updating ports and everything

hirohitosan · #1 December 10th, 2008, 12:35

Hi there. I came from Linux (Ubuntu) environment and there is very simple to update the system.

I read about updating the FreeBSD system and I'm a little confused. I installed portaudit and

Code:

# portaudit
Affected package: libxml2-2.6.30
Type of problem: libxml2 -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>                                                                   

Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>                                                                   

Affected package: libxml2-2.6.30
Type of problem: libxml2 -- two vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html>                                                                   

Affected package: python25-2.5.1_1
Type of problem: python -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/0dccaa28-7f3c-11dd-8de5-0030843d3802.html>                                                                   

Affected package: freetype2-2.3.5
Type of problem: FreeType 2 -- Multiple Vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/4fb43b2f-46a9-11dd-9d38-00163e000016.html>

Affected package: apache-2.2.6_2
Type of problem: apache -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/c84dc9ad-41f7-11dd-a4f9-00163e000016.html>

Affected package: xorg-server-1.4_4,1
Type of problem: xorg -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/800e8bd5-3acb-11dd-8842-001302a18722.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

Affected package: python25-2.5.1_1
Type of problem: python -- Integer Signedness Error in zlib Module.
Reference: <http://www.FreeBSD.org/ports/portaudit/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html>

Affected package: pcre-7.4
Type of problem: pcre -- buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/f9e96930-e6df-11dc-8c6a-00304881ac9a.html>

11 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

I installed cvsup. OK now what is the next step?
How to upgrade the ports collections and the system?

thanxs

VitalyMoiseev · #2 December 10th, 2008, 12:46

Quote:

Originally Posted by hirohitosan

How to upgrade the ports collections and the system?

thanxs

portsnap
http://www.freebsd.org/doc/en_US.ISO...-portsnap.html

fender0107401 · #3 December 10th, 2008, 14:46

It is a simple question, but to solve it you should know that is ports and ports tree.

read handbook chapter 4

sverreh · #4 December 10th, 2008, 17:01

I assume you have the ports collection installed. The first thing to do is to run portsnap. If you haven't done that before, do the following as root.

Code:

# portsnap fetch extract

This will update your ports tree. If you need to update it later, you simply run:

Code:

# portsnap fetch update

With your ports tree updated, I would recommend to install portmaster:

Code:

# cd /usr/ports/ports-mgmt/portmaster && make install clean

Now you can use portmaster to install the latest versions of your outdated programs. Let's take python25 as an example. First you locate it in the ports tree:

Code:

# cd /usr/ports
# make search name=python25
Port:   python25-2.5.2_3
Path:   /usr/ports/lang/python25
Info:   An interpreted object-oriented programming language
Maint:  python@FreeBSD.org
B-deps:
R-deps:
WWW:    http://www.python.org/

And then you update it:

Code:

# portmaster /usr/ports/lang/python25
===>>> Gathering distinfo list for installed ports

===>>> Currently installed version: python25-2.5.2_3
===>>> Port directory: /usr/ports/lang/python25
===>>> Gathering dependency list for lang/python25 from ports
===>>> No dependencies for lang/python25
===>>> Starting build for lang/python25 <<<===
...
...
#

If everything goes well (as it usually does

), your python25 is updated from version 2.5.1_1 to 2.5.2_3.

ProITex · #5 December 11th, 2008, 08:47

Thanks , very good howto

hirohitosan · #6 December 11th, 2008, 16:16

well I did all

# portsnap fetch update

I installed portmaster and go back to

Code:

# portaudit
Affected package: libxml2-2.6.30
Type of problem: libxml2 -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>                                                                   

Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>                                                                   

Affected package: libxml2-2.6.30
Type of problem: libxml2 -- two vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html>                                                                   

Affected package: python25-2.5.1_1
Type of problem: python -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/0dccaa28-7f3c-11dd-8de5-0030843d3802.html>

Affected package: freetype2-2.3.5
Type of problem: FreeType 2 -- Multiple Vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/4fb43b2f-46a9-11dd-9d38-00163e000016.html>

