Re: portsdb output and portaudit question
jan gestre [EMAIL PROTECTED] the box's running for almost 2 months now setup as webmail server, the only thing i removed was the linux compatible applications since i have no plans of installing linux. i ran pkgdb -F and pkgdb -fu to no avail, after doing cvsup this morning, ran portsdb -Uu, i still see those message looking for packages that wasn't even installed. i don't see any strange behavior for the server except those mentioned here. could these be detrimental? I have no idea. However, if the system appears to be stable then I assume you could just ignore it. I guess removing things from the base installation was not such a good idea though. -- +==+ |\ _,,,---,,_ | Gerard Seibert Zzz /,`.-'`'-. ;-;;,_ | [EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-'| icq: 95653152 FAX: (845) 228-1602 '---''(_/--' `-'\_) | //This Space Available// +==+ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
jan gestre [EMAIL PROTECTED] it took almost 3 hours, i don't have X installed. i'm sending you the portmanager.log in private coz it might clutter the thread. You have a warning message listed here: Tue Aug 1 04:38:03 2006 options changed so returningphp4-mbstring-4.4.2_2 /converters/php4-mbstringto out of date pool I have never seen the options changed so returning ... message before. I am going to check an see if I can find out what it means. In the mean time, have your tried running pkgdb -F and just deleting the bad references? By the way, is this a fresh install, or has it been up for awhile? Did you ever delete any packages from the system? -- +==+ |\ _,,,---,,_ | Gerard Seibert Zzz /,`.-'`'-. ;-;;,_ |[EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-'| icq: 95653152 FAX: (845) 228-1602 '---''(_/--' `-'\_) | //This Space Available// +==+ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
Gerard wrote: jan gestre [EMAIL PROTECTED] it took almost 3 hours, i don't have X installed. i'm sending you the portmanager.log in private coz it might clutter the thread. You have a warning message listed here: Tue Aug 1 04:38:03 2006 options changed so returningphp4-mbstring-4.4.2_2 /converters/php4-mbstringto out of date pool I have never seen the options changed so returning ... message before. I am going to check an see if I can find out what it means. It seems to be when a port presents the blue Options screen. If you change anything (maybe even when you don't, not sure) portmanager gives that message. Unless there are other problems it seems to get back round to updating the port later in the run. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
Chris Whitehouse wrote: It seems to be when a port presents the blue Options screen. If you change anything (maybe even when you don't, not sure) portmanager gives that message. Unless there are other problems it seems to get back round to updating the port later in the run. Interesting! I had not seen that message before. -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
On 8/1/06, Gerard [EMAIL PROTECTED] wrote: jan gestre [EMAIL PROTECTED] it took almost 3 hours, i don't have X installed. i'm sending you the portmanager.log in private coz it might clutter the thread. You have a warning message listed here: Tue Aug 1 04:38:03 2006 options changed so returningphp4-mbstring-4.4.2_2 /converters/php4-mbstringto out of date pool I have never seen the options changed so returning ... message before. I am going to check an see if I can find out what it means. In the mean time, have your tried running pkgdb -F and just deleting the bad references? By the way, is this a fresh install, or has it been up for awhile? Did you ever delete any packages from the system? the box's running for almost 2 months now setup as webmail server, the only thing i removed was the linux compatible applications since i have no plans of installing linux. i ran pkgdb -F and pkgdb -fu to no avail, after doing cvsup this morning, ran portsdb -Uu, i still see those message looking for packages that wasn't even installed. i don't see any strange behavior for the server except those mentioned here. could these be detrimental? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portsdb output and portaudit question
hi guys, i was trying to portupgrade ruby coz portaudit is complaining of vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at first i couldn't upgrade ruby coz portupgrade is complaining maybe coz portaudit but someone in the list suggested this: # portupgrade -Rr -m DISABLE_VULNERABILITIES=yes ruby whoala it installed the ruby package but still portaudit complains even though the installed version is current which has no vulnerability. is this normal? any way to fix these? and also prior to portupgrade, i run cvsup then portsdb -Uu and i have the following message/output when i ran portsdb -Uu: Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+-2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk- pixbuf-xlib-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 24: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--cflags returned non-zero status gnome-config: not found Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+- 2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk-pixbuf-xlib-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 25: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--libs returned non-zero status my box is running FreeBSD 6.1 as webmail server, i do have xorg libraries installed but i don't have those packages installed, are they part of the xorg libraries? how can i get rid or fix them? TIA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
