Portupgrading - portauditing
Louis LeBlanc
FreeBSD at keyslapper.net
Sat Feb 26 18:17:03 GMT 2005
I wouldn't bother trying it like straight out if you're trying to get
the Firefox update. It still lists firefox as a vulnerability for
some reason. I had 1.7.5_1,2, which is the version it listed, but it
wouldn't let me upgrade to 1.0.1,1. I even tried listing the
vulnerability listed in portaudit.conf, but no change.
I finally gave up and deleted the db at
/var/db/portaudit/auditfile.tbz and then did the upgrade.
It still flags firefox as a vulnerability, even though the problem it
references is supposed to be explicitly fixed in the version I have
installed (window injection vulnerability).
Of course, you can the method described by another poster to get that
list, but I haven't been able to get portaudit to actually let me
upgrade. Even the portupgrade -f flag won't work and simply building
the port manually is also disabled for flagged ports.
Portaudit seems more a hard lockdown than a warning system. I think
either I am not understanding how to manage it yet, or it has a couple
issues that have not been hammered out yet. Manpages don't have much
detail about this issue. I haven't had a chance to check on the
existence of a bug report yet, because I want to hunt down all the
docs I can first.
Not that I don't think it's a great security tool! :)
Lou
On 02/26/05 04:42 PM, George Katsanos sat at the `puter and typed:
>
>
> Hello,
>
> Your team is ALWAYS very helpful . It's the best support i've ever dealt with.
>
> Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais
> have vulnerabilities,and not the whole thing?
>
> Thank you
>
>
> G.K.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
--
Louis LeBlanc FreeBSD-at-keyslapper-DOT-net
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
Please send off-list email to: leblanc at keyslapper d.t net
Key fingerprint = C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2
Too much is just enough.
-- Mark Twain, on whiskey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050226/89e9eb2d/attachment-0001.bin
More information about the freebsd-questions
mailing list