I wouldn't bother trying it like straight out if you're trying to get the Firefox update. It still lists firefox as a vulnerability for some reason. I had 1.7.5_1,2, which is the version it listed, but it wouldn't let me upgrade to 1.0.1,1. I even tried listing the vulnerability listed in portaudit.conf, but no change.
I finally gave up and deleted the db at /var/db/portaudit/auditfile.tbz and then did the upgrade. It still flags firefox as a vulnerability, even though the problem it references is supposed to be explicitly fixed in the version I have installed (window injection vulnerability). Of course, you can the method described by another poster to get that list, but I haven't been able to get portaudit to actually let me upgrade. Even the portupgrade -f flag won't work and simply building the port manually is also disabled for flagged ports. Portaudit seems more a hard lockdown than a warning system. I think either I am not understanding how to manage it yet, or it has a couple issues that have not been hammered out yet. Manpages don't have much detail about this issue. I haven't had a chance to check on the existence of a bug report yet, because I want to hunt down all the docs I can first. Not that I don't think it's a great security tool! :) Lou On 02/26/05 04:42 PM, George Katsanos sat at the `puter and typed: > > > Hello, > > Your team is ALWAYS very helpful . It's the best support i've ever dealt with. > > Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais > have vulnerabilities,and not the whole thing? > > Thank you > > > G.K. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Please send off-list email to: leblanc at keyslapper d.t net Key fingerprint = C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 Too much is just enough. -- Mark Twain, on whiskey
pgpmvRVKWeFuc.pgp
Description: PGP signature