FreeBSD has an excellent facility for checking its ports for vulnerabilities provided by security\/portaudit. This is very handy when installing an unknown package. However, it can be quite a hindrance when upgrading from one very vulnerable version of a port to one with fewer vulnerabilities, since portupgrade will flatly refuse to upgrade the port, with this kind of error:<\/p>\n
===> wordpress-2.2.1,1 has known vulnerabilities:
\n=> wordpress — unmoderated comments disclosure.
\nReference: <http:\/\/www.FreeBSD.org\/ports\/portaudit\/6a31cbe3-1695-11dc-a197-0011098b2f36.html>
\n=> Please update your ports tree and try again.<\/p><\/blockquote>\nIt’s best, of course, to confirm that the vulnerability is something you can live with. If so, you can pass a flag to “make” to have it skip the vulnerability check:<\/p>\n
portupgrade -m -DDISABLE_VULNERABILITIES wordpress<\/p><\/blockquote>\n
Naturally, I wouldn’t recommend doing this in conjunction with “portupgrade -all” since it would defeat the purpose of having the vulnerability check at all.<\/p>\n","protected":false},"excerpt":{"rendered":"
FreeBSD has an excellent facility for checking its ports for vulnerabilities provided by security\/portaudit. This is very handy when installing an unknown package. However, it can be quite a hindrance when upgrading from one very vulnerable version of a port to one with fewer vulnerabilities, since portupgrade will flatly refuse \u2026 Continue reading