jan gestre wrote: i was trying to portupgrade ruby coz portaudit is complaining of vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at first i couldn't upgrade ruby coz portupgrade is complaining maybe coz portaudit but someone in the list suggested this: # portupgrade -Rr -m DISABLE_VULNERABILITIES=yes ruby whoala it installed the ruby package but still portaudit complains even though the installed version is current which has no vulnerability. is this normal? any way to fix these? This is expected behavior. The ports system will let you upgrade a vulnerable port without complaint. It will however complain if you try to install (or upgrade to) a version that has vulnerabilities. Since portupgrade complained, it's no surprise that portaudit also complains after the forced upgrade. This means that either the version in ports aren't fixed yet (the existence of a vulnerability of a prior version does not imply that said vulnerability is fixed in the current version), or that your ports tree is out of date. Seeing that the latter is not true, I would say you just have to wait for an updated version to appear in ports. You can create an account at freshports and ad ruby to your watch list. That means you'll get notified when new versions arrive. Svein Halvor signature.asc Description: OpenPGP digital signature
Re: portsdb output and portaudit question
On 8/1/06, Svein Halvor Halvorsen [EMAIL PROTECTED] wrote: jan gestre wrote: i was trying to portupgrade ruby coz portaudit is complaining of vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at first i couldn't upgrade ruby coz portupgrade is complaining maybe coz portaudit but someone in the list suggested this: # portupgrade -Rr -m DISABLE_VULNERABILITIES=yes ruby whoala it installed the ruby package but still portaudit complains even though the installed version is current which has no vulnerability. is this normal? any way to fix these? This is expected behavior. The ports system will let you upgrade a vulnerable port without complaint. It will however complain if you try to install (or upgrade to) a version that has vulnerabilities. Since portupgrade complained, it's no surprise that portaudit also complains after the forced upgrade. This means that either the version in ports aren't fixed yet (the existence of a vulnerability of a prior version does not imply that said vulnerability is fixed in the current version), or that your ports tree is out of date. Seeing that the latter is not true, I would say you just have to wait for an updated version to appear in ports. You can create an account at freshports and ad ruby to your watch list. That means you'll get notified when new versions arrive. i portupgrade the previous version ruby-1.8.4_8,1 to the current version which is ruby-1.8.4_9,1 and i also saw from the portaudit complaint that the new version is not anymore affected by the vulnerabilities of the old version meaning the maintainer already fixed this, however portaudit is still complaining. and how about the portsdb output? why is it complaining of stuff i don't have installed? TIA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
On 8/1/06, jan gestre [EMAIL PROTECTED] wrote: On 8/1/06, Svein Halvor Halvorsen [EMAIL PROTECTED] wrote: jan gestre wrote: i was trying to portupgrade ruby coz portaudit is complaining of vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at first i couldn't upgrade ruby coz portupgrade is complaining maybe coz portaudit but someone in the list suggested this: # portupgrade -Rr -m DISABLE_VULNERABILITIES=yes ruby whoala it installed the ruby package but still portaudit complains even though the installed version is current which has no vulnerability. is this normal? any way to fix these? This is expected behavior. The ports system will let you upgrade a vulnerable port without complaint. It will however complain if you try to install (or upgrade to) a version that has vulnerabilities. Since portupgrade complained, it's no surprise that portaudit also complains after the forced upgrade. This means that either the version in ports aren't fixed yet (the existence of a vulnerability of a prior version does not imply that said vulnerability is fixed in the current version), or that your ports tree is out of date. Seeing that the latter is not true, I would