From owner-freebsd-ports@FreeBSD.ORG Thu Jun 25 06:53:03 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3321010656C2 for ; Thu, 25 Jun 2009 06:53:03 +0000 (UTC) (envelope-from sergey.dyatko@gmail.com) Received: from mail-fx0-f217.google.com (mail-fx0-f217.google.com [209.85.220.217]) by mx1.freebsd.org (Postfix) with ESMTP id B2F0A8FC15 for ; Thu, 25 Jun 2009 06:53:02 +0000 (UTC) (envelope-from sergey.dyatko@gmail.com) Received: by fxm17 with SMTP id 17so1152972fxm.43 for ; Wed, 24 Jun 2009 23:53:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=ZXmI1ZHJkh1WARHF4Qpj0nbNXBgVgFEYl1xsEUW9iRI=; b=S1XO1RYtQ+hQXdH4vPIXjB2hVI29iJDJnE/soHubAVBl7zEEaWSP9VpoL1q9RDFo0l oPoXgCZemmqduqQMHdYw1SP9FEVnyZCoVoqBd7kvo1gBqkCl0vK2lJiOENVdCzqPAhcN UbuUcgrPUCY5Go+N77s+udYptfFJzgoYMqZwA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=pSdPcUAmQt55HAtGUrvsobSDDiBAMuUl3uxwOISQek8OfmhvUZUJ6YLLVHtBJGG7hh FAEhvHt3DkwrWaeBtJYyDmoZBCZeOqQVgVOp4A4wkNuHA4jZ5swQjt2joFYxB7zKibwF gDSNO7HnUdVjWfCXqukNP9GDsleVWRP/pda8E= Received: by 10.86.36.11 with SMTP id j11mr2255645fgj.22.1245912781732; Wed, 24 Jun 2009 23:53:01 -0700 (PDT) Received: from tiger.minsk.domain (minsk.agava.net [212.98.174.157]) by mx.google.com with ESMTPS id e11sm5218178fga.1.2009.06.24.23.52.52 (version=SSLv3 cipher=RC4-MD5); Wed, 24 Jun 2009 23:52:52 -0700 (PDT) Date: Thu, 25 Jun 2009 09:52:50 +0300 From: "Sergey V. Dyatko" To: Scott Bennett Message-ID: <20090625095250.703f3ed9@tiger.minsk.domain> In-Reply-To: <20090625093752.5719bb39@tiger.minsk.domain> References: <200906250621.n5P6LJfC015754@mp.cs.niu.edu> <20090625093752.5719bb39@tiger.minsk.domain> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.2; i386-portbld-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit Cc: freebsd-ports@freebsd.org Subject: Re: next abort of perl upgrade encountered--linux-pango security problem :-( X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2009 06:53:05 -0000 В Thu, 25 Jun 2009 09:37:52 +0300 "Sergey V. Dyatko" пишет: SVD> В Thu, 25 Jun 2009 01:21:19 -0500 (CDT) SVD> Scott Bennett пишет: SVD> SVD> SB> The saga of failures in the perl upgrade continues with SVD> SB> the following: SVD> SB> SVD> SB> ===> linux-gtk2-2.6.10_3 depends on SVD> SB> file: /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 - not SVD> SB> found ===> Verifying install SVD> SB> for /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 SVD> SB> in /usr/ports/x11-toolkits/linux-pango ===> SVD> SB> linux-pango-1.10.2_3 has known vulnerabilities: => pango -- SVD> SB> integer overflow. Reference: SVD> SB> SVD> SB> => Please update your ports tree and try again. *** Error code SVD> SB> 1 SVD> [skipped] SVD> SB> SVD> SB> There doesn't seem to be a more recent version of the SVD> SB> x11-toolkits/linux-pango port available. What is the best way SVD> SB> to proceed? Will a "portmaster -fv x11-toolkits/linux-pango" SVD> SB> do the job for now? (I'm not too worried about the security SVD> SB> bug for the moment. Although I use mplayer to play files, SVD> SB> they don't generally involve .png files, and I don't use SVD> SB> mplayer to play streaming files.) Please copy me in on SVD> SB> responses, otherwise I won't see them till the next SVD> SB> freebsd-ports digest is sent out. Thanks! SVD> SB> SVD> SB> SVD> SB> Scott Bennett, Comm. ASMELG, SVD> SB> CFIAG SVD> 1) deinstall portaudit SVD> 2) upgrate all ports SVD> 3) install portaudit if you need it SVD> SVD> or SVD> SVD> 1)rm /var/db/portaudit/auditfile.tbz SVD> 2) upgrate all ports SVD> 3) portaudit -F SVD> or set environment variable DISABLE_VULNERABILITIES and upgrade port(s) -- wbr, tiger