Solved [Solved] Chromium multiple vulnerabilities upgrading port

D

drhowarddrfine

FreeBSD 9.2. I tried to upgrade my Chromium port today, as I do almost every week, and for the first time I got this.
Code: 
===>  chromium-33.0.1750.152_1 has known vulnerabilities:
chromium-33.0.1750.152_1 is vulnerable:
chromium -- multiple vulnerabilities
CVE: CVE-2014-1729
CVE: CVE-2014-1728
CVE: CVE-2014-1727
CVE: CVE-2014-1726
CVE: CVE-2014-1725
CVE: CVE-2014-1724
CVE: CVE-2014-1723
CVE: CVE-2014-1722
CVE: CVE-2014-1721
CVE: CVE-2014-1720
CVE: CVE-2014-1719
CVE: CVE-2014-1718
CVE: CVE-2014-1717
CVE: CVE-2014-1716
WWW: http://portaudit.FreeBSD.org/963413a5-bf50-11e3-a2d6-00262d5ed8ee.html
=> Please update your ports tree and try again.
*** [check-vulnerable] Error code 1

Stop in /usr/ports/www/chromium.
*** [stage] Error code 1
Googling aroundand searching here, and the mailing lists, I don't see the problem mentioned so I'm at a loss as to what's going on and what to do. Of course, I did as stated and updated my ports using portsnap fetch udpate.

In addition, now when I try to run Chromium, it won't start and reports:
Shared object "libfreetype.so.9" not found, required by "chrome"
Click to expand...

EDIT: So apparently I'm not alone after all: http://lists.freebsd.org/pipermail/free ... 91753.html
EDIT2: Since I had a problem with /usr/ports/UPDATING of 20140416 where freetype2 is specifically mentioned (that list failed during Chromium and I tried to reinstall everything else manually instead of using portmaster -r) I'm going to try that again and see what happens.
 
Re: Chromium multiple vulnerabilities when upgrading port

drhowarddrfine said:
EDIT2: Since I had a problem with /usr/ports/UPDATING of 20140416 where freetype2 is specifically mentioned (that list failed during Chromium and I tried to reinstall everything else manually instead of using portmaster -r) I'm going to try that again and see what happens.
Click to expand...
Since you updated print/freetype2, you will need to re-install www/chromium to get it working again. The update to print/freetype2 changed its library naming to conform with upstream and www/chromium must be re-installed to look for the renamed library libfreetype.so.6 instead of the previously named libfreetype.so.9.
 
Re: Chromium multiple vulnerabilities when upgrading port

Yes but I tried portmaster -r chromium and I get the freetype2 error mentioned above. I just noticed chromium isn't in the /usr/ports/distfiles anywhere for some reason.

EDIT: So now I'm thinking I should probably try this as portmaster -Rr or possibly portmaster -rf.
EDIT2: Neither of those reinstalls chromium. So I may just uninstall chromium after I find what extensions I used and back up my bookmarks. I really don't want to do that but ...
EDIT3: So uninstalling and reinstalling failed with the same error. I even did portmaster -f with no luck.
 
Re: Chromium multiple vulnerabilities when upgrading port

So now that I uninstalled chromium, I'm able to run all of the items mentioned in UPDATING. I did try to install chromium after doing three of them and it failed with the same problem in the first post. I'll try again libxml2 is finished.
 
Re: Chromium multiple vulnerabilities when upgrading port

If you want to build a port with known vulnerabilities, you need to define
Code: 
DISABLE_VULNERABILITIES
 
Re: Chromium multiple vulnerabilities when upgrading port

I don't think that's the problem. The problem didn't occur till I updated freetype2 as someone else did in my link to the mailing list.

Of course, I might be wrong, but, in all the years I've been running Chromium and other ports, I've never had to disable vulnerability checking.
 
Re: Chromium multiple vulnerabilities when upgrading port

Something that is needed to build Chrome is also missing that renamed library. Please install sysutils/bsdadminscripts and run pkg_libchk -qo. It will display the names of ports that need to be rebuilt because libraries are missing.
 
Re: Chromium multiple vulnerabilities when upgrading port

I may be past that point since pkg_libchk -qo didn't return anything.

Chromium is building now. I went ahead and reinstalled with DISABLE_VULNERABILITIES.

I wish I had remembered pkg_libchk.
 
You must log in or register to reply here.
Back
Top