say you just have to wait for an updated version to appear in ports. You can create an account at freshports and ad ruby to your watch list. That means you'll get notified when new versions arrive. i portupgrade the previous version ruby-1.8.4_8,1 to the current version which is ruby-1.8.4_9,1 and i also saw from the portaudit complaint that the new version is not anymore affected by the vulnerabilities of the old version meaning the maintainer already fixed this, however portaudit is still complaining. and how about the portsdb output? why is it complaining of stuff i don't have installed? i update the portaudit database and now it's no longer reporting the vulnerability :) which brings me back to my second question regarding the portsdb -Uu output, why is it complaining about those packages which i don't have installed? many thanks in advance ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
On Tue, 1 Aug 2006, jan gestre wrote: hi guys, i was trying to portupgrade ruby coz portaudit is complaining of vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at first i couldn't upgrade ruby coz portupgrade is complaining maybe coz portaudit but someone in the list suggested this: # portupgrade -Rr -m DISABLE_VULNERABILITIES=yes ruby whoala it installed the ruby package but still portaudit complains even though the installed version is current which has no vulnerability. is this normal? any way to fix these? and also prior to portupgrade, i run cvsup then portsdb -Uu and i have the following message/output when i ran portsdb -Uu: Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+-2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk- pixbuf-xlib-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 24: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--cflags returned non-zero status gnome-config: not found Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+- 2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk-pixbuf-xlib-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 25: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--libs returned non-zero status my box is running FreeBSD 6.1 as webmail server, i do have xorg libraries installed but i don't have those packages installed, are they part of the xorg libraries? how can i get rid or fix them? TIA Have you tried running pkgdb prior to attempting the update? See the man manual for details. You also might try installing 'portmanager' and running like this: portmanager -u -f -l -y It will rebuild the ports system and bring in all of the missing dependencies. Just a thought! -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
On 8/1/06, Gerard Seibert [EMAIL PROTECTED] wrote: On Tue, 1 Aug 2006, jan gestre wrote: hi guys, i was trying to portupgrade ruby coz portaudit is complaining of vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at first i couldn't upgrade ruby coz portupgrade is complaining maybe coz portaudit but someone in the list suggested this: # portupgrade -Rr -m DISABLE_VULNERABILITIES=yes ruby whoala it installed the ruby package but still portaudit complains even though the installed version is current which has no vulnerability. is this normal? any way to fix these? and also prior to portupgrade, i run cvsup then portsdb -Uu and i have the following message/output when i ran portsdb -Uu: Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+-2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk- pixbuf-xlib-2.0.pc ' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 24: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--cflags returned non-zero status gnome-config: not found Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+- 2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk-pixbuf-xlib-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 25: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--libs returned non-zero status my box is running FreeBSD 6.1 as webmail server, i do have xorg libraries installed but i don't have those packages installed, are they part of the xorg libraries? how can i get rid or fix them? TIA Have you tried running pkgdb prior to attempting the update? See the man manual for details. yes i did run pkgdb -fu then proceeded with updating but with the same result. You also might try installing 'portmanager' and running like this: portmanager -u -f -l -y i'll give this one a try and will post back the results. It will rebuild the ports system and bring in all of the missing dependencies. Just a thought! -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
