From owner-freebsd-questions@FreeBSD.ORG Mon May 19 20:54:00 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CE8D6C60 for ; Mon, 19 May 2014 20:54:00 +0000 (UTC) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id A775526D1 for ; Mon, 19 May 2014 20:54:00 +0000 (UTC) Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41]) by be-well.ilk.org (Postfix) with ESMTP id 0B9D133C24; Mon, 19 May 2014 16:53:54 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id B2C923984E; Mon, 19 May 2014 16:53:52 -0400 (EDT) From: Lowell Gilbert To: Walter Hurry Subject: Re: Can't reinstall linux-f10-openldap References: <44k39h7ja3.fsf@lowell-desk.lan> Reply-To: freebsd-questions@freebsd.org Date: Mon, 19 May 2014 16:53:52 -0400 In-Reply-To: (Walter Hurry's message of "Mon, 19 May 2014 19:22:28 +0000 (UTC)") Message-ID: <447g5hqylb.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2014 20:54:00 -0000 Walter Hurry writes: > On Mon, 19 May 2014 13:47:16 -0400, Lowell Gilbert wrote: > >> Walter Hurry writes: >> >>> I'm trying to reinstall net/linux-f10-openldap, but am being prevented >>> from doing so. >>> >>> ------------------------------------------------------------ >>> ===> linux-f10-openldap-2.4.12_1 has known vulnerabilities: >>> linux-f10-openldap-2.4.12_1 is vulnerable: >>> OpenLDAP -- incorrect handling of NULL in certificate Common Name CVE: >>> CVE-2009-3767 WWW: http://portaudit.FreeBSD.org/abad20bf-c1b4-11e3- >>> a5ac-001b21614864.html => Please update your ports tree and try again. >>> *** [check-vulnerable] Error code 1 >>> >>> Stop in /usr/ports/net/linux-f10-openldap. >>> ------------------------------------------------------------ >>> >>> The portaudit web page says that there is indeed a vulnerability in >>> this version, but it is the latest version available in the ports tree. >>> >>> Is there any way around this? >> >> The only options are the obvious ones: >> >> 1) Override the vulnerability warning and install anyway. > > > Thanks for the reply. How do I implement option 1? Sorry, but there are > huge gaps in my FreeBSD knowledge. You set an environment variable, DISABLE_VULNERABILITIES. It's listed in the manual for ports(7), although I think the reference to the portaudit port is no longer applicable. > This is FreeBSD 9.2 (amd64), and I was using 'portupgrade -f'. portupgrade may have its own settings for that; I don't have it installed at the moment, so I can't easily check. Good luck.