Re: next abort of perl upgrade encountered--linux-pango security problem :-(

[Scott Bennett]

 On Thu, 25 Jun 2009 09:52:50 +0300 "Sergey V. Dyatko"
 wrote:
>÷ Thu, 25 Jun 2009 09:37:52 +0300
>"Sergey V. Dyatko"  ÐÉÛÅÔ:
>
>SVD> ÷ Thu, 25 Jun 2009 01:21:19 -0500 (CDT)
>SVD> Scott Bennett  ÐÉÛÅÔ:
>SVD> 
>SVD> SB>  The saga of failures in the perl upgrade continues with
>SVD> SB> the following:
>SVD> SB> 
>SVD> SB> ===>   linux-gtk2-2.6.10_3 depends on
>SVD> SB> file: /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 - not
>SVD> SB> found ===>Verifying install
>SVD> SB> for /compat/linux/usr/lib/libpango-1.0.so.0.1001.1
>SVD> SB> in /usr/ports/x11-toolkits/linux-pango ===>
>SVD> SB> linux-pango-1.10.2_3 has known vulnerabilities: => pango --
>SVD> SB> integer overflow. Reference:
>SVD> SB> 
>
>SVD> SB> => Please update your ports tree and try again. *** Error code
>SVD> SB> 1
>SVD> [skipped]
>SVD> SB> 
>SVD> SB>  There doesn't seem to be a more recent version of the
>SVD> SB> x11-toolkits/linux-pango port available.  What is the best way
>SVD> SB> to proceed? Will a "portmaster -fv x11-toolkits/linux-pango"
>SVD> SB> do the job for now?  (I'm not too worried about the security
>SVD> SB> bug for the moment.  Although I use mplayer to play files,
>SVD> SB> they don't generally involve .png files, and I don't use
>SVD> SB> mplayer to play streaming files.) Please copy me in on
>SVD> SB> responses, otherwise I won't see them till the next
>SVD> SB> freebsd-ports digest is sent out.  Thanks!
>SVD> SB> 
>SVD> SB> 
>SVD> SB>   Scott Bennett, Comm. ASMELG,
>SVD> SB> CFIAG
>SVD> 1) deinstall portaudit
>SVD> 2) upgrate all ports
>SVD> 3) install portaudit if you need it
>SVD> 
>SVD> or
>SVD> 
>SVD> 1)rm /var/db/portaudit/auditfile.tbz
>SVD> 2) upgrate all ports
>SVD> 3) portaudit -F
>SVD> 
>or set environment variable DISABLE_VULNERABILITIES and
>upgrade port(s)
>
 Sergey, thank you so much for pointing out the DISABLE_VULNERABILITIES
environment variable.  This is the method that got me past the problem, though
I used it to upgrade only linux-pango and those of its dependencies that hadn't
yet been upgraded.  After that, I unset that variable and resumed the upgrade
of the rest of the software dependent upon perl.


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: next abort of perl upgrade encountered--linux-pango security problem :-(

[Sergey V. Dyatko]

В Thu, 25 Jun 2009 04:12:06 -0400
Jerry  пишет:

J> On Thu, 25 Jun 2009 09:37:52 +0300
J> "Sergey V. Dyatko"  wrote:
J> 
J> > 1) deinstall portaudit
J> > 2) upgrate all ports
J> > 3) install portaudit if you need it
J> > 
J> > or
J> > 
J> > 1)rm /var/db/portaudit/auditfile.tbz
J> > 2) upgrate all ports
J> > 3) portaudit -F
J> 
J> Way too much trouble and potentially dangerous.
I agree with you but Scott wrote "I'm not too worried about the
security bug for the moment". So it must works

J> Enter this in the /etc/make.conf file:
J> 
J> # Pango
J> ..if $(.CURDIR:M*/x11-toolkits/linux-pango)
J> DISABLE_VULNERABILITIES=yes
J> ..endif
yep, that is rightest way (IHMO)
J> 
J> This way, the DISABLE_VULNERABILITIES=yes will only effect one port.
J> 
J> 



--
---
Sergey V Dyatko  aka tiger   | sergey.dya...@gmail.com
/"\   ASCII Ribbon Campaign  | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail  | http://tiger.bsd.by
 X  - NO Word docs in e-mail | XMPP: ti...@jabber.org.by 
/ \  
---
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: next abort of perl upgrade encountered--linux-pango security problem :-(

[Jerry]

On Thu, 25 Jun 2009 09:37:52 +0300
"Sergey V. Dyatko"  wrote:

> 1) deinstall portaudit
> 2) upgrate all ports
> 3) install portaudit if you need it
> 
> or
> 
> 1)rm /var/db/portaudit/auditfile.tbz
> 2) upgrate all ports
> 3) portaudit -F

Way too much trouble and potentially dangerous.

