Date: Fri, 25 Jul 2014 21:08:39 -0700 (PDT) From: Beeblebrox <zaphod@berentweb.com> To: freebsd-ports@freebsd.org Subject: Re: Merging several branches with ports tree Message-ID: <20140726070745.49c3dd3b@rsbsd.rsb> In-Reply-To: <53D2BF9A.7030702@gmx.de> References: <1406297591500-5931719.post@n5.nabble.com> <53D2BF9A.7030702@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> Perhaps ports-mgmt/portshaker is a possible tool. I like portshaker and I have tried it. For gnome3 / marcuscom it resulted in some strange ports errors so I was forced to revert back to the marcusmerge script. Perhaps I could have a process where the scripts are chained. 1. portshaker -UM for ports tree only 2. marcusmerge for gnome3 3. rsync linux-c6 & my-pc I'll look into this idea... > With the line in make.conf there is no need to patch bsd.port.mk for > own $CAT VALID_CATEGORIES+=foo bar > > Use .sinclude instead .include for own Makefile extensions, then > there is no issue in case the file is missing. I'm not sure I understand this - .sinclude should be specified where / in which file? Regards. -- FreeBSD_amd64_11-Current_RadeonKMS ----- FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS -- View this message in context: http://freebsd.1045724.n5.nabble.com/Merging-several-branches-with-ports-tree-tp5931719p5931863.html Sent from the freebsd-ports mailing list archive at Nabble.com. From owner-freebsd-ports@FreeBSD.ORG Sat Jul 26 04:16:46 2014 Return-Path: <owner-freebsd-ports@FreeBSD.ORG> Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BBF3EAB6 for <freebsd-ports@freebsd.org>; Sat, 26 Jul 2014 04:16:46 +0000 (UTC) Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com [IPv6:2607:f8b0:400e:c02::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 915DB20B7 for <freebsd-ports@freebsd.org>; Sat, 26 Jul 2014 04:16:46 +0000 (UTC) Received: by mail-pd0-f181.google.com with SMTP id g10so6602967pdj.26 for <freebsd-ports@freebsd.org>; Fri, 25 Jul 2014 21:16:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=mdVFuIfRZV9/5gb8Rxn1zmNY3Lyb6JgZHUA3nC5Hods=; b=E15Q+6Ev1cp78uS3D+cqs3YR2T7OwAn3TdHMtTx38slw0KOzDIgLoZct7ZIWkbQKYJ l4080Xv/xxhWgXzsPM3d00pzkXICX4rqucUgn/F7fLfDhH6aB4embXYwAZv8xjXbGced 2tYrzgm3HzvnSSuc9m463szBdRO37Diz9gomUcmjL4ROZrUJNbXBD0pGhq1CeSgWsDOz 0Xkh1OYTlbRdOL8SE9RL8Zzp9W+qF+Ggh57u72nknrV1jXTd9QvH6Bv6igCy+mCxZl53 A10voiXV8O2xNrZhnEbxCZiCyBseaXPcZISuge++1py6fVB8k2n+vQe1t0uZIDKNrxTm faMQ== MIME-Version: 1.0 X-Received: by 10.70.134.193 with SMTP id pm1mr23081962pdb.117.1406348206076; Fri, 25 Jul 2014 21:16:46 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.66.88.227 with HTTP; Fri, 25 Jul 2014 21:16:46 -0700 (PDT) In-Reply-To: <20140725124504.GD34525@albert.catwhisker.org> References: <20140725124504.GD34525@albert.catwhisker.org> Date: Fri, 25 Jul 2014 21:16:46 -0700 X-Google-Sender-Auth: pVhlJ3SX69KbOTU8MMEQmCHHyaM Message-ID: <CAN6yY1tddaShE0uferKLOyPuLO12GPfftKODPQvFTbr12GjSjA@mail.gmail.com> Subject: Re: www/firefox vs. vulnerabilities vs. libevent --> libevent2 From: Kevin Oberman <rkoberman@gmail.com> To: David Wolfskill <david@catwhisker.org> Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>, <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/> List-Post: <mailto:freebsd-ports@freebsd.org> List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>, <mailto:freebsd-ports-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 26 Jul 2014 04:16:46 -0000 On Fri, Jul 25, 2014 at 5:45 AM, David Wolfskill <david@catwhisker.org> wrote: > /usr/ports is a working copy of head@r362876; during my daily portmaster > run to update all installed ports on my laptop, I see that libevent1 is > now replaced by libevent2. > > Apparently www/firefox had been linked against libevent, so portmaster > tries to update www/firefox (after having updated several other ports). > > That process terminates rather abrutly, however: > > ===>>> All >> firefox-30.0_1,1 (12/15) > 0;portmaster: All >> firefox-30.0_1,1 (12/15)^G > ===> Cleaning