NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
misc/50412: Many packages to be built from source require nbpatch-20100124 which has vulnerability
>Number: 50412
>Category: misc
>Synopsis: Many packages to be built from source require nbpatch-20100124 which has vulnerability
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: misc-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Nov 07 02:05:00 +0000 2015
>Originator: Daniel Glueck
>Release: Trunk (which I assume is similar to 2015Q3)
>Organization:
>Environment:
Darwin Kernel Version 15.0.0: Sat Sep 19 15:53:46 PDT 2015; root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64
>Description:
I am just getting started with pkgsrc on Mac OS X, and did a bootstrap installation from the git trunk branch using ABI=64 and unprivileged. The bootstrap went fine, but many, if not all, packages seem to require nbpatch-20100124 which has a security vulnerability. If I try to "bmake" that package, I get this error:
===> Checking for vulnerabilities in nbpatch-20100124
Package nbpatch-20100124 has a arbitrary-code-execution vulnerability, see https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in pkg_install.conf(5) if this package is absolutely essential.
*** Error code 1
Should I just make the selection to allow vulnerable packages, or is there some preferred way to proceed? Some web searching did not turn up a preferred solution.
>How-To-Repeat:
cd ~/pkgsrc/devel/nbpatch
bmake
>Fix:
Home |
Main Index |
Thread Index |
Old Index