Affected package: apache-2.2.6_2
Type of problem: apache -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/c84dc9ad-41f7-11dd-a4f9-00163e000016.html>

Affected package: xorg-server-1.4_4,1
Type of problem: xorg -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/800e8bd5-3acb-11dd-8842-001302a18722.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

Affected package: python25-2.5.1_1
Type of problem: python -- Integer Signedness Error in zlib Module.
Reference: <http://www.FreeBSD.org/ports/portaudit/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html>

Affected package: pcre-7.4
Type of problem: pcre -- buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/f9e96930-e6df-11dc-8c6a-00304881ac9a.html>

11 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

**DutchDaemon** · #7 December 11th, 2008, 16:37

Did you actually upgrade your ports using portmaster? You updated your ports tree and you installed portmaster .. now combine the two ..

hirohitosan · #8 December 11th, 2008, 17:37

I started to update my packages with portmaster. It works fine with python but when it comes to xorg after lot of messages I was suggested to deinstall xorg. So I go to /usr/ports/x11/xorg and type deinslall. Now I want to reinstall back XServer. So I type reinstall to reinstall the port and then

how can install again X server?

after this I try again

Code:

# portaudit
Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

3 problem(s) in your installed packages found.

well what I have to do now to resolve these problems

thanks

bernux · #9 December 11th, 2008, 20:09

to know all your port which need update you should do :

portversion -v -l"<"

to upgrade all your port which need update :
portmaster -a
or
portupgrade -arR (if you use portupgrade)

Ole · #10 December 11th, 2008, 20:23

A good idea to add "-b" key for portupgrade. It makes backup of all packages in upgrading process. Location where store backup .tbz describing by PKG_BACKUP_DIR environment. Or sets in /usr/local/etc/pkgtools.conf by hands:

Quote:

ENV['PKG_BACKUP_DIR'] = '/var/pkgbackups'

sverreh · #11 December 11th, 2008, 21:32

Quote:

Originally Posted by hirohitosan

I started to update my packages with portmaster. It works fine with python but when it comes to xorg after lot of messages I was suggested to deinstall xorg. So I go to /usr/ports/x11/xorg and type deinslall. Now I want to reinstall back XServer. So I type reinstall to reinstall the port and then

how can install again X server?

I'm not quite sure what you did here.

Did you actually type "reinstall" and not "make reinstall"? And something seems yo be missing after "then":

Quote:

So I type reinstall to reinstall the port and then

how can install again X server?

What happened after "then"? Any error messages? Have you lost Xorg, or is it still working? I notice the vulnerability check does not mention xorg-server any more. Maybe things worked out allright? Try to run the command:

Code:

 # pkg_info -x xorg

This will tell you the status of all programs matching "xorg" that you have installed.

hirohitosan · #12 December 12th, 2008, 16:22

Quote:

Originally Posted by bernux

portversion -v -l"<"

if I try

Code:

# portversion -v -l"<"
portversion: Command not found.

Ole · #13 December 12th, 2008, 16:40

portversion command is part of portupgrade

/usr/ports/ports-mgmt/portupgrade

sverreh · #14 December 12th, 2008, 17:27

Quote:

Originally Posted by bernux

to know all your port which need update you should do :

portversion -v -l"<"

Or, since he already has installed portmaster:

Code:

 % portmaster -L  |less

This avoids updating and "fixing" portupgrade's database, which may sometimes cause quite a hassle. That was my main reason for switching to portmaster.

hirohitosan · #15 December 13th, 2008, 09:08

Quote:

Originally Posted by sverreh

Or, since he already has installed portmaster:

Code:

 % portmaster -L  |less

I tried

Code:

portmaster -L  |less

and after a very long list I got this message:

Code:

===>>> 572 total installed ports
        ===>>> 224 have new versions available

what can I say ... almost a half of packages has new version. There is a way to update all or I have to do by hand each of the package with
# portamster

I cannot update all?

sverreh · #16 December 13th, 2008, 10:04

Quote:

Originally Posted by hirohitosan

what can I say ... almost a half of packages has new version. There is a way to update all or I have to do by hand each of the package with
# portamster

I cannot update all?

