From owner-freebsd-questions@FreeBSD.ORG Tue May 20 20:25:38 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 76F077AA for ; Tue, 20 May 2014 20:25:38 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 31A812EF7 for ; Tue, 20 May 2014 20:25:37 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WmqbH-0007u2-TH for freebsd-questions@freebsd.org; Tue, 20 May 2014 22:25:27 +0200 Received: from 86.21.186.149 ([86.21.186.149]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 20 May 2014 22:25:27 +0200 Received: from walterhurry by 86.21.186.149 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 20 May 2014 22:25:27 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Walter Hurry Subject: Re: Can't reinstall linux-f10-openldap (SOLVED) Date: Tue, 20 May 2014 20:25:15 +0000 (UTC) Lines: 45 Message-ID: References: <44k39h7ja3.fsf@lowell-desk.lan> < lldllk$4se$1@ger.gmane.org> <447g5hqylb.fsf@lowell-desk.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 86.21.186.149 User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508 git://git.gnome.org/pan2) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2014 20:25:38 -0000 On Mon, 19 May 2014 16:53:52 -0400, Lowell Gilbert wrote: > Walter Hurry writes: > >> On Mon, 19 May 2014 13:47:16 -0400, Lowell Gilbert wrote: >> >>> Walter Hurry writes: >>> >>>> I'm trying to reinstall net/linux-f10-openldap, but am being >>>> prevented from doing so. >>>> >>>> ------------------------------------------------------------ >>>> ===> linux-f10-openldap-2.4.12_1 has known vulnerabilities: >>>> linux-f10-openldap-2.4.12_1 is vulnerable: >>>> OpenLDAP -- incorrect handling of NULL in certificate Common Name >>>> CVE: CVE-2009-3767 WWW: >>>> http://portaudit.FreeBSD.org/abad20bf-c1b4-11e3- >>>> a5ac-001b21614864.html => Please update your ports tree and try >>>> again. *** [check-vulnerable] Error code 1 >>>> >>>> Stop in /usr/ports/net/linux-f10-openldap. >>>> ------------------------------------------------------------ >>>> >>>> The portaudit web page says that there is indeed a vulnerability in >>>> this version, but it is the latest version available in the ports >>>> tree. >>>> >>>> Is there any way around this? >>> >>> The only options are the obvious ones: >>> >>> 1) Override the vulnerability warning and install anyway. >> >> >> Thanks for the reply. How do I implement option 1? Sorry, but there are >> huge gaps in my FreeBSD knowledge. > > You set an environment variable, DISABLE_VULNERABILITIES. It's listed in > the manual for ports(7), although I think the reference to the portaudit > port is no longer applicable. > Thanks. That's added to my knowledge; I didn't realise that ports had its own man page. I had looked at the man page for portupgrade but found nothing relevant.