updating ports and everything

Hi there. I came from Linux (Ubuntu) environment and there is very simple to update the system.

I read about updating the FreeBSD system and I'm a little confused. I installed portaudit and
Code:
# portaudit
Affected package: libxml2-2.6.30
Type of problem: libxml2 -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>                                                                   

Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>                                                                   

Affected package: libxml2-2.6.30
Type of problem: libxml2 -- two vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html>                                                                   

Affected package: python25-2.5.1_1
Type of problem: python -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/0dccaa28-7f3c-11dd-8de5-0030843d3802.html>                                                                   

Affected package: freetype2-2.3.5
Type of problem: FreeType 2 -- Multiple Vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/4fb43b2f-46a9-11dd-9d38-00163e000016.html>

Affected package: apache-2.2.6_2
Type of problem: apache -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/c84dc9ad-41f7-11dd-a4f9-00163e000016.html>

Affected package: xorg-server-1.4_4,1
Type of problem: xorg -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/800e8bd5-3acb-11dd-8842-001302a18722.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

Affected package: python25-2.5.1_1
Type of problem: python -- Integer Signedness Error in zlib Module.
Reference: <http://www.FreeBSD.org/ports/portaudit/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html>

Affected package: pcre-7.4
Type of problem: pcre -- buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/f9e96930-e6df-11dc-8c6a-00304881ac9a.html>

11 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

I installed cvsup. OK now what is the next step?
How to upgrade the ports collections and the system?

thanxs
 
I assume you have the ports collection installed. The first thing to do is to run portsnap. If you haven't done that before, do the following as root.

Code:
# portsnap fetch extract

This will update your ports tree. If you need to update it later, you simply run:

Code:
# portsnap fetch update

With your ports tree updated, I would recommend to install portmaster:

Code:
# cd /usr/ports/ports-mgmt/portmaster && make install clean

Now you can use portmaster to install the latest versions of your outdated programs. Let's take python25 as an example. First you locate it in the ports tree:

Code:
# cd /usr/ports
# make search name=python25
Port:   python25-2.5.2_3
Path:   /usr/ports/lang/python25
Info:   An interpreted object-oriented programming language
Maint:  python@FreeBSD.org
B-deps:
R-deps:
WWW:    http://www.python.org/

And then you update it:

Code:
# portmaster /usr/ports/lang/python25
===>>> Gathering distinfo list for installed ports

===>>> Currently installed version: python25-2.5.2_3
===>>> Port directory: /usr/ports/lang/python25
===>>> Gathering dependency list for lang/python25 from ports
===>>> No dependencies for lang/python25
===>>> Starting build for lang/python25 <<<===
...
...
#

If everything goes well (as it usually does :e), your python25 is updated from version 2.5.1_1 to 2.5.2_3.
 
well I did all

# portsnap fetch update

I installed portmaster and go back to
Code:
# portaudit
Affected package: libxml2-2.6.30
Type of problem: libxml2 -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>                                                                   

Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>                                                                   

Affected package: libxml2-2.6.30
Type of problem: libxml2 -- two vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html>                                                                   

Affected package: python25-2.5.1_1
Type of problem: python -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/0dccaa28-7f3c-11dd-8de5-0030843d3802.html>

Affected package: freetype2-2.3.5
Type of problem: FreeType 2 -- Multiple Vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/4fb43b2f-46a9-11dd-9d38-00163e000016.html>

Affected package: apache-2.2.6_2
Type of problem: apache -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/c84dc9ad-41f7-11dd-a4f9-00163e000016.html>

Affected package: xorg-server-1.4_4,1
Type of problem: xorg -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/800e8bd5-3acb-11dd-8842-001302a18722.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

Affected package: python25-2.5.1_1
Type of problem: python -- Integer Signedness Error in zlib Module.
Reference: <http://www.FreeBSD.org/ports/portaudit/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html>

Affected package: pcre-7.4
Type of problem: pcre -- buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/f9e96930-e6df-11dc-8c6a-00304881ac9a.html>

11 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
 
Did you actually upgrade your ports using portmaster? You updated your ports tree and you installed portmaster .. now combine the two ..
 
