updating a port with problems (libxml2)
Hi all, I use portsnap to keep the port tree of my FreeBSD 7 box up to date. According to portaudit, which I run nightly, there is a problem with the current version of libxml2. So, as usual, I run sudo portsnap fetch sudo portsnap update, and then: $ cd /usr/ports/textproc/libxml2 $ sudo make deinstall $ sudo make reinstall clean But this last command results in an error: === libxml2-2.6.32 has known vulnerabilities: = libxml2 -- two vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html = Please update your ports tree and try again. It would appear that the port has not yet been updated. Is this some temporary glitch? Otherwise, the approach I use is not very robust, since I have now managed to deinstall a library upon which a dozen or so programs depend. However, this is the first time this has happened. Comments, suggestions most welcome. Thanks. - Colin Brace Amsterdam http://lim.nl -- View this message in context: http://www.nabble.com/updating-a-port-with-problems-%28libxml2%29-tp20028504p20028504.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating a port with problems (libxml2)
On Fri, Oct 17, 2008 at 01:01:09AM -0700, Colin Brace wrote: Hi all, I use portsnap to keep the port tree of my FreeBSD 7 box up to date. According to portaudit, which I run nightly, there is a problem with the current version of libxml2. So, as usual, I run sudo portsnap fetch sudo portsnap update, and then: $ cd /usr/ports/textproc/libxml2 $ sudo make deinstall $ sudo make reinstall clean But this last command results in an error: === libxml2-2.6.32 has known vulnerabilities: = libxml2 -- two vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html = Please update your ports tree and try again. It would appear that the port has not yet been updated. Is this some temporary glitch? Otherwise, the approach I use is not very robust, since I have now managed to deinstall a library upon which a dozen or so programs depend. However, this is the first time this has happened. Comments, suggestions most welcome. Sometimes it takes a while after a problem has been found with a port until a fixed version is available in the ports tree. In the worst case the port might never get fixed. So, no, your approach is not very robust. -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating a port with problems (libxml2)
Colin Brace [EMAIL PROTECTED] writes: Hi all, I use portsnap to keep the port tree of my FreeBSD 7 box up to date. According to portaudit, which I run nightly, there is a problem with the current version of libxml2. So, as usual, I run sudo portsnap fetch sudo portsnap update, and then: $ cd /usr/ports/textproc/libxml2 $ sudo make deinstall $ sudo make reinstall clean But this last command results in an error: === libxml2-2.6.32 has known vulnerabilities: = libxml2 -- two vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html = Please update your ports tree and try again. It would appear that the port has not yet been updated. Is this some temporary glitch? Otherwise, the approach I use is not very robust, since I have now managed to deinstall a library upon which a dozen or so programs depend. However, this is the first time this has happened. Comments, suggestions most welcome. Hi Colin, I hit a similar difficulty with cups-base a few days ago. Matthew Seaman suggested this as a way of getting the dodgy port to install, which I used because I *really* needed to print something:- portupgrade -m DISABLE_VULNERABILITIES=yes cups-base Lo and behold, within 6 hours of my re-installing the vulnerable port, the port was fixed and I upgraded to that hth Glyn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating a port with problems (libxml2)
On 10/17/08 01:01, Colin Brace wrote: Hi all, I use portsnap to keep the port tree of my FreeBSD 7 box up to date. According to portaudit, which I run nightly, there is a problem with the current version of libxml2. So, as usual, I run sudo portsnap fetch sudo portsnap update, and then: Note that 'portsnap fetch update' will accomplish the same thing. $ cd /usr/ports/textproc/libxml2 $ sudo make deinstall $ sudo make reinstall clean But this last command results in an error: === libxml2-2.6.32 has known vulnerabilities: = libxml2 -- two vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html = Please update your ports tree and try again. It would appear that the port has not yet been updated. Is this some temporary glitch? Otherwise, the approach I use is not very robust, since I have now managed to deinstall a library upon which a dozen or so programs depend. However, this is the first time this has happened. Comments, suggestions most welcome. To get libxml2 reinstalled before the port is bumped you'll want to try 'make -DDISABLE_VULNERABILITIES reinstall'. In general, it's easier to use portupgrade(1). See Using the Ports Collection[1] in the FreeBSD Handbook. [1] http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html -- Benjamin Lee signature.asc Description: OpenPGP digital signature
Re: updating a port with problems (libxml2)
On Fri, 17 Oct 2008 01:01:09 -0700 (PDT) Colin Brace [EMAIL PROTECTED] wrote: $ cd /usr/ports/textproc/libxml2 $ sudo make deinstall $ sudo make reinstall clean ... It would appear that the port has not yet been updated. Is this some temporary glitch? Otherwise, the approach I use is not very robust, since I have now managed to deinstall a library upon which a dozen or so programs depend. portupgrade builds before deinstalling, and creates a backup package in case the port builds but fails to install. BTW you don't need reinstall in the above case, it's only needed if you want to install twice without using the deinstall or clean targets in between. e.g. make install pkg_delete package name of current port make reinstall ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]