portaudit and automake14

Bryan Drewery bryan at shatow.net
Tue Aug 28 18:53:36 UTC 2012


On 8/28/2012 1:47 PM, David Newman wrote:
> 1. On a 8.0-RELEASE system, I'm having a problem with the automake14
> port, where the portaudit port reports this vulnerability:
> 
> http://portaudit.freebsd.org/10f38033-e006-11e1-9304-000000000000.html
> 
> Refreshing the ports collection with 'portsnap fetch extract' and then
> running 'portmaster automake14' returned the same error as before:
> 
> automake -- Insecure 'distcheck' recipe granted world-writable distdir
> 
> I then tried to do 'make deinstall && make reinstall' for automake14,
> but that just deinstalled the port. The system returns the same error as
> above when trying to reinstall.
> 
> How to resolve?
> 
> 2. This system also has a couple of other automake ports installed:
> 
> automake-1.12.3
> automake-wrapper-20101119
> 
> How to determine if these are necessary in addition to automake14?


automake14 is not vulnerable to this issue. The vuxml was recently
updated to show that it only affects 1.5 and up.

http://www.vuxml.org/freebsd/36235c38-e0a8-11e1-9f4d-002354ed89bc.html

Not sure when portaudit updates, but in the meantime you can ignore that
error:

env DISABLE_VULNERABILITIES=1 portmaster ...

You can also try deinstalling automake14 as it may not even be required
on your system and the newer 1.12 may automatically be used instead.

To be clear, automake14 is super old. automake-1.12.3 is current.


> 
> Thanks
> 
> dn
> 

Bryan



More information about the freebsd-questions mailing list