xorg build error

F

Fleet

Hello,

I ran make install clean in /usr/ports/x11/xorg/ and after a while I encountered the following error (transcripted):
Code: 
===> Verifying install for png.6 in /usr/ports/graphics/png
     png-1.4.1_1 is forbidden: vulnerable to remote buffer overflow.
*** Error code 1

Stop in /usr/ports/graphics/png...

How do I solve this?

Best regards.
 
The only thing I have done on this system before installing xorg was rebuilding world and customkernel and installing them. For the record I am running 8.0-RELEASE-p3 amd64 on a laptop.
 
I had written:
That is brand new. If you know about the vulnerability and know it isn't a problem for you, you can override the safety and force it to build with make -DDISABLE_VULNERABILITIES install.
Click to expand...

That was wrong. DISABLE_VULNERABILITES is for use when a port is known to be a security problem by portaudit.

If a port is marked FORBIDDEN, you would have to use NO_IGNORE. I tested this, as I should have earlier. Sorry about that.

Again, the safe option is to wait for a newer version of png to be released in ports. Newer versions are already available from http://libpng.sourceforge.net/, so the port is likely close behind.
 
Ok, then I will have to wait. Is there any commands I should run before updating my ports-tree and when that is done, can I just run "make install clean" again?
I hope its ok that I ask these extremely basic questions. I am very inexperienced when it comes to building from sources.
 
You may also want to wait for 8.1-RELEASE (coming soon) but in meantime just install Xorg from packages and then try upgrading it with portupgrade (install it first from a package).
BTW it's recommended to run before upgrading:
# echo 'WITHOUT_NOUVEAU=yes' >> /etc/make.conf
 
Fleet said:
Ok, then I will have to wait. Is there any commands I should run before updating my ports-tree and when that is done, can I just run "make install clean" again?
I hope its ok that I ask these extremely basic questions. I am very inexperienced when it comes to building from sources.
Click to expand...

# portsclean -C
wouldn't hurt, but otherwise it should be fine. When you try to build xorg again, the ports code will see that png is still needed and install it.
 
FTR, 'portsclean' is part of the portupgrade port, which is not used by everybody (and people shouldn't install portupgrade just to run portsclean either).

portmaster alternatives are:

Code: 
     portmaster --clean-distfiles
     portmaster --clean-distfiles-all
 
png-1.4.3 is in ports now. That didn't take long!

Incidentally, if you use a certain port a lot, it doesn't hurt to send a thank-you email to the maintainer. Seems like every time I've done that they're surprised and appreciate that their hard work is making a difference. You can see the maintainer of a port with
# make maintainer
in the port directory.
 
You must log in or register to reply here.
Back
Top