Jim Angstadt wrote:
Hi All,
I'm new to FreeBSD.
The daily security report lists 9 problems with
installed packages.
In an earlier message I was advised to use the ports
system to avoid dealing with package dependencies.
Thanks to all for that advice.
So I have done the cvsup, buildworld, buildkernel,
.., process and completed without errors. (Thanks to
all who have posted helpful messages on this subject.)
Running portaudit -Fa advised me that the same 9
packages were still a problem.
Running portupgrade -n firefox advised me:
** No need to upgrade 'firefox-1.0.7_1,1' (=
firefox-1.0.7_1,1).
Same thing with mozilla:
** No need to upgrade 'mozilla-1.7.12,2' (=
mozilla-1.7.12,2).
I did not check the other 7 packages in question.
On the surface, to me, it seems as if these two tools
are giving me opposite information.
So, ... what is going on here? What should I do to
get right.
Please see below for the actual console traffic,
slightly snipped.
# --- actual console traffic ---
tiny# uname -a
FreeBSD tiny.brc.localnet 6.0-RELEASE-p7 FreeBSD
6.0-RELEASE-p7 #0: Wed May 17 16:26:53 PDT 2006
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC
i386
tiny# portaudit -Fa
auditfile.tbz 100% of
35 kB 154 kBps
New database installed.
Affected package: firefox-1.0.7_1,1
Type of problem: mozilla -- multiple vulnerabilities.
Reference:
http://www.FreeBSD.org/ports/portaudit/84630f4a-cd8c-11da-b7b9-0
00c6ec775d9.html
Affected package: mozilla-1.7.12,2
Type of problem: mozilla -- multiple vulnerabilities.
Reference:
http://www.FreeBSD.org/ports/portaudit/84630f4a-cd8c-11da-b7b9-0
00c6ec775d9.html
[ 7 other packages snipped ]
9 problem(s) in your installed packages found.
You are advised to update or deinstall the affected
package(s) immediately.
tiny# portupgrade -n firefox
--- Session started at: Wed, 17 May 2006 18:55:20
-0700
[Rebuilding the pkgdb format:bdb1_btree in
/var/db/pkg ... - 241 packages found (-0 +241)
done]
[Updating the portsdb format:bdb1_btree in
/usr/ports ... - 13306 port entries found
1000.2000.3000.4000.5000.6000.7000.8000.9000.1.11000.12000.13000...
done]
** No need to upgrade 'firefox-1.0.7_1,1' (=
firefox-1.0.7_1,1). (specify -f to force)
--- Listing the results (+:done / -:ignored /
*:skipped / !:failed)
- www/firefox (firefox-1.0.7_1,1)
--- Packages processed: 0 done, 1 ignored, 0 skipped
and 0 failed
--- Session ended at: Wed, 17 May 2006 18:57:17
-0700 (consumed 00:01:57)
tiny# portupgrade -n mozilla
--- Session started at: Wed, 17 May 2006 18:58:49
-0700
** No need to upgrade 'mozilla-1.7.12,2' (=
mozilla-1.7.12,2). (specify -f to force)
--- Listing the results (+:done / -:ignored /
*:skipped / !:failed)
- www/mozilla (mozilla-1.7.12,2)
--- Packages processed: 0 done, 1 ignored, 0 skipped
and 0 failed
--- Session ended at: Wed, 17 May 2006 18:58:53
-0700 (consumed 00:00:03)
# - end of console traffic -
Portaudit is reporting problems with certain ports. You need to update
your ports tree, might I suggest portsnap, before you can correct the
problem. Even then, a new version of the port that corrects the problem
may not be available. If it is not, keep trying every day or so and it
will usually be make available to you. Obviously you need to update your
ports tree on a regular schedule. You might want to investigate using
CRON to automate this procedure for you.
Also, you might want to give portmanager a look. Personally, I prefer it
to portupgrade. Strictly a personal choice though. I just think it
handles dependencies in a far superior manner.
--
Gerard Seibert
[EMAIL PROTECTED]
Ruth rode upon my motor bike
directly in back of me.
I hit a bump at 95
and rode on Ruthlessly.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