On 8/1/06, jan gestre [EMAIL PROTECTED] wrote: On 8/1/06, Gerard Seibert [EMAIL PROTECTED] wrote: On Tue, 1 Aug 2006, jan gestre wrote: hi guys, i was trying to portupgrade ruby coz portaudit is complaining of vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at first i couldn't upgrade ruby coz portupgrade is complaining maybe coz portaudit but someone in the list suggested this: # portupgrade -Rr -m DISABLE_VULNERABILITIES=yes ruby whoala it installed the ruby package but still portaudit complains even though the installed version is current which has no vulnerability. is this normal? any way to fix these? and also prior to portupgrade, i run cvsup then portsdb -Uu and i have the following message/output when i ran portsdb -Uu: Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+-2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk- pixbuf-xlib-2.0.pc ' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 24: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--cflags returned non-zero status gnome-config: not found Package gtk+-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gtk+-2.0.pc' to the PKG_CONFIG_PATH environment variable No package 'gtk+- 2.0' found gnome-config: not found Package gdk-pixbuf-xlib-2.0 was not found in the pkg-config search path. Perhaps you should add the directory containing `gdk- pixbuf-xlib-2.0.pc ' to the PKG_CONFIG_PATH environment variable No package 'gdk-pixbuf-xlib-2.0' found Makefile, line 25: warning: pkg-config gtk+-2.0 gdk-pixbuf-xlib-2.0--libs returned non-zero status my box is running FreeBSD 6.1 as webmail server, i do have xorg libraries installed but i don't have those packages installed, are they part of the xorg libraries? how can i get rid or fix them? TIA Have you tried running pkgdb prior to attempting the update? See the man manual for details. yes i did run pkgdb -fu then proceeded with updating but with the same result. You also might try installing 'portmanager' and running like this: portmanager -u -f -l -y i'll give this one a try and will post back the results. It will rebuild the ports system and bring in all of the missing dependencies. Just a thought! after almost an eternity i finally was able to upgrade all packages via portmanager, run cvsup then portsdb and with the same end result, i still get those missing..not install... packages :( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portsdb output and portaudit question
jan gestre [EMAIL PROTECTED] after almost an eternity i finally was able to upgrade all packages via portmanager, run cvsup then portsdb and with the same end result, i still get those missing..not install... packages :( It seems to me that you rebuilt your system with portmanager in just a few hours. It would take me a few days to rebuild everything. However, I do have Open Office and the full KDE suite installed. What is the output of the portmanager log. It is in /var/log/portmanager.log. Please post it or send it to me. I want to see what it reports. Ciao! -- +==+ |\ _,,,---,,_ | Gerard Seibert Zzz /,`.-'`'-. ;-;;,_ | [EMAIL PROTECTED] |,4- ) )-,_. ,\ ( `'-'| icq: 95653152 FAX: (845) 228-1602 '---''(_/--' `-'\_) | //This Space Available// +==+ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portaudit question.....
Wright Jim Contractor 14MDSS/SGSI wrote: I guess my question is this. How do I use the FreeBSD tools, Ports/Packages, etc, to install this latest version?? Or am I missing the concept altogether ? ( I understand the process of downloading this latest version and installing it manually. Just trying to understand and use the FreeBSD tools ) IMHO, the messages from portaudit are misleadingly worded. Portaudit is correct that some of the software you installed has *some kind* of security vulnerability. But everything else it says is potentially misleading. 1) There may be no upgrade available yet. For there to be an upgrade the original code has to be fixed; in your example by the Mozilla team. Then, whoever is maintaining the port has to go through the work of fixing the new code to work on FreeBSD. For a few simple bug fixes, that may not be too hard, but it still has to be done. How long all this takes will vary from port to port. Mozilla is generally quite quick, from my experience, but xloadimage hung around for ages, not long ago. 2) The advice that you should either upgrade or de-install in unnecessarily authoritarian and frightening. De-installing may not be an option, and the actual bug may have zero affect on your environment. And the presence of a bug does not indicate the presence of an exploit. If you are worried about a particular package then follow up the links portaudit provides and make up your mind what to do. However, that fact that you have so many packages reporting problems says that either you are doing something wrong or not checking often enough. 1) cvsup your ports tree 2) either make fetchindex in /usr/ports and run portsdb -u, or run portsdb -Uu (slower but more accurate) 3) run pkg_version -L= to see what needs upgrading 4) use portupgrade to upgrade on a schedule that suits. That might be daily or monthly depending on you environment. Remember to read /usr/port/UPDATING *before* doing any upgrades. All of that except the upgrading can be automated safely to run at 3am, or any other quiet time you might have. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portaudit question.....
