Solved [SOLVED] textproc/htmldoc: port is not updated

R

rsattler

The version of htmldoc on my FreeBSD 10.0-RELEASE system has a security vulnerability and I want to update it. According to the maintainer of the package, it was updated Jan 6, 2014. Unfortunately, running the command portsnap fetch update does not get the update, as I still have version htmldoc_1.8.27 in the ports database. The current version that resolves the security vulnerabilities is htmldoc_1.8.28.

Code: 
===>  htmldoc-1.8.27_7 has known vulnerabilities:
htmldoc-1.8.27_7 is vulnerable:
HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes
WWW: http://portaudit.FreeBSD.org/6d08fa63-83bf-11e3-bdba-080027ef73ec.html
=> Please update your ports tree and try again.
I have tried running the command portupgrade and portmaster htmldoc and that doesn't work either. Is there a way to force the system to download the port that I just haven't used yet? Or should I just download it via the maintainer's website?

Thank you,
Rick

Edit: added code for vulnerability message
 
Re: textproc/htmldoc: port is not updated, security issue

Hi Rick,

I've just stumbled accross the same issue which prevents me from installing packages that depend on textproc/htmldoc. After a quick search I've found this portmaster option to disable autit checks: -m DISABLE_VULNERABILITIES=yes. The original reference is http://makandracards.com/jan0sch/15965-freebsd-portmaster-disable-portaudit-check. This helps me to finish installation until there ist an update of textproc/htmldoc.

Regards,
Peter
 
Re: textproc/htmldoc: port is not updated, security issue

Hi Peter,

Thanks for the information. I will put that in my "bag of tricks" when I run into the issue in the future.

I still need to determine how to resolve this issue on my system though, I try to prevent any known security issues on my system

Thanks again,
Rick
 
Re: textproc/htmldoc: port is not updated, security issue

Solved as of Jan 31, 2014 - port database is updated.
 
You must log in or register to reply here.
Back
Top