Enter this in the /etc/make.conf file:

# Pango
..if $(.CURDIR:M*/x11-toolkits/linux-pango)
DISABLE_VULNERABILITIES=yes
..endif

This way, the DISABLE_VULNERABILITIES=yes will only effect one port.


-- 
Jerry
ges...@yahoo.com

Freedom from incrustation of grime is contiguous to rectitude.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: next abort of perl upgrade encountered--linux-pango security problem :-(

[Sergey V. Dyatko]

В Thu, 25 Jun 2009 09:37:52 +0300
"Sergey V. Dyatko"  пишет:

SVD> В Thu, 25 Jun 2009 01:21:19 -0500 (CDT)
SVD> Scott Bennett  пишет:
SVD> 
SVD> SB>  The saga of failures in the perl upgrade continues with
SVD> SB> the following:
SVD> SB> 
SVD> SB> ===>   linux-gtk2-2.6.10_3 depends on
SVD> SB> file: /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 - not
SVD> SB> found ===>Verifying install
SVD> SB> for /compat/linux/usr/lib/libpango-1.0.so.0.1001.1
SVD> SB> in /usr/ports/x11-toolkits/linux-pango ===>
SVD> SB> linux-pango-1.10.2_3 has known vulnerabilities: => pango --
SVD> SB> integer overflow. Reference:
SVD> SB> 

SVD> SB> => Please update your ports tree and try again. *** Error code
SVD> SB> 1
SVD> [skipped]
SVD> SB> 
SVD> SB>  There doesn't seem to be a more recent version of the
SVD> SB> x11-toolkits/linux-pango port available.  What is the best way
SVD> SB> to proceed? Will a "portmaster -fv x11-toolkits/linux-pango"
SVD> SB> do the job for now?  (I'm not too worried about the security
SVD> SB> bug for the moment.  Although I use mplayer to play files,
SVD> SB> they don't generally involve .png files, and I don't use
SVD> SB> mplayer to play streaming files.) Please copy me in on
SVD> SB> responses, otherwise I won't see them till the next
SVD> SB> freebsd-ports digest is sent out.  Thanks!
SVD> SB> 
SVD> SB> 
SVD> SB>   Scott Bennett, Comm. ASMELG,
SVD> SB> CFIAG
SVD> 1) deinstall portaudit
SVD> 2) upgrate all ports
SVD> 3) install portaudit if you need it
SVD> 
SVD> or
SVD> 
SVD> 1)rm /var/db/portaudit/auditfile.tbz
SVD> 2) upgrate all ports
SVD> 3) portaudit -F
SVD> 
or set environment variable DISABLE_VULNERABILITIES and
upgrade port(s)

--
wbr, tiger
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: next abort of perl upgrade encountered--linux-pango security problem :-(

[Sergey V. Dyatko]

В Thu, 25 Jun 2009 01:21:19 -0500 (CDT)
Scott Bennett  пишет:

SB>  The saga of failures in the perl upgrade continues with the
SB> following:
SB> 
SB> ===>   linux-gtk2-2.6.10_3 depends on
SB> file: /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 - not found
SB> ===>Verifying install
SB> for /compat/linux/usr/lib/libpango-1.0.so.0.1001.1
SB> in /usr/ports/x11-toolkits/linux-pango ===>  linux-pango-1.10.2_3
SB> has known vulnerabilities: => pango -- integer overflow. Reference:
SB> 

SB> => Please update your ports tree and try again. *** Error code 1
[skipped]
SB> 
SB>  There doesn't seem to be a more recent version of the
SB> x11-toolkits/linux-pango port available.  What is the best way to
SB> proceed? Will a "portmaster -fv x11-toolkits/linux-pango" do the
SB> job for now?  (I'm not too worried about the security bug for the
SB> moment.  Although I use mplayer to play files, they don't generally
SB> involve .png files, and I don't use mplayer to play streaming
SB> files.) Please copy me in on responses, otherwise I won't see them
SB> till the next freebsd-ports digest is sent out.  Thanks!
SB> 
SB> 
SB>   Scott Bennett, Comm. ASMELG, CFIAG
1) deinstall portaudit
2) upgrate all ports
3) install portaudit if you need it

or

1)rm /var/db/portaudit/auditfile.tbz
2) upgrate all ports
3) portaudit -F


--
wbr, tiger
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"