To keep the story short: I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005; pasted from the dmesg.boot file. To the best of my knowledge, I'm using CVSup, pkgdb -F, and portupgrade commands correctly. But, I'm pretty sure I'm still overlooking and/or leaving something out. I just discovered the portaudit command and ran it against my system. It comes up with 15 items that need to be upgraded or deinstalled. For this question I'll use Mozilla. The version it reports is Mozilla-1.7.7,2. When I go to http://www.freebsd.org/ports/index.html http://www.freebsd.org/ports/index.html and do a search for Mozilla, I find that Mozilla-1.7.12,2 is the latest (stable) version. I guess my question is this. How do I use the FreeBSD tools, Ports/Packages, etc, to install this latest version?? Or am I missing the concept altogether ? ( I understand the process of downloading this latest version and installing it manually. Just trying to understand and use the FreeBSD tools ) Thanks for any and all help, Jim Wright Columbus, Mississippi 28 Sep 2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portaudit question.....
On Wed, 28 Sep 2005 15:07:40 -0500, Wright Jim Contractor 14MDSS/SGSI [EMAIL PROTECTED] Subject: portaudit question. Wrote these words of wisdom: To keep the story short: I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005; pasted from the dmesg.boot file. To the best of my knowledge, I'm using CVSup, pkgdb -F, and portupgrade commands correctly. But, I'm pretty sure I'm still overlooking and/or leaving something out. I just discovered the portaudit command and ran it against my system. It comes up with 15 items that need to be upgraded or deinstalled. For this question I'll use Mozilla. The version it reports is Mozilla-1.7.7,2. When I go to http://www.freebsd.org/ports/index.html http://www.freebsd.org/ports/index.html and do a search for Mozilla, I find that Mozilla-1.7.12,2 is the latest (stable) version. I guess my question is this. How do I use the FreeBSD tools, Ports/Packages, etc, to install this latest version?? Or am I missing the concept altogether ? ( I understand the process of downloading this latest version and installing it manually. Just trying to understand and use the FreeBSD tools ) Thanks for any and all help, Jim Wright Columbus, Mississippi 28 Sep 2005 * REPLY SEPARATOR * On 9/29/2005 4:29:46 PM, Gerard Seibert Replied: Personally, I would first make sure you have a freshly updated ports collection. Next, install 'portmanager' from the ports collection. Then run it. portmanager -u This will take care of updating all of your out of date ports and their dependencies. -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portaudit question.....
- Original Message - From: Wright Jim Contractor 14MDSS/SGSI [EMAIL PROTECTED] To: freebsd-questions@FreeBSD.org Sent: Wednesday, September 28, 2005 1:07 PM Subject: portaudit question. To keep the story short: I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005; pasted from the dmesg.boot file. To the best of my knowledge, I'm using CVSup, pkgdb -F, and portupgrade commands correctly. But, I'm pretty sure I'm still overlooking and/or leaving something out. I just discovered the portaudit command and ran it against my system. It comes up with 15 items that need to be upgraded or deinstalled. For this question I'll use Mozilla. The version it reports is Mozilla-1.7.7,2. I'll take a stab at this one. Portaudit is a tool that takes your installed ports then goes out and finds any known vulnerabilities (man portaudit says -- portaudit -- system to check installed packages for known vulnerabilities.) In your example Mozilla. There are times that a vulnerable port does not have an update to it (pkg_version | grep ) so all the updating you do may or may not make a difference. Keep your ports tree up to date and check with pkg_version | grep to see if there are changes. One other thing to note, they give you a URL to the issue they are talking about so you could potentially find more information that may guide you to getting an update or what's involved in the issue. Hope that helps. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portaudit question.....