I started to update my packages with portmaster. It works fine with python but when it comes to xorg after lot of messages I was suggested to deinstall xorg. So I go to /usr/ports/x11/xorg and type deinslall. Now I want to reinstall back XServer. So I type reinstall to reinstall the port and then

how can install again X server?

after this I try again
Code:
# portaudit
Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

3 problem(s) in your installed packages found.

well what I have to do now to resolve these problems

thanks
 
to know all your port which need update you should do :

portversion -v -l"<"

to upgrade all your port which need update :
portmaster -a
or
portupgrade -arR (if you use portupgrade)
 
A good idea to add "-b" key for portupgrade. It makes backup of all packages in upgrading process. Location where store backup .tbz describing by PKG_BACKUP_DIR environment. Or sets in /usr/local/etc/pkgtools.conf by hands:
ENV['PKG_BACKUP_DIR'] = '/var/pkgbackups'
 
hirohitosan said:
I started to update my packages with portmaster. It works fine with python but when it comes to xorg after lot of messages I was suggested to deinstall xorg. So I go to /usr/ports/x11/xorg and type deinslall. Now I want to reinstall back XServer. So I type reinstall to reinstall the port and then

how can install again X server?

I'm not quite sure what you did here.:q Did you actually type "reinstall" and not "make reinstall"? And something seems yo be missing after "then":

So I type reinstall to reinstall the port and then

how can install again X server?

What happened after "then"? Any error messages? Have you lost Xorg, or is it still working? I notice the vulnerability check does not mention xorg-server any more. Maybe things worked out allright? Try to run the command:

Code:
 # pkg_info -x xorg

This will tell you the status of all programs matching "xorg" that you have installed.
 
bernux said:
to know all your port which need update you should do :

portversion -v -l"<"

Or, since he already has installed portmaster:
Code:
 % portmaster -L  |less

This avoids updating and "fixing" portupgrade's database, which may sometimes cause quite a hassle. That was my main reason for switching to portmaster.
 
sverreh said:
Or, since he already has installed portmaster:
Code:
 % portmaster -L  |less
I tried

Code:
portmaster -L  |less

and after a very long list I got this message:
Code:
===>>> 572 total installed ports
        ===>>> 224 have new versions available
what can I say ... almost a half of packages has new version. There is a way to update all or I have to do by hand each of the package with
# portamster

I cannot update all?
 
hirohitosan said:
what can I say ... almost a half of packages has new version. There is a way to update all or I have to do by hand each of the package with
# portamster

I cannot update all?

Don't worry! You don't need to update a port just because a newer version is available. If a port has the functionality that you require, there is no need to update it unless it has vulnerabilities. portaudit will list those ports for you.

portmaster has the -a option to update all ports that have new versions. I have never tried that, and would not recommend it in your case. It may take several days!

P.S.: Here is the end of the output from # portmaster -L on my system:
Code:
===>>> 717 total installed ports
        ===>>> 188 have new versions available
And that system works fine! :)
 
After running many times portmaster finally I arrive at this:
Code:
portaudit
Affected package: ghostscript-gpl-8.60
Type of problem: ghostscript -- zseticcspace() function buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

# whereis ghostscript-gpl
ghostscript-gpl: /usr/ports/print/ghostscript-gpl
# portmaster /usr/ports/print/ghostscript-gpl
===>>> Currently installed version: ghostscript-gpl-8.60
===>>> Port directory: /usr/ports/print/ghostscript-gpl

.....

===>>> The 'make config' check found no dependencies to update

===>  Cleaning for ghostscript-gpl-8.60

NOTE: Type "make A4=yes" to use A4 paper size by default.
===>  ghostscript-gpl-8.60 has known vulnerabilities:
=> ghostscript -- zseticcspace() function buffer overflow vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/print/ghostscript-gpl.

===>>> make failed for print/ghostscript-gpl
===>>> Aborting update

Terminated
I assumed at this time I can live with just 1 problem.

BTW I don't have any printer attached to my comp. and I don't intend to add in the near future. Do I really need this package?
Can I deinstall ghostscript-gpl, or even ghostscript?
 
hirohitosan said:
BTW I don't have any printer attached to my comp. and I don't intend to add in the near future. Do I really need this package?
Can I deinstall ghostscript-gpl, or even ghostscript?

I don't think it is wise to delete it before you know if any other ports require it!
Code:
 % pkg_info -x ghostscript

Just follow the advice given in the error message:
=> Please update your ports tree and try again.
 
sorry but update ports tree means?

