portaudit and automake14
David Newman
dnewman at networktest.com
Tue Aug 28 22:25:38 UTC 2012
On 8/28/12 11:53 AM, Bryan Drewery wrote:
> On 8/28/2012 1:47 PM, David Newman wrote:
>> 1. On a 8.0-RELEASE system, I'm having a problem with the automake14
>> port, where the portaudit port reports this vulnerability:
>>
>> http://portaudit.freebsd.org/10f38033-e006-11e1-9304-000000000000.html
>>
>> Refreshing the ports collection with 'portsnap fetch extract' and then
>> running 'portmaster automake14' returned the same error as before:
>>
>> automake -- Insecure 'distcheck' recipe granted world-writable distdir
>>
>> I then tried to do 'make deinstall && make reinstall' for automake14,
>> but that just deinstalled the port. The system returns the same error as
>> above when trying to reinstall.
>>
>> How to resolve?
>>
>> 2. This system also has a couple of other automake ports installed:
>>
>> automake-1.12.3
>> automake-wrapper-20101119
>>
>> How to determine if these are necessary in addition to automake14?
>
>
> automake14 is not vulnerable to this issue. The vuxml was recently
> updated to show that it only affects 1.5 and up.
>
> http://www.vuxml.org/freebsd/36235c38-e0a8-11e1-9f4d-002354ed89bc.html
>
> Not sure when portaudit updates, but in the meantime you can ignore that
> error:
>
> env DISABLE_VULNERABILITIES=1 portmaster ...
>
> You can also try deinstalling automake14 as it may not even be required
> on your system and the newer 1.12 may automatically be used instead.
>
> To be clear, automake14 is super old. automake-1.12.3 is current.
Thanks much for this. As noted, I've de-installed automake14 and haven't
noticed any problems as a result. It can be reinstalled using that env
flag you mentioned, but if it's not needed, then that's one less thing
to go wrong. . .
Thanks again.
dn
>
>
>>
>> Thanks
>>
>> dn
>>
>
> Bryan
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list