Date: Fri, 20 May 2005 10:56:36 -0400 From: Randy Pratt <rpratt1950@earthlink.net> To: Chris <chrcoluk@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: portaudit is being stubborn Message-ID: <20050520105636.15a2d6f0.rpratt1950@earthlink.net> In-Reply-To: <3aaaa3a05052005436414e0a3@mail.gmail.com> References: <20050517144200.T26182@mail.goinet.com> <3aaaa3a05052005436414e0a3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 May 2005 13:43:29 +0100 Chris <chrcoluk@gmail.com> wrote: > This annoys me as well, I expect portaudit to alert me when an update > is available to fix an exploit, but wget has no update so what is the > point of the warning, there also seems to be no way to shut it up. > > Chris > > On 5/17/05, Tony Shadwick <tshadwick@goinet.com> wrote: > > This is driving me nuts. I just downloaded the latest portaudit database > > and ran it on my system: > > > > mx02# portaudit -ad > > Database created: Tue May 17 13:40:02 CDT 2005 > > Affected package: wget-1.8.2_7 > > Type of problem: wget -- multiple vulnerabilities. > > Reference: > > <http://www.FreeBSD.org/ports/portaudit/06f142ff-4df3-11d9-a9e7-0001020eed82.html>; > > > > 1 problem(s) in your installed packages found. > > > > You are advised to update or deinstall the affected package(s) > > immediately. > > > > > > Okay....so, that vulnerability isn't of much concern to me, but just to be > > sure I'm current: > > > > mx02# portversion ftp/wget > > wget = > > > > So life is good there, so I got back and add this to my > > /usr/local/etc/portaudit.conf file: > > > > # Make portaudit ignore wget vulnerability (no shell users here anyway) > > portaudit_fixed="06f142ff-4df3-11d9-a9e7-0001020eed82" > > > > > > I then re-ran portaudit....it gives me the same output. :( I want to have > > this cron'ed where I only get ouput when something that actually concerns > > me comes up. Is the portaudit_fixed variable no longer supported? > > > > Tony I think the ftp/wget-devel version has addressed the security concerns. I switched to ftp/wget-devel and portaudit doesn't show any problems. I've not noticed any differences in using that version. I had a few other ports which depended on ftp/wget so I used portupgrade to switch the dependencies to ftp/wget-devl: portupgrade -o ftp/wget-devel ftp/wget According to the portupgrade man page, all the dependencies on the old package will be succeeded to the new package cleanly without leaving inconsistencies. There may be occasions when an update to a port which depended on the old ftp/wget may cause pkgdb to complain about a stale dependency on ftp/wget and you will need to repoint the dependency to the ftp/wget-devel package. If at some point the ftp/wget gets fixed, then it could be switched back from ftp/wget-devel with portupgrade. Randy --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050520105636.15a2d6f0.rpratt1950>