Code:
# portsnap fetch extract
# portsnap fetch update

because I did that and after trying:

Code:
portmaster /usr/ports/print/ghostscript-gpl
===>>> The 'make config' check found no dependencies to update
===>  ghostscript-gpl-8.60 has known vulnerabilities:
=> ghostscript -- zseticcspace() function buffer overflow vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/print/ghostscript-gpl.

and
Code:
# pkg_info -x ghostscript-gpl
Comment:
GPL Postscript interpreter

Required by:
evince-2.20.1
gnome2-2.20.1

Description:
Ghostscript is the well-known PostScript interpreter which is available for
all common and most esoteric platforms and supports many different printers
and some displays....
as I understood is required for printers
 
This is a bit mysterious! I updated my ports tree some hours ago, and it shows that the ghostscript-gpl port has been moved to /usr/ports/print/ghostscript8, and the version there is ghostscript8-8.63. So maybe your ports tree was not updated after all. The command you gave is correct: portsnap fetch update. (The extract is only necessary the very first time you use portsnap.)

Could you post the output of:
Code:
# cd /usr/ports &&  make quicksearch name=ghostscript-gpl

Mine is:
Code:
 # cd /usr/ports && make quicksearch name=ghostscript-gpl
Port:   print/ghostscript-gpl
Moved:  print/ghostscript8
Date:   2008-09-05
Reason: Renamed for better naming

Port:   print/ghostscript-gpl-nox11
Moved:  print/ghostscript8-nox11
Date:   2008-09-05
Reason: Renamed for better naming

 #

and yours ought to be identical if we both have an updated ports tree.
 
mine is same as I see
Code:
# cd /usr/ports &&  make quicksearch name=ghostscript-gpl
Port:   print/ghostscript-gpl
Moved:  print/ghostscript8
Date:   2008-09-05
Reason: Renamed for better naming

Port:   print/ghostscript-gpl-nox11
Moved:  print/ghostscript8-nox11
Date:   2008-09-05
Reason: Renamed for better naming

so can I try portmaster /usr/ports/print/ghostscript8
and after
Code:
===>>> Done displaying pkg-message files
===>>> Installation of print/ghostscript8 (ghostscript8-8.63) complete
I tried again
Code:
portaudit
Affected package: ghostscript-gpl-8.60
Type of problem: ghostscript -- zseticcspace() function buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
 
Congratulations, you now have the newest version of ghostscript8!
The only problem is that evince and gnome (in your installation) depend upon ghostscript-gpl, and if you delete it something may break.

You could probably fix that by making a softlink from ghostscript-gpl-8.60 to ghostscript8-8.63 after you have deleted ghostscript-gpl-8.60. Not sure! :\

Probably the best thing to do is to delete ghostscript-gpl-8.60 and then update gnome and evince:
Code:
# pkg_delete -f ghostscript-gpl-8.60
# portmaster /usr/ports/x11/gnome2
# portmaster /usr/ports/graphics/evince

The new versions of gnome and evince both require ghostscript8-8.63, which you already have.

I don't have gnome, but I think it can quite some time to install the new version. Be warned! ;)
And good luck!
 
portmaster /usr/ports/x11/gnome2 gives me:
Code:
===>>> Port directory: /usr/ports/sysutils/fusefs-kmod
        ===>>> This port is marked IGNORE
        ===>>> requires the userland sources to be installed. Set SRC_BASE if it is not in /usr/src

        ===>>> If you are sure you can build it, remove the
               IGNORE line in the Makefile and try again.

===>>> Update for /usr/ports/sysutils/fusefs-kmod failed
===>>> Aborting update

===>>> Update for /usr/ports/devel/gvfs failed
===>>> Aborting update

===>>> Update for libgnomeui-2.20.1.1 failed
===>>> Aborting update

===>>> Update for dasher-4.6.1,1 failed
===>>> Aborting update
I suppose that I need to install something else ...
The same message I have after
Code:
portmaster /usr/ports/graphics/evince
===>>> Port directory: /usr/ports/sysutils/fusefs-kmod
        ===>>> This port is marked IGNORE
        ===>>> requires the userland sources to be installed. Set SRC_BASE if it is not in /usr/src

        ===>>> If you are sure you can build it, remove the
               IGNORE line in the Makefile and try again.

===>>> Update for /usr/ports/sysutils/fusefs-kmod failed
===>>> Aborting update

===>>> Update for /usr/ports/devel/gvfs failed
===>>> Aborting update
I don't have nothing in /usr/src
Code:
# ls -al /usr/src/
total 4
drwxr-xr-x   2 root  wheel  512 Feb 24  2008 .
drwxr-xr-x  17 root  wheel  512 Dec  9 10:02 ..

do I need something to install? the kernel sources or something like that?
 
What I used to do on my workstation is this:

portsnap fetch update
BATCH=1 portupgrade -akO

'BATCH=1' makes portupgrade not display 'make config' dialogs. '-akO' means 'upgrade everything you can and don't stop on errors'.
 
Back
Top