Don't worry! You don't need to update a port just because a newer version is available. If a port has the functionality that you require, there is no need to update it unless it has vulnerabilities. portaudit will list those ports for you.

portmaster has the -a option to update all ports that have new versions. I have never tried that, and would not recommend it in your case. It may take several days!

P.S.: Here is the end of the output from # portmaster -L on my system:

Code:

===>>> 717 total installed ports
        ===>>> 188 have new versions available

And that system works fine!

hirohitosan · #17 December 13th, 2008, 12:43

After running many times portmaster finally I arrive at this:

Code:

portaudit
Affected package: ghostscript-gpl-8.60
Type of problem: ghostscript -- zseticcspace() function buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

# whereis ghostscript-gpl
ghostscript-gpl: /usr/ports/print/ghostscript-gpl
# portmaster /usr/ports/print/ghostscript-gpl
===>>> Currently installed version: ghostscript-gpl-8.60
===>>> Port directory: /usr/ports/print/ghostscript-gpl

.....

===>>> The 'make config' check found no dependencies to update

===>  Cleaning for ghostscript-gpl-8.60

NOTE: Type "make A4=yes" to use A4 paper size by default.
===>  ghostscript-gpl-8.60 has known vulnerabilities:
=> ghostscript -- zseticcspace() function buffer overflow vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/print/ghostscript-gpl.

===>>> make failed for print/ghostscript-gpl
===>>> Aborting update

Terminated

I assumed at this time I can live with just 1 problem.

BTW I don't have any printer attached to my comp. and I don't intend to add in the near future. Do I really need this package?
Can I deinstall ghostscript-gpl, or even ghostscript?

sverreh · #18 December 13th, 2008, 13:26

Quote:

Originally Posted by hirohitosan

BTW I don't have any printer attached to my comp. and I don't intend to add in the near future. Do I really need this package?
Can I deinstall ghostscript-gpl, or even ghostscript?

I don't think it is wise to delete it before you know if any other ports require it!

Code:

 % pkg_info -x ghostscript

Just follow the advice given in the error message:

Quote:

=> Please update your ports tree and try again.

hirohitosan · #19 December 13th, 2008, 18:30

sorry but update ports tree means?

Code:

# portsnap fetch extract
# portsnap fetch update

because I did that and after trying:

Code:

portmaster /usr/ports/print/ghostscript-gpl
===>>> The 'make config' check found no dependencies to update
===>  ghostscript-gpl-8.60 has known vulnerabilities:
=> ghostscript -- zseticcspace() function buffer overflow vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/print/ghostscript-gpl.

and

Code:

# pkg_info -x ghostscript-gpl
Comment:
GPL Postscript interpreter

Required by:
evince-2.20.1
gnome2-2.20.1

Description:
Ghostscript is the well-known PostScript interpreter which is available for
all common and most esoteric platforms and supports many different printers
and some displays....

as I understood is required for printers

sverreh · #20 December 13th, 2008, 19:36

This is a bit mysterious! I updated my ports tree some hours ago, and it shows that the ghostscript-gpl port has been moved to /usr/ports/print/ghostscript8, and the version there is ghostscript8-8.63. So maybe your ports tree was not updated after all. The command you gave is correct: portsnap fetch update. (The extract is only necessary the very first time you use portsnap.)

Could you post the output of:

Code:

# cd /usr/ports &&  make quicksearch name=ghostscript-gpl

Mine is:

Code:

 # cd /usr/ports && make quicksearch name=ghostscript-gpl
Port:   print/ghostscript-gpl
Moved:  print/ghostscript8
Date:   2008-09-05
Reason: Renamed for better naming

Port:   print/ghostscript-gpl-nox11
Moved:  print/ghostscript8-nox11
Date:   2008-09-05
Reason: Renamed for better naming

 #

and yours ought to be identical if we both have an updated ports tree.

hirohitosan · #21 December 13th, 2008, 20:06

mine is same as I see

Code:

# cd /usr/ports &&  make quicksearch name=ghostscript-gpl
Port:   print/ghostscript-gpl
Moved:  print/ghostscript8
Date:   2008-09-05
Reason: Renamed for better naming