Wright Jim Contractor 14MDSS/SGSI wrote: To keep the story short: I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005; pasted from the dmesg.boot file. To the best of my knowledge, I'm using CVSup, pkgdb -F, and portupgrade commands correctly. But, I'm pretty sure I'm still overlooking and/or leaving something out. I just discovered the portaudit command and ran it against my system. It comes up with 15 items that need to be upgraded or deinstalled. For this question I'll use Mozilla. The version it reports is Mozilla-1.7.7,2. When I go to http://www.freebsd.org/ports/index.html http://www.freebsd.org/ports/index.html and do a search for Mozilla, I find that Mozilla-1.7.12,2 is the latest (stable) version. I guess my question is this. How do I use the FreeBSD tools, Ports/Packages, etc, to install this latest version?? Or am I missing the concept altogether ? ( I understand the process of downloading this latest version and installing it manually. Just trying to understand and use the FreeBSD tools ) Thanks for any and all help, Jim Wright Columbus, Mississippi 28 Sep 2005 jim, i recommend using portsnap instead of cvsup, especially if you update your ports tree often. then use portversion instead of pkg_version, it's much faster. and always and periodically run portaudit. you don't need your ports tree to be updated for portaudit to be effective, btw. so based on what i said, here's a procedure to follow: /usr/local/sbin/portsnap fetch /usr/local/sbin/portsnap update /usr/local/sbin/portversion -v -l /usr/local/sbin/portaudit -Fda hope that helps. regards, martin ps: regarding mozilla, if it's not packaged on freebsd's ftp server (that is pkg_add doesn't help), you've got to install it from ports (that is to compile it). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
portaudit question
Is there something that I am not updating that portaudit would like to see done or is this just a generic warning. Either way, please provide examples of what I might due to have it stop complaining. I can find no examples googling the portaudit note below. # Here's what I did. Installed 4.10 from mini iso. pkg_add -r cvsup-without-gui cvsup -g -L 2 /root/standard-supfile #updated all source compiled and installed kernel and world per handbook cvsup -g -L 2 /root/ports-supfile #updated all ports cd /usr/ports/security/portaudit make install clean # Here's what I get. beta# /usr/local/sbin/portaudit -Fda auditfile.tbz 100% of 15 kB 33 kBps New database installed. Database created: Fri Dec 10 08:40:32 EST 2004 Affected package: FreeBSD-491000 Type of problem: multiple vulnerabilities in the cvs server code. Reference: http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa 7d.html Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf 0 problem(s) in your installed packages found. # Here's what I did next. man portaudit no help pkg_delete cvsup-without-gui-16.1h cd /usr/ports/net/cvsup-without-gui make install clean /usr/local/sbin/portaudit -Fda and get same output as above. Best, Thomas S. Crum smime.p7s Description: S/MIME cryptographic signature
RE: portaudit question
Thomas S. Crum wrote: Is there something that I am not updating that portaudit would like to see done or is this just a generic warning. Either way, please provide examples of what I might due to have it stop complaining. I can find no examples googling the portaudit note below. # Here's what I did. snip # Here's what I get. beta# /usr/local/sbin/portaudit -Fda auditfile.tbz 100% of 15 kB 33 kBps New database installed. Database created: Fri Dec 10 08:40:32 EST 2004 Affected package: FreeBSD-491000 ^^ Portaudit is complaining that FreeBSD-491000 itself has a vulnerability. Specifically within the cvs code as it tells you. Type of problem: multiple vulnerabilities in the cvs server code. Reference: http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b 0-000347a4fa 7d.html Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf 0 problem(s) in your installed packages found. As you can patch the system cvs without bumping the kernel version number, portupgrade tells you that you can disable the check for this uuid in portaudit.conf. This of course assumes you actually have patched the cvs code in the base system (see the multiple security advisories issued on the cvs vulnerabilities for details on how to patch them manually, or upgrade to a more recent version/patchlevel of the 4.x tree). Petersen ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portaudit question
Thomas S. Crum - AAA Web Solution, Inc. wrote: Is there something that I am not updating that portaudit would like to see done or is this just a generic warning. Either way, please provide examples of what I might due to have it stop complaining. I can find no examples googling the portaudit note below. snip some very helpful stuff, thanks Thomas! # Here's what I did next. man portaudit no help pkg_delete cvsup-without-gui-16.1h cd /usr/ports/net/cvsup-without-gui make install clean /usr/local/sbin/portaudit -Fda and get same output as above. Best, Thomas S. Crum You've gotten some good answers. Please note that cvs(1), which is in the base system, is not the same thing as cvsup(1), which is a port/package. They pretty much *do* the same thing (well, a _similar_ thing), but they aren't the same, so de/reinstalling cvsup-without-gui wouldn't make any difference; it's not where the problem was anyway :-) Portaudit seems like it will be/is a great tool; I would also recommend subscribing to the security-advisories list --- it's not like it's high volume, heh!* , but you'd have seen this info (re: CVS multiple vulnerability Advisory) almost 3 months ago Kevin Kinsey *Just thinking, if M$ had such a list, would the backbone drown? :-s\ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: portaudit question
