# intalled software does not match with the port one



## adripillo (Jan 29, 2013)

Hello, I was running a portaudit to check if I have some vulnerabilities and it found that firefox-17.0.1.1 has some.
So the problem is that I am using Firefox-18, so I have something wrong when it check the versions of my programs.
I tried:


```
# pkgdb -Ff
USING PKGNG
pkgdb -F not supported with PKGNG yet. Use 'pkg check' directly.
```

But as you can see, it does not work. Any other way?. Thanks again.


----------



## SirDice (Jan 29, 2013)

Make sure your ports tree is up to date. Also make sure the portaudit database is up to date.

`# pkg version -vI`


----------



## kpa (Jan 29, 2013)

The -F flag for pkgdb(1) is supposed to fix errors in the package database but that's only for the old database format that uses files under /var/db/pkg/*. With PKGNG you have to use these instead:

For dependencies:
`# pkg check -d`

For package checksums:
`# pkg check -s`


----------



## adripillo (Jan 29, 2013)

SirDice said:
			
		

> Make sure your ports tree is up to date. Also make sure the portaudit database is up to date.
> 
> `# pkg version -vI`



It dropped this:

firefox-18.0,1                     <   needs updating (index has 18.0.1,1)


----------



## adripillo (Jan 29, 2013)

kpa said:
			
		

> The -F flag for pkgdb(1) is supposed to fix errors in the package database but that's only for the old database format that uses files under /var/db/pkg/*. With PKGNG you have to use these instead:
> 
> For dependencies:
> `# pkg check -d`
> ...



I did:


```
# pkg check -dsa
```

But after that portaudit still says I have Firefox 17.


----------



## SirDice (Jan 29, 2013)

`# portaudit -F` see portaudit(1).


----------



## adripillo (Jan 29, 2013)

SirDice said:
			
		

> `# portaudit -F` see portaudit(1).




```
# portaudit -F
auditfile.tbz                                 100% of   83 kB   43 kBps
New database installed.
```


----------



## adripillo (Jan 29, 2013)

I do not if this work of something but I never used or use pkg to install something, I always use the ports.


----------



## SirDice (Jan 29, 2013)

Actually, I'm not sure ports-mgmt/portaudit even supports pkgng.


----------



## adripillo (Jan 29, 2013)

SirDice said:
			
		

> Actually, I'm not sure ports-mgmt/portaudit even supports pkgng.



I really do not know where it compare the installed software version with the system one.
But seems I have something out of update, must be some database where it check the version of the programs.


----------



## SirDice (Jan 29, 2013)

What do these output?
`# pkg version -vI | grep firefox`
`# pkg_version -vI | grep firefox`


----------



## kpa (Jan 29, 2013)

PKGNG has it's own audit tool that replaces ports-mgmt/portaudit:

`# pkg audit -f`


----------



## adripillo (Jan 30, 2013)

SirDice said:
			
		

> What do these output?
> `# pkg version -vI | grep firefox`
> `# pkg_version -vI | grep firefox`



Sorry for the delay, I was at home. Here are the outputs:


```
# pkg version -vI | grep firefox
firefox-18.0,1                     <   needs updating (index has 18.0.1,1)

# pkg_version -vI | grep firefox
pkg_version: the package info for package 'automake-1.12.4' is corrupt
pkg_version: the package info for package 'dri-7.6.1_2,2' is corrupt
pkg_version: the package info for package 'firefox-17.0.1,1' is corrupt
pkg_version: the package info for package 'linux-f10-flashplugin-11.2r202.258' is corrupt
pkg_version: the package info for package 'portupgrade-2.4.10.2,2' is corrupt
pkg_version: the package info for package 'ruby18-bdb-0.6.6' is corrupt
pkg_version: the package info for package 'virtualbox-ose-4.1.22' is corrupt
```


----------



## adripillo (Jan 30, 2013)

kpa said:
			
		

> PKGNG has it's own audit tool that replaces ports-mgmt/portaudit:
> 
> `# pkg audit -f`




```
# pkg audit -f
pkg: illegal option -- f
usage: pkg audit [-F] <pattern>

For more information see 'pkg help audit'.

# pkg audit -F
auditfile.tbz                                                                                                                           100%   83KB  83.4KB/s  83.4KB/s   00:01
chromium-24.0.1312.52 is vulnerable:
chromium -- multiple vulnerabilities

WWW: http://portaudit.FreeBSD.org/8d03202c-6559-11e2-a389-00262d5ed8ee.html

1 problem(s) in your installed packages found.
```


----------



## SirDice (Jan 30, 2013)

adripillo said:
			
		

> ```
> # pkg version -vI | grep firefox
> firefox-18.0,1                     <   needs updating (index has 18.0.1,1)
> 
> ...


Ah, yes. That explains why portaudit thinks you have firefox 17 installed. You seem to have mixed old packages with pkgng.


----------



## adripillo (Jan 30, 2013)

SirDice said:
			
		

> Ah, yes. That explains why portaudit thinks you have firefox 17 installed. You seem to have mixed old packages with pkgng.



I see, do you have any idea of how I can fix it?. Thanks again.


----------



## SirDice (Jan 30, 2013)

I'd try to pkg_delete(1) the old ones. But you may need to reinstall them again afterwards or at least the current version of that port. The pkg_delete(1) is bound to remove stuff that's used by the 'new' versions.


----------



## adripillo (Jan 30, 2013)

SirDice said:
			
		

> I'd try to pkg_delete(1) the old ones. But you may need to reinstall them again afterwards or at least the current version of that port. The pkg_delete(1) is bound to remove stuff that's used by the 'new' versions.



ok, I did pkg_delete(1) on all of them. Running a portupgrade now.


----------



## SirDice (Jan 30, 2013)

Make sure you have WITH_PKGNG in /etc/make.conf so your ports are correctly registered.


----------



## adripillo (Jan 30, 2013)

SirDice said:
			
		

> Make sure you have WITH_PKGNG in /etc/make.conf so your ports are correctly registered.



Ok, thank you. I let you know as soon as it finish.


----------



## phoenix (Jan 30, 2013)

SirDice said:
			
		

> Actually, I'm not sure ports-mgmt/portaudit even supports pkgng.



It doesn't.  pkgng includes audit support.  See pkg-audit().


----------



## adripillo (Mar 12, 2013)

Sorry for the delay, I was on vacation. But it worked fine. Thanks a lot.


----------

