tools
> are giving me opposite information.
> 
> So, ... what is going on here?  What should I do to
> get right.
> 
> Please see below for the actual console traffic,
> slightly snipped.
> 
> 
> # ----------- actual console traffic -----------
> 
> tiny# uname -a
> FreeBSD tiny.brc.localnet 6.0-RELEASE-p7 FreeBSD
> 6.0-RELEASE-p7 #0: Wed May 17 16:26:53 PDT 2006    
> root at tiny.brc.localnet:/usr/obj/usr/src/sys/GENERIC 
> i386
> 
> 
> tiny# portaudit -Fa
> auditfile.tbz                                 100% of 
>  35 kB  154 kBps
> New database installed.
> Affected package: firefox-1.0.7_1,1
> Type of problem: mozilla -- multiple vulnerabilities.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/84630f4a-cd8c-11da-b7b9-0
> 00c6ec775d9.html>
> 
> Affected package: mozilla-1.7.12,2
> Type of problem: mozilla -- multiple vulnerabilities.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/84630f4a-cd8c-11da-b7b9-0
> 00c6ec775d9.html>
> 
> [ 7 other packages snipped ]
> 
> 9 problem(s) in your installed packages found.
> 
> You are advised to update or deinstall the affected
> package(s) immediately.
> 
> 
> tiny# portupgrade -n firefox
> --->  Session started at: Wed, 17 May 2006 18:55:20
> -0700
> [Rebuilding the pkgdb <format:bdb1_btree> in
> /var/db/pkg ... - 241 packages found (-0 +241)
> ................................................................................................................................................................................................................................................
> done]
> [Updating the portsdb <format:bdb1_btree> in
> /usr/ports ... - 13306 port entries found
> ........1000.........2000.........3000.........4000.........5000.........6000.........7000.........8000.........9000.........10000.........11000.........12000.........13000...
> .... done]
> ** No need to upgrade 'firefox-1.0.7_1,1' (>=
> firefox-1.0.7_1,1). (specify -f to force)
> --->  Listing the results (+:done / -:ignored /
> *:skipped / !:failed)
>         - www/firefox (firefox-1.0.7_1,1)
> --->  Packages processed: 0 done, 1 ignored, 0 skipped
> and 0 failed
> --->  Session ended at: Wed, 17 May 2006 18:57:17
> -0700 (consumed 00:01:57)
> 
> 
> tiny# portupgrade -n mozilla
> --->  Session started at: Wed, 17 May 2006 18:58:49
> -0700
> ** No need to upgrade 'mozilla-1.7.12,2' (>=
> mozilla-1.7.12,2). (specify -f to force)
> --->  Listing the results (+:done / -:ignored /
> *:skipped / !:failed)
>         - www/mozilla (mozilla-1.7.12,2)
> --->  Packages processed: 0 done, 1 ignored, 0 skipped
> and 0 failed
> --->  Session ended at: Wed, 17 May 2006 18:58:53
> -0700 (consumed 00:00:03)
> 
> 
> # ------------- end of console traffic ---------

Portaudit is reporting problems with certain ports. You need to update
your ports tree, might I suggest portsnap, before you can correct the
problem. Even then, a new version of the port that corrects the problem
may not be available. If it is not, keep trying every day or so and it
will usually be make available to you. Obviously you need to update your
ports tree on a regular schedule. You might want to investigate using
CRON to automate this procedure for you.

Also, you might want to give portmanager a look. Personally, I prefer it
to portupgrade. Strictly a personal choice though. I just think it
handles dependencies in a far superior manner.


-- 
Gerard Seibert
gerard at seibercom.net


Ruth rode upon my motor bike
directly in back of me.
I hit a bump at 95
and rode on Ruthlessly.

More information about the freebsd-questions mailing list