Hello world!,
I tried to install kdenlive on my FreeBSD 12.0 but it failed at installing gstreamer-ffmpeg-0.10.13_6 because it seems gstreamer-ffmpeg is vulnerable. Tried to rerun the command and I got this:
Is it possible to fix this in a secure way? without vulnerabilities? or I should wait for a fix by developers?
and is it possible to remove all the installed packages, installed during failed kdenlive port installation?
Thank you very much for your support
I tried to install kdenlive on my FreeBSD 12.0 but it failed at installing gstreamer-ffmpeg-0.10.13_6 because it seems gstreamer-ffmpeg is vulnerable. Tried to rerun the command and I got this:
Code:
root@freebsd:/usr/ports/multimedia/kdenlive # cd /usr/ports/multimedia/kdenlive/ && make install clean
===> kdenlive-18.12.1_1 depends on file: /usr/local/include/linux/input.h - found
===> kdenlive-18.12.1_1 depends on file: /usr/local/include/linux/videodev2.h - found
===> kdenlive-18.12.1_1 depends on file: /usr/local/bin/cmake - found
===> kdenlive-18.12.1_1 depends on executable: ninja - found
===> kdenlive-18.12.1_1 depends on executable: update-desktop-database - found
===> kdenlive-18.12.1_1 depends on executable: msgfmt - found
===> kdenlive-18.12.1_1 depends on package: pkgconf>=1.3.0_1 - found
===> kdenlive-18.12.1_1 depends on executable: update-mime-database - found
===> kdenlive-18.12.1_1 depends on file: /usr/local/share/ECM/cmake/ECMConfig.cmake - found
===> kdenlive-18.12.1_1 depends on file: /usr/local/bin/kbuildsycoca5 - found
===> kdenlive-18.12.1_1 depends on package: xorgproto>=0 - found
===> kdenlive-18.12.1_1 depends on package: xorgproto>=0 - found
===> kdenlive-18.12.1_1 depends on file: /usr/local/libdata/pkgconfig/x11.pc - found
===> kdenlive-18.12.1_1 depends on file: /usr/local/lib/qt5/bin/moc - found
===> kdenlive-18.12.1_1 depends on file: /usr/local/lib/qt5/bin/qmake - found
===> kdenlive-18.12.1_1 depends on shared library: libmlt.so - not found
===> mlt-6.12.0_2 depends on file: /usr/local/include/frei0r.h - found
===> mlt-6.12.0_2 depends on file: /usr/local/bin/sdl-config - found
===> mlt-6.12.0_2 depends on file: /usr/local/libdata/pkgconfig/eigen3.pc - found
===> mlt-6.12.0_2 depends on executable: gmake - found
===> mlt-6.12.0_2 depends on package: pkgconf>=1.3.0_1 - found
===> mlt-6.12.0_2 depends on package: libiconv>=1.14_11 - found
===> mlt-6.12.0_2 depends on package: xorgproto>=0 - found
===> mlt-6.12.0_2 depends on package: xorgproto>=0 - found
===> mlt-6.12.0_2 depends on file: /usr/local/libdata/pkgconfig/x11.pc - found
===> mlt-6.12.0_2 depends on shared library: libfftw3.so - found (/usr/local/lib/libfftw3.so)
===> mlt-6.12.0_2 depends on shared library: libavformat.so - found (/usr/local/lib/libavformat.so)
===> mlt-6.12.0_2 depends on shared library: libexif.so - found (/usr/local/lib/libexif.so)
===> mlt-6.12.0_2 depends on shared library: libfontconfig.so - found (/usr/local/lib/libfontconfig.so)
===> mlt-6.12.0_2 depends on shared library: libepoxy.so - found (/usr/local/lib/libepoxy.so)
===> mlt-6.12.0_2 depends on shared library: libmovit.so - found (/usr/local/lib/libmovit.so)
===> mlt-6.12.0_2 depends on shared library: libsamplerate.so - found (/usr/local/lib/libsamplerate.so)
===> mlt-6.12.0_2 depends on shared library: libsox.so - found (/usr/local/lib/libsox.so)
===> mlt-6.12.0_2 depends on shared library: libswfdec-0.8.so - not found
===> swfdec-0.8.4_6 depends on package: pkgconf>=1.3.0_1 - found
===> swfdec-0.8.4_6 depends on package: gstreamer-ffmpeg>=0.10.0 - not found
===> gstreamer-ffmpeg-0.10.13_6 has known vulnerabilities:
gstreamer-ffmpeg-0.10.13_6 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8663
CVE: CVE-2015-8662
WWW: https://vuxml.FreeBSD.org/freebsd/4bae544d-06a3-4352-938c-b3bcbca89298.html
gstreamer-ffmpeg-0.10.13_6 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8365
CVE: CVE-2015-8364
CVE: CVE-2015-8363
CVE: CVE-2015-8219
CVE: CVE-2015-8218
CVE: CVE-2015-8217
CVE: CVE-2015-8216
CVE: CVE-2015-6761
WWW: https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html
gstreamer-ffmpeg-0.10.13_6 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-6826
CVE: CVE-2015-6825
CVE: CVE-2015-6824
CVE: CVE-2015-6823
CVE: CVE-2015-6822
CVE: CVE-2015-6821
CVE: CVE-2015-6820
CVE: CVE-2015-6819
CVE: CVE-2015-6818
WWW: https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html
1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make[7]: stopped in /usr/ports/multimedia/gstreamer-ffmpeg
*** Error code 1
Stop.
make[6]: stopped in /usr/ports/multimedia/gstreamer-ffmpeg
*** Error code 1
Stop.
make[5]: stopped in /usr/ports/graphics/swfdec
*** Error code 1
Stop.
make[4]: stopped in /usr/ports/graphics/swfdec
*** Error code 1
Stop.
make[3]: stopped in /usr/ports/multimedia/mlt
*** Error code 1
Stop.
make[2]: stopped in /usr/ports/multimedia/mlt
*** Error code 1
Stop.
make[1]: stopped in /usr/ports/multimedia/kdenlive
*** Error code 1
Stop.
make: stopped in /usr/ports/multimedia/kdenlive
root@freebsd:/usr/ports/multimedia/kdenlive #
and is it possible to remove all the installed packages, installed during failed kdenlive port installation?
Thank you very much for your support