Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FreeBSD portupgrade without port vulnerability check
Page 1 of 1

Author:  mandrei99 [ Thu Mar 18, 2010 6:12 am ]
Post subject:  FreeBSD portupgrade without port vulnerability check

Portupgrade, portinstall are two tools used to upgrade installed packages or install new ones via ports or packages systems.

man portupgrade:
portupgrade [-habcCDDefFiknNOpPPqrRsuvwWy] [-A command] [-B command]
[-l file] [-L format] [-S command] [-x pkgname_glob]
[[-o origin] [-m make_args] [-M make_env] pkgname_glob ...]

The portupgrade command is used to upgrade installed packages via ports
or packages. The portinstall command is equivalent to portupgrade -N.

Before reading these instructions, you must understand that a port/pack-
age can have the following two types of related ports/packages:
required Ports/packages that a port/package needs for it to be built
and/or run. Port Makefiles refer to this type of ports/pack-
ages using the BUILD_DEPENDS and RUN_DEPENDS macros, respec-
dependent Ports/packages that need this port/package.
--make-args Specify arguments to append to each make(1) com-
mand line.

In order to upgrade a package for which there is a vulnerability report (related to it's version), the DISABLE_VULNERABILITIES=yes make argument can be passed to portupgrade:

# portupgrade -m DISABLE_VULNERABILITIES=yes hackedftpd

A list of FreeBSD ports vulnerability reports can be found at VuXML project:

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group