# easiest way to get rid of these security warnings?



## beesatmsu (Jul 22, 2010)

I have been getting these for a while. 

what is the most painless way to upgrade?  I know if I delete png-1.2.40 or tiff 3.9.1, kde might be unhappy. 

thanks,

Zach

I believe these are produced by port auditing software. 


```
Database created: Wed Jul 21 03:10:00 EDT 2010

Checking for packages with security vulnerabilities:

Affected package: png-1.2.40
Type of problem: png -- libpng decompression buffer overflow.
Reference: <http://portaudit.FreeBSD.org/edef3f2f-82cf-11df-bcce-0018f3e2eb82.html>

Affected package: png-1.4.1_1
Type of problem: png -- libpng decompression buffer overflow.
Reference: <http://portaudit.FreeBSD.org/edef3f2f-82cf-11df-bcce-0018f3e2eb82.html>

Affected package: mDNSResponder-108
Type of problem: mDNSResponder -- corrupted stack crash when parsing bad resolv.conf.
Reference: <http://portaudit.FreeBSD.org/1cd87e2a-81e3-11df-81d8-00262d5ed8ee.html>

Affected package: firefox-3.5.4,1
Type of problem: mozilla -- multiple vulnerabilities.
Reference: <http://portaudit.FreeBSD.org/99858b7c-7ece-11df-a007-000f20797ede.html>

Affected package: tiff-3.9.1
Type of problem: tiff -- Multiple integer overflows.
Reference: <http://portaudit.FreeBSD.org/8816bf3a-7929-11df-bcce-0018f3e2eb82.html>

Affected package: tiff-3.9.1
Type of problem: tiff -- buffer overflow vulnerability.
Reference: <http://portaudit.FreeBSD.org/313da7dc-763b-11df-bcce-0018f3e2eb82.html>

Affected package: kdebase-workspace-4.3.1
Type of problem: KDM -- local privilege escalation vulnerability.
Reference: <http://portaudit.FreeBSD.org/3987c5d1-47a9-11df-a0d5-0016d32f24fb.html>

Affected package: firefox-3.5.4,1
Type of problem: mozilla -- multiple vulnerabilities.
Reference: <http://portaudit.FreeBSD.org/9ccfee39-3c3b-11df-9edc-000f20797ede.html>

Affected package: firefox-3.5.4,1
Type of problem: mozilla -- multiple vulnerabilities.
Reference: <http://portaudit.FreeBSD.org/f82c85d8-1c6e-11df-abb2-000f20797ede.html>

Affected package: firefox-3.5.4,1
Type of problem: mozilla -- multiple vulnerabilities.
Reference: <http://portaudit.FreeBSD.org/01c57d20-ea26-11de-bd39-00248c9b4be7.html>

10 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
```


----------



## phoenix (Jul 22, 2010)

Read /usr/ports/UPDATING.  Search for each of those apps (png, tiff, jpeg, kde, etc).  There are entries for most of them in there, with the recommended update commands.


----------



## Erratus (Jul 22, 2010)

*mDNSResponder*

In /usr/ports/UPDATING there are no hints regarding mDNSResponder.
Can you give some?


----------



## gilinko (Jul 22, 2010)

Erratus said:
			
		

> In /usr/ports/UPDATING there are no hints regarding mDNSResponder.
> Can you give some?



Not all updates have an entry in the UPDATING file, just those that has the potential to be troublesome. As you seem to have quite a lot of old packages I would strongly suggest that you start reading up on how to keep your ports tree updated, and choose your the way you want to do updates and upgrades. 

OP: As you have these packages installed, you at least should have some knowledge about the ports system, or are you running a FreeBSD derivative like PC-BSD?


----------



## Erratus (Jul 22, 2010)

Problem with mDNSResponder is that ports still have no updated version.


