Date: Mon, 29 Jun 2009 19:04:40 -0500 (CDT) From: Scott Bennett <bennett@cs.niu.edu> To: freebsd-ports@freebsd.org, sergey.dyatko@gmail.com Subject: Re: next abort of perl upgrade encountered--linux-pango security problem :-( Message-ID: <200906300004.n5U04eR8021271@mp.cs.niu.edu>
next in thread | raw e-mail | index | archive | help
On Thu, 25 Jun 2009 09:52:50 +0300 "Sergey V. Dyatko" <sergey.dyatko@gmail.com> wrote: >В Thu, 25 Jun 2009 09:37:52 +0300 >"Sergey V. Dyatko" <sergey.dyatko@gmail.com> пишет: > >SVD> В Thu, 25 Jun 2009 01:21:19 -0500 (CDT) >SVD> Scott Bennett <bennett@cs.niu.edu> пишет: >SVD> >SVD> SB> The saga of failures in the perl upgrade continues with >SVD> SB> the following: >SVD> SB> >SVD> SB> ===> linux-gtk2-2.6.10_3 depends on >SVD> SB> file: /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 - not >SVD> SB> found ===> Verifying install >SVD> SB> for /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 >SVD> SB> in /usr/ports/x11-toolkits/linux-pango ===> >SVD> SB> linux-pango-1.10.2_3 has known vulnerabilities: => pango -- >SVD> SB> integer overflow. Reference: >SVD> SB> <http://www.FreeBSD.org/ports/portaudit/4b172278-3f46-11de-becb-001cc0377035.html> >SVD> SB> => Please update your ports tree and try again. *** Error code >SVD> SB> 1 >SVD> [skipped] >SVD> SB> >SVD> SB> There doesn't seem to be a more recent version of the >SVD> SB> x11-toolkits/linux-pango port available. What is the best way >SVD> SB> to proceed? Will a "portmaster -fv x11-toolkits/linux-pango" >SVD> SB> do the job for now? (I'm not too worried about the security >SVD> SB> bug for the moment. Although I use mplayer to play files, >SVD> SB> they don't generally involve .png files, and I don't use >SVD> SB> mplayer to play streaming files.) Please copy me in on >SVD> SB> responses, otherwise I won't see them till the next >SVD> SB> freebsd-ports digest is sent out. Thanks! >SVD> SB> >SVD> SB> >SVD> SB> Scott Bennett, Comm. ASMELG, >SVD> SB> CFIAG >SVD> 1) deinstall portaudit >SVD> 2) upgrate all ports >SVD> 3) install portaudit if you need it >SVD> >SVD> or >SVD> >SVD> 1)rm /var/db/portaudit/auditfile.tbz >SVD> 2) upgrate all ports >SVD> 3) portaudit -F >SVD> >or set environment variable DISABLE_VULNERABILITIES and >upgrade port(s) > Sergey, thank you so much for pointing out the DISABLE_VULNERABILITIES environment variable. This is the method that got me past the problem, though I used it to upgrade only linux-pango and those of its dependencies that hadn't yet been upgraded. After that, I unset that variable and resumed the upgrade of the rest of the software dependent upon perl. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906300004.n5U04eR8021271>