On 02/26/05 03:25 PM, epilogue sat at the `puter and typed: > > > I finally gave up and deleted the db at > > /var/db/portaudit/auditfile.tbz and then did the upgrade. > > > > It still flags firefox as a vulnerability, even though the problem it > > references is supposed to be explicitly fixed in the version I have > > installed (window injection vulnerability). > > > > Of course, you can the method described by another poster to get that > > list, but I haven't been able to get portaudit to actually let me > > upgrade. Even the portupgrade -f flag won't work and simply building > > the port manually is also disabled for flagged ports. > > > > Portaudit seems more a hard lockdown than a warning system. I think > > either I am not understanding how to manage it yet, or it has a couple > > issues that have not been hammered out yet. Manpages don't have much > > detail about this issue. I haven't had a chance to check on the > > existence of a bug report yet, because I want to hunt down all the > > docs I can first. > > no need to fiddle with portaudit, as these can be fed directly to make > or to portupgrade (with the -m flag). > > building ports despite vulnerabilities: > -DDISABLE_VULNERABILITIES > > building ports despite ignore: > -DNO_IGNORE > > to my knowledge, these are not yet documented anywhere but here in the > mailing lists. i believe that the doc project is already looking to > integrate this info into the ports manpage (or somewhere else equally > sensible). > > on the off chance that they lost sight of this target, i'm adding them > to cc. (: thank you docs team :) > > hth.
Definitely. Thanks for the primer.
Lou
--
Louis LeBlanc FreeBSD-at-keyslapper-DOT-net
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
Please send off-list email to: leblanc at keyslapper d.t net
Key fingerprint = C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2
Too much is just enough.
-- Mark Twain, on whiskey
pgpWtqxNYuGcO.pgp
Description: PGP signature
