On Sat, Dec 16, 2006 at 10:47:39PM -0500, Michael P. Soulier wrote: > So, portaudit keeps complaining about openssh, but when I try to upgrade... > > [EMAIL PROTECTED] ~]$ sudo portupgrade -R openssh > [Updating the pkgdb <format:bdb1_btree> in /var/db/pkg ... - 207 packages > found (-1 +1) (...). done] > ---> Upgrading 'openssh-3.6.1_5' to 'openssh-3.6.1_6' (security/openssh) > ---> Building '/usr/ports/security/openssh' > ===> Cleaning for openssh-3.6.1_6 > ===> openssh-3.6.1_6 has known vulnerabilities: > => openssh -- multiple vulnerabilities. > Reference: > <http://www.FreeBSD.org/ports/portaudit/32db37a5-50c3-11db-acf3-000c6ec775d9.html>
This says it only affects SSH Protocol version 1. If you only use version 2 or you're not too concerned, you could do: $ sudo portupgrade -m DISABLE_VULNERABILITIES=yes -R openssh > => Please update your ports tree and try again. > *** Error code 1 > > Stop in /usr/ports/security/openssh. > ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade.20685.0 > env UPGRADE_TOOL=portupgrade UPGRADE_PORT=openssh-3.6.1_5 > UPGRADE_PORT_VER=3.6.1_5 make > ** Fix the problem and try again. > ** Listing the failed packages (*:skipped / !:failed) > ! security/openssh (openssh-3.6.1_5) (unknown build error) > ---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed > > So, before bothering the port maintainer, is there a standard place to look > for a status update on this kind of thing? > > Thanks, > Mike > -- > Michael P. Soulier <[EMAIL PROTECTED]> > "Any intelligent fool can make things bigger and more complex... It > takes a touch of genius - and a lot of courage to move in the opposite > direction." --Albert Einstein -- Chris Cowart Network and Infrastructure Systems Administrator RSSP-IT, UC Berkeley "May all your pushes be popped"
signature.asc
Description: Digital signature