Portupgrading - portauditing

Louis LeBlanc FreeBSD at keyslapper.net
Sat Feb 26 18:17:03 GMT 2005 

I wouldn't bother trying it like straight out if you're trying to get
the Firefox update.  It still lists firefox as a vulnerability for
some reason.  I had 1.7.5_1,2, which is the version it listed, but it
wouldn't let me upgrade to 1.0.1,1.  I even tried listing the
vulnerability listed in portaudit.conf, but no change.

I finally gave up and deleted the db at
/var/db/portaudit/auditfile.tbz and then did the upgrade.

It still flags firefox as a vulnerability, even though the problem it
references is supposed to be explicitly fixed in the version I have
installed (window injection vulnerability).

Of course, you can the method described by another poster to get that
list, but I haven't been able to get portaudit to actually let me
upgrade.  Even the portupgrade -f flag won't work and simply building
the port manually is also disabled for flagged ports.

Portaudit seems more a hard lockdown than a warning system.  I think
either I am not understanding how to manage it yet, or it has a couple
issues that have not been hammered out yet.  Manpages don't have much
detail about this issue.  I haven't had a chance to check on the
existence of a bug report yet, because I want to hunt down all the
docs I can first.

Not that I don't think it's a great security tool! :)

Lou

On 02/26/05 04:42 PM, George Katsanos sat at the `puter and typed:
> 
> 
> Hello,
> 
> Your team is ALWAYS very helpful . It's the best support i've ever dealt with.
> 
> Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais 
> have vulnerabilities,and not the whole thing?
> 
> Thank you
> 
> 
> G.K.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 

-- 
Louis LeBlanc                          FreeBSD-at-keyslapper-DOT-net
Fully Funded Hobbyist,                   KeySlapper Extrordinaire :)
Please send off-list email to:         leblanc at keyslapper d.t net
Key fingerprint = C5E7 4762 F071 CE3B ED51  4FB8 AF85 A2FE 80C8 D9A2

Too much is just enough.
    -- Mark Twain, on whiskey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050226/89e9eb2d/attachment-0001.bin

More information about the freebsd-questions mailing list