On Fri, 10 Dec 2004 09:19:15 -0500, Thomas S. Crum - AAA Web Solution, Inc. [EMAIL PROTECTED] wrote: Is there something that I am not updating that portaudit would like to see done or is this just a generic warning. Either way, please provide examples of what I might due to have it stop complaining. [snip] Type of problem: multiple vulnerabilities in the cvs server code. Reference: http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa 7d.html Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf 0 problem(s) in your installed packages found. I haven't used portaudit, but it appears from the message that you can safely follow the instructions, which are to add the uuid (I assume that means the long id number on the url) to the 'portaudit-fixed' variable in /usr/local/etc/portaudit.conf ;) # Here's what I did next. man portaudit no help pkg_delete cvsup-without-gui-16.1h cd /usr/ports/net/cvsup-without-gui make install clean /usr/local/sbin/portaudit -Fda and get same output as above. Which wouldn't help; there does not appear to be a problem with cvsup your system, so reinstalling that wouldn't effect portaudit. I suspect you were correct, that it's a 'generic' warning, and can be worked around. HTH, -- Joshua Lokken Open Source Advocate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Portaudit question
While running portaudit, I get the complaint; Affected package: FreeBSD-502010 Type of problem: multiple vulnerabilities in the cvs server code. Reference: http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.html Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf Am I to assume this is only if you run a cvs server? OR - does this relate to the SA's put out earlier this year about the src. -- Best regards, Chris Multiple-function gadgets will not perform any function adequately. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portaudit question
On Wed, Sep 08, 2004 at 10:01:23AM -0500, Chris wrote: While running portaudit, I get the complaint; Affected package: FreeBSD-502010 Type of problem: multiple vulnerabilities in the cvs server code. Reference: http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.html Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf Am I to assume this is only if you run a cvs server? OR - does this relate to the SA's put out earlier this year about the src. Did you read the referenced portaudit page or any of the links supplied by it? There are several vulnerabilities, most of which affect the CVS server, but one fairly minor that affects the CVS client. The FreeBSD advisory SA-O4:07.cvs refers to a different problem: http://www.vuxml.org/freebsd/0792e7a7-8e37-11d8-90d1-0020ed76ef5a.html ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc As you can see, the VuXML entry you're getting warnings about is dated a month after the security advisory: http://www.vuxml.org/freebsd/d2102505-f03d-11d8-81b0-000347a4fa7d.html However, the update given in the security advisory is to a version of CVS unaffected by either vulnerability. Update your system to the latest patchlevel and the problem will be fixed. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpJcaR5lCWPz.pgp Description: PGP signature
Re: Portaudit question
Matthew Seaman wrote: On Wed, Sep 08, 2004 at 10:01:23AM -0500, Chris wrote: While running portaudit, I get the complaint; Affected package: FreeBSD-502010 Type of problem: multiple vulnerabilities in the cvs server code. Reference: http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.html Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf Am I to assume this is only if you run a cvs server? OR - does this relate to the SA's put out earlier this year about the src. Did you read the referenced portaudit page or any of the links supplied by it? There are several vulnerabilities, most of which affect the CVS server, but one fairly minor that affects the CVS client. The FreeBSD advisory SA-O4:07.cvs refers to a different problem: http://www.vuxml.org/freebsd/0792e7a7-8e37-11d8-90d1-0020ed76ef5a.html ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc As you can see, the VuXML entry you're getting warnings about is dated a month after the security advisory: http://www.vuxml.org/freebsd/d2102505-f03d-11d8-81b0-000347a4fa7d.html However, the update given in the security advisory is to a version of CVS unaffected by either vulnerability. Update your system to the latest patchlevel and the problem will be fixed. This has been done, 5.2.1-RELEASE-p9 -- Best regards, Chris Working capital doesn't. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]