Portupgrading - portauditing
Hello, Your team is ALWAYS very helpful . It's the best support i've ever dealt with. Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais have vulnerabilities,and not the whole thing? Thank you G.K. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portupgrading - portauditing
George Katsanos wrote: Hello, Your team is ALWAYS very helpful . It's the best support i've ever dealt with. Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais have vulnerabilities,and not the whole thing? Thank you G.K. As someone pointed out, IE: portupgrade -rR firefox -- Best regards, Chris If two wrongs don't make a right, try three. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portupgrading - portauditing
George Katsanos wrote: Hello, Your team is ALWAYS very helpful . It's the best support i've ever dealt with. Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais have vulnerabilities,and not the whole thing? Thank you G.K. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Are you after a way to do this automatically or just a way to do it generally? You basically want to run portaudit -a and portupgrade each Affected Package. You could probably script this quite easily: for i in `portaudit -a | grep Affected package: | awk '{print $3}'` do portupgrade $FLAGS $i done Hope this is what you were after. :) Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portupgrading - portauditing
I wouldn't bother trying it like straight out if you're trying to get the Firefox update. It still lists firefox as a vulnerability for some reason. I had 1.7.5_1,2, which is the version it listed, but it wouldn't let me upgrade to 1.0.1,1. I even tried listing the vulnerability listed in portaudit.conf, but no change. I finally gave up and deleted the db at /var/db/portaudit/auditfile.tbz and then did the upgrade. It still flags firefox as a vulnerability, even though the problem it references is supposed to be explicitly fixed in the version I have installed (window injection vulnerability). Of course, you can the method described by another poster to get that list, but I haven't been able to get portaudit to actually let me upgrade. Even the portupgrade -f flag won't work and simply building the port manually is also disabled for flagged ports. Portaudit seems more a hard lockdown than a warning system. I think either I am not understanding how to manage it yet, or it has a couple issues that have not been hammered out yet. Manpages don't have much detail about this issue. I haven't had a chance to check on the existence of a bug report yet, because I want to hunt down all the docs I can first. Not that I don't think it's a great security tool! :) Lou On 02/26/05 04:42 PM, George Katsanos sat at the `puter and typed: Hello, Your team is ALWAYS very helpful . It's the best support i've ever dealt with. Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais have vulnerabilities,and not the whole thing? Thank you G.K. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Please send off-list email to: leblanc at keyslapper d.t net Key fingerprint = C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 Too much is just enough. -- Mark Twain, on whiskey pgpmvRVKWeFuc.pgp Description: PGP signature
Re: Portupgrading - portauditing
I believe if you do a portuprade -arR you will also upgrade any dependant ports. On Sat, 26 Feb 2005 15:28:31 +, Chris Hodgins [EMAIL PROTECTED] wrote: George Katsanos wrote: Hello, Your team is ALWAYS very helpful . It's the best support i've ever dealt with. Question : How do i portupgrade , just the pkgs/ports that portaudit -a sais have vulnerabilities,and not the whole thing? Thank you G.K. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Are you after a way to do this automatically or just a way to do it generally? You basically want to run portaudit -a and portupgrade each Affected Package. You could probably script this quite easily: for i in `portaudit -a | grep Affected package: | awk '{print $3}'` do portupgrade $FLAGS $i done Hope this is what you were after. :) Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portupgrading - portauditing
I finally gave up and deleted the db at /var/db/portaudit/auditfile.tbz and then did the upgrade. It still flags firefox as a vulnerability, even though the problem it references is supposed to be explicitly fixed in the version I have installed (window injection vulnerability). Of course, you can the method described by another poster to get that list, but I haven't been able to get portaudit to actually let me upgrade. Even the portupgrade -f flag won't work and simply building the port manually is also disabled for flagged ports. Portaudit seems more a hard lockdown than a warning system. I think either I am not understanding how to manage it yet, or it has a couple issues that have not been hammered out yet. Manpages don't have much detail about this issue. I haven't had a chance to check on the existence of a bug report yet, because I want to hunt down all the docs I can first. no need to fiddle with portaudit, as these can be fed directly to make or to portupgrade (with the -m flag). building ports despite vulnerabilities: -DDISABLE_VULNERABILITIES building ports despite ignore: -DNO_IGNORE to my knowledge, these are not yet documented anywhere but here in the mailing lists. i believe that the doc project is already looking to integrate this info into the ports manpage (or somewhere else equally sensible). on the off chance that they lost sight of this target, i'm adding them to cc. (: thank you docs team :) hth. cheers, epi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Portupgrading - portauditing
On 02/26/05 03:25 PM, epilogue sat at the `puter and typed: I finally gave up and deleted the db at /var/db/portaudit/auditfile.tbz and then did the upgrade. It still flags firefox as a vulnerability, even though the problem it references is supposed to be explicitly fixed in the version I have installed (window injection vulnerability). Of course, you can the method described by another poster to get that list, but I haven't been able to get portaudit to actually let me upgrade. Even the portupgrade -f flag won't work and simply building the port manually is also disabled for flagged ports. Portaudit seems more a hard lockdown than a warning system. I think either I am not understanding how to manage it yet, or it has a couple issues that have not been hammered out yet. Manpages don't have much detail about this issue. I haven't had a chance to check on the existence of a bug report yet, because I want to hunt down all the docs I can first. no need to fiddle with portaudit, as these can be fed directly to make or to portupgrade (with the -m flag). building ports despite vulnerabilities: -DDISABLE_VULNERABILITIES building ports despite ignore: -DNO_IGNORE to my knowledge, these are not yet documented anywhere but here in the mailing lists. i believe that the doc project is already looking to integrate this info into the ports manpage (or somewhere else equally sensible). on the off chance that they lost sight of this target, i'm adding them to cc. (: thank you docs team :) hth. Definitely. Thanks for the primer. Lou -- Louis LeBlanc FreeBSD-at-keyslapper-DOT-net Fully Funded Hobbyist, KeySlapper Extrordinaire :) Please send off-list email to: leblanc at keyslapper d.t net Key fingerprint = C5E7 4762 F071 CE3B ED51 4FB8 AF85 A2FE 80C8 D9A2 Too much is just enough. -- Mark Twain, on whiskey pgpWtqxNYuGcO.pgp Description: PGP signature