Re: Forcing a portupgrade?

[Paul Schmehl <pauls_(_at_)_utdallas_(_dot_)_edu>]

--On Tuesday, February 13, 2007 16:25:23 -0600 Chris <racerx_(_at_)_makeworld_(_dot_)_com> 
wrote:

> Bob wrote:
> > # portupgrade mozilla
> > --->  Upgrading 'mozilla-1.7.12_5,2' to
> > 'mozilla-1.7.13_2,2' (www/mozilla)
> >
> > [...]
> >
> > ===>  mozilla-1.7.13_2,2 has known vulnerabilities:
> > => mozilla -- multiple vulnerabilities.
> >    Reference:
> > <http://www.FreeBSD.org/ports/portaudit/e6296105-449b-11db-ba89-000c6ec7
> > 75d9.html> => mozilla -- multiple vulnerabilities. Reference:
> > <http://www.FreeBSD.org/ports/portaudit/e2a92664-1d60-11db-88cf-000c6ec7
> > 75d9.html> => Please update your ports tree and try again. *** Error
> > code 1
> >
> > My ports tree IS up to date, and I have a copy of mozilla-1.7.13_2,2
> > in /usr/ports/distfiles, but obviously there is no current fix for the
> > vulnerability(s). I would still like to upgrade Mozilla to 1.7.13_2,2.
> > Is there a way to force the upgrade despite the port-vulnerability stop?
> >
> > Bob
>
> An easy fix - remove the database portaudit uses. Loog somewhere in
> /var/db ....
>
> Then rerun your portupgrade

Yikes!  That's a bit drastic.  What's wrong with make 
DISABLE_VULNERABILITIES install?

Paul Schmehl (pauls_(_at_)_utdallas_(_dot_)_edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/