Re: pkgsrc gnome nss PKG_VUL..

To: agtdino%teleline.es@localhost
Subject: Re: pkgsrc gnome nss PKG_VUL..
From: "David H. Gutteridge" <dhgutteridge%sympatico.ca@localhost>
Date: Thu, 15 Mar 2007 22:45:23 -0400

Hello List,

I'm newbi for netbsd and I'm reading the pkgsrc guide, but I'm trouble
with making gnome desktop, I will recibe ALLOW_VULNERABLE_PACKAGES with
the pakage nss the exact output is

---

WARN: Makefile:3: This package should be updated to 3.11.4.
WARN: Makefile:5: Please use
${MASTER_SITE_MOZILLA:=security/nss/releases/NSS_3_11_RTM/src/} instead
of
"ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/src/";.
NOTE: Makefile:45: Trailing white-space.
NOTE: Makefile:48: Trailing white-space.
WARN: Makefile:49: Please don't use @comment in SUNOS_FALSE.
WARN: Makefile:66: Please don't use @comment in SUNOS_TRUE.
NOTE: Makefile:67: Trailing white-space.
WARN: patches/patch-ab:13: Found absolute pathname: /bin/tar
0 errors and 5 warnings found.
=> Required installed package digest>=20010302: digest-20060826 found
===> Checking for vulnerabilities in nss-3.11
ERROR: ssl-buffer-overflow vulnerability in nss-3.11 - see
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html for more
information
nss

Stop.
make: stopped in /usr/pkgsrc/devel/nss

----

I update the pkgsrc cvs -P pkgsrc, but not change

how can I must proced for to download the update and compiled ? I so
confuse so I hope anybody can help me.


Hello,

Yes, nss 3.11.4 has a vulnerability listed in pkg-vulnerabilities.  It
hasn't been updated in pkgsrc yet, that's why you're not seeing a
change when you update via CVS.  I have filed a PR on this, it's here:
http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=35982

If you want to get around this, defining the variable you mentioned
above will do the trick, e.g. (in ksh):

export ALLOW_VULNERABLE_PACKAGES=yes

You will get nss 3.11.4 as a result.  The thing to watch out for when
doing this is of course that you could end up with a bunch of
vulnerable packages.  If only nss is the problem, I'd recommend
building nss on its own with that variable set to "yes", then change
the variable to "no" afterward (or just do away with it).

I take it from the nss documentation that 3.11.5 should be backwards-
compatible with 3.11.4, so you could build 3.11.4 now, then use
"make replace" to bump versions later.

Regards,

Dave

PS I've posted this to pkgsrc-users%netbsd.org@localhost instead of netbsd-help@
netbsd.org, as the former list is the one you want for pkgsrc questions.

Prev by Date: Re: Perl compilation problems on Solaris Express b53/x86
Next by Date: Re: gmplayer fails to build
Previous by Thread: Firefox2 from pkgsrc on OpenBSD
Next by Thread: Re: gmplayer fails to build
Indexes:

Home | Main Index | Thread Index | Old Index