can't install Apache22 using ports

[tvs]

Hi,

I'm trying to install Apache22 using ports in FreeBSD 10 and I got this error:

/usr/ports/www/apache22 # make install
apache22-2.2.26 has known vulnerabilities:
apache22-2.2.26 is vulnerable:
apache -- several vulnerabilities
CVE: CVE-2013-6438
CVE: CVE-2014-0098
WWW: http://portaudit.FreeBSD.org/91ecb546-b1e6-11e3-980f-20cf30e32f6d.html
=> Please update your ports tree and try again.
*** Error code 1

I did portsnap fetch update and then tried again but it doesn't seem to help (I got the same error). Is there anything else I should do in order to install Apache22?

Thanks in advance for any help!

 

[archan127]

According to http://www.freshports.org, www/apache22 is listed as vulnerable. The maintainer has not patched the security vulnerabilies yet. If you really need the port to be installed on your computer, you can use

DISABLE_VULNERABILITIES=yes

However, I would not recommend or endorse that unless you clearly understand the security implications of doing so.

Also, I have found that if FreeBSD 10 misses the daily 3 am maintenance, you may have to manually update the pkg audit database by using pkg audit -F to update the database. It seems portsnap fetch doesn't update that automatically. (I found that out trying to update python33).

 

[kpa]

That's not surprising that the vulnerability DB isn't updated by portsnap(8) because it isn't designed to deal with the vulnerabilty DB at all. That's why there is a separate periodic(8) job that runs pkg-audit(8).

firewall ~ % ls -l /usr/local/etc/periodic/security/410.pkg-audit 
-r-xr-xr-x  1 root  wheel  2654 Mar 16 03:45 /usr/local/etc/periodic/security/410.pkg-audit

 

[pez]

it should work now if you update your ports.

 

[tvs]

Thank you everybody for your help!