Port:   print/ghostscript-gpl-nox11
Moved:  print/ghostscript8-nox11
Date:   2008-09-05
Reason: Renamed for better naming

so can I try portmaster /usr/ports/print/ghostscript8
and after

Code:

===>>> Done displaying pkg-message files
===>>> Installation of print/ghostscript8 (ghostscript8-8.63) complete

I tried again

Code:

portaudit
Affected package: ghostscript-gpl-8.60
Type of problem: ghostscript -- zseticcspace() function buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

sverreh · #22 December 13th, 2008, 21:31

Congratulations, you now have the newest version of ghostscript8!
The only problem is that evince and gnome (in your installation) depend upon ghostscript-gpl, and if you delete it something may break.

You could probably fix that by making a softlink from ghostscript-gpl-8.60 to ghostscript8-8.63 after you have deleted ghostscript-gpl-8.60. Not sure!

Probably the best thing to do is to delete ghostscript-gpl-8.60 and then update gnome and evince:

Code:

# pkg_delete -f ghostscript-gpl-8.60
# portmaster /usr/ports/x11/gnome2
# portmaster /usr/ports/graphics/evince

The new versions of gnome and evince both require ghostscript8-8.63, which you already have.

I don't have gnome, but I think it can quite some time to install the new version. Be warned!

And good luck!

hirohitosan · #23 December 14th, 2008, 09:11

portmaster /usr/ports/x11/gnome2 gives me:

Code:

===>>> Port directory: /usr/ports/sysutils/fusefs-kmod
        ===>>> This port is marked IGNORE
        ===>>> requires the userland sources to be installed. Set SRC_BASE if it is not in /usr/src

        ===>>> If you are sure you can build it, remove the
               IGNORE line in the Makefile and try again.

===>>> Update for /usr/ports/sysutils/fusefs-kmod failed
===>>> Aborting update

===>>> Update for /usr/ports/devel/gvfs failed
===>>> Aborting update

===>>> Update for libgnomeui-2.20.1.1 failed
===>>> Aborting update

===>>> Update for dasher-4.6.1,1 failed
===>>> Aborting update

I suppose that I need to install something else ...
The same message I have after

Code:

portmaster /usr/ports/graphics/evince
===>>> Port directory: /usr/ports/sysutils/fusefs-kmod
        ===>>> This port is marked IGNORE
        ===>>> requires the userland sources to be installed. Set SRC_BASE if it is not in /usr/src

        ===>>> If you are sure you can build it, remove the
               IGNORE line in the Makefile and try again.

===>>> Update for /usr/ports/sysutils/fusefs-kmod failed
===>>> Aborting update

===>>> Update for /usr/ports/devel/gvfs failed
===>>> Aborting update

I don't have nothing in /usr/src

Code:

# ls -al /usr/src/
total 4
drwxr-xr-x   2 root  wheel  512 Feb 24  2008 .
drwxr-xr-x  17 root  wheel  512 Dec  9 10:02 ..

do I need something to install? the kernel sources or something like that?

sverreh · #24 December 14th, 2008, 23:42

Searching this forum gives this link:

http://forums.freebsd.org/showthread.php?p=4184

Remember: it is always smart to search the forum before you ask!

I hope this link will help you.

**trasz@** · #25 December 16th, 2008, 10:55

What I used to do on my workstation is this:

portsnap fetch update
BATCH=1 portupgrade -akO

'BATCH=1' makes portupgrade not display 'make config' dialogs. '-akO' means 'upgrade everything you can and don't stop on errors'.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
updating src via proxy ?	mgp	Installing & Upgrading	11	January 28th, 2009 19:41
FreeBSD updating	franz	Installing & Upgrading	14	January 7th, 2009 15:49

The Following User Says Thank You to sverreh For This Useful Post:
hirohitosan (December 11th, 2008)

The Following User Says Thank You to sverreh For This Useful Post:
hirohitosan (December 13th, 2008)

The Following User Says Thank You to trasz@ For This Useful Post:
hirohitosan (December 16th, 2008)