for firefox-30.0_2,1 > ===> firefox-30.0_2,1 has known vulnerabilities: > firefox-30.0_2,1 is vulnerable: > mozilla -- multiple vulnerabilities > CVE: CVE-2014-1561 > CVE: CVE-2014-1560 > CVE: CVE-2014-1559 > CVE: CVE-2014-1558 > CVE: CVE-2014-1557 > CVE: CVE-2014-1556 > CVE: CVE-2014-1555 > CVE: CVE-2014-1552 > CVE: CVE-2014-1551 > CVE: CVE-2014-1550 > CVE: CVE-2014-1549 > CVE: CVE-2014-1548 > CVE: CVE-2014-1547 > CVE: CVE-2014-1544 > WWW: > http://portaudit.FreeBSD.org/978b0f76-122d-11e4-afe3-bc5ff4fb5e7b.html > > 1 problem(s) in the installed packages found. > => Please update your ports tree and try again. > => Note: Vulnerable ports are marked as such even if there is no update > available. > => If you wish to ignore this vulnerability rebuild with 'make > DISABLE_VULNERABILITIES=yes' > *** [check-vulnerable] Error code 1 > > Stop in /common/ports/www/firefox. > *** [build] Error code 1 > > Stop in /common/ports/www/firefox. > > ===>>> make build failed for www/firefox > ===>>> Aborting update > > > As a reality check, I did take a quick look at > <http://docs.freebsd.org/mail/current/svn-ports-head.html> to see > if, perchance, there were commits to www/firefox to address those > reported vulnerabilities since r362876, but the most recent commit > I see there now is r362887 -- and none of the commits since r362876 > is about/for www/firefox (or anything related, AFAICT). > > So I'm left wondering how this is actually useful: I'm left with a copy > of firefox installed (more or less) that has known vulnerabilities and > is broken (since it's still linked against a library that no longer > exists). At least I was able to use a copy of firefox on a machine I > haven't started to upgrade yet (so I could refer to the cited Web > page(s)). > > Since I'm disinclined to globally disable all vulnerability checking, > I'm proceeding with updates to the ports that portmaster hadn't yet got > to first, before (temporarily) disabling the checks so I can have a > working graphical Web browser with which I'm familiar again. > > Which reminds me: the cited directive re. the libevent change (in > UPDATING): "pkg delete libevent" also deleted sysutils/tmux, so the > subsequent "portmaster -ad" had no clue that tmux was supposed to be > rebuilt. I was able to re-install it manually, but I mention this in > case it helps someone else. > > (Ugh. It appears that the "portmaster -aF" that I ran earlier this > morning didn't actually fetch the firefox-30.0.source.tar.bz2... wait > up; that should have been there already. Making me wait while that's > re-fetched is ... not good: I'm trying to get this laptop updated before > I go in to work this morning.... OK; I found a local copy on another > machine.) > > Peace, > david > -- > David H. Wolfskill david@catwhisker.org > Taliban: Evil cowards with guns afraid of truth from a 14-year old girl. > > See http://www.catwhisker.org/~david/publickey.gpg for my public key. > David, Since the old firefox was vulnerable and we don't have a port of Firefox 31 yet, the best choice seems to be to install the new, libevent2 version (_2) with DISABLE_VULNERABILITIES defined so that it will still install. Obviously, you just set DISABLE_VULNERABILITIES for the firefox build and then unset it. Not ideal, but the only available work around. Also, the solver in pkg will re-install all dependent ports when a port is deleted. (It does ask first.) I just note the "extra" deleted ports and re-install. But I do wish we had had a hears-up on this as I lost gnuplot yesterday for quite a while which rather seriously impacted my web pages as new graphs were not being generated. After that first system, I was smarter, but there really needs to be a BIG warning in UPDATING and when pkg delete deletes dependent packages. There ought to be a better way, but -o does not help as libevent2 already existed. This one is VERY user unfriendly! -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140726070745.49c3dd3b>