----------



## beesatmsu (Jul 22, 2010)

thanks. I used ports (or pkg_add) to install kde and xorg. 
I do not know if "portsnap fetch update" will be sufficient, which I did right after system installaion.



			
				gilinko said:
			
		

> Not all updates have an entry in the UPDATING file, just those that has the potential to be troublesome. As you seem to have quite a lot of old packages I would strongly suggest that you start reading up on how to keep your ports tree updated, and choose your the way you want to do updates and upgrades.
> 
> OP: As you have these packages installed, you at least should have some knowledge about the ports system, or are you running a FreeBSD derivative like PC-BSD?


----------



## beesatmsu (Jul 22, 2010)

The /usr/ports/UPDATING says:

```
The png library has been updated to version 1.4.1.  Please rebuild all
  ports that depend on it.

  If you use portmaster:

        Make sure you update to portmaster version 2.20 or newer, then:
        portmaster -r png-

  If you use portupgrade:

        portupgrade -fr graphics/png
```

but I got an error:

```
cell# ./portmaster -r png-

===>>> The argument to -r must match only one port
===>>> Aborting update
```


----------



## phoenix (Jul 22, 2010)

Update portmaster before using it to update anything else.    2.32 or newer is in the ports tree now.


----------



## beesatmsu (Jul 23, 2010)

I installed portmaster yesterday, version is 2.22. 
I thought the syntax should not change? not sure why "portmaster -r png-" gave me an error.


----------



## beesatmsu (Jul 23, 2010)

ok, I am doing "portsnap update" now, then I will reinstall portmaster...

but I think it wont change anything...


----------



## beesatmsu (Jul 23, 2010)

I did port upgrade (portsnap fetch upgrade)
deinstalled portmaster 2.22
installed 2.23

still same error:

```
cell# /usr/local/sbin/portmaster -r png-

===>>> The argument to -r must match only one port
===>>> Aborting update
```


----------



## phoenix (Jul 23, 2010)

Try it without the -, just png.


----------



## beesatmsu (Jul 23, 2010)

tried that. even tried "/usr/ports/graphics/png". no go.

now I am trying "portupgrade" and it seems to be working (at least installing stuff now).

portupgrade itself was much larger than portmaster.


----------



## beesatmsu (Jul 23, 2010)

I am using regular freebsd...the system is quite "new" -- freshly installed in Feb/March.

UPDATIng does not mention tiff at all. so now what do I do with tiff? 

it does not really say how I upgrade to firefox3.6 either. and it says no java.



			
				gilinko said:
			
		

> Not all updates have an entry in the UPDATING file, just those that has the potential to be troublesome. As you seem to have quite a lot of old packages I would strongly suggest that you start reading up on how to keep your ports tree updated, and choose your the way you want to do updates and upgrades.
> 
> OP: As you have these packages installed, you at least should have some knowledge about the ports system, or are you running a FreeBSD derivative like PC-BSD?


----------



## beesatmsu (Jul 23, 2010)

I did not install the mDNSresponder....can I simply delete it? I am running the DNS using bind. not sure if mDNSresponder is needed.


----------



## beesatmsu (Jul 23, 2010)

ok, did png, and now doing tiff (I simply copied the command, "portupgrade -rf /graphics/tiff"

will see if I can do the same with kde and firefox.


----------



## beesatmsu (Jul 23, 2010)

png went fine.

tiff: not so well.

command:  

/usr/local/sbin/portupgrade -fr graphics/tiff


errors I got:

```
checking for pkg-config... /usr/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for BASE_DEPENDENCIES... configure: error: Package requirements (glib-2.0 >= 2.23.6    atk >= 1.29.2    pango >= 1.20    cairo >= 1.6) were not met:

Requested 'glib-2.0 >= 2.23.6' but version of GLib is 2.20.5
Requested 'atk >= 1.29.2' but version of Atk is 1.26.0

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables BASE_DEPENDENCIES_CFLAGS
and BASE_DEPENDENCIES_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

===>  Script "configure" failed unexpectedly.
Please run the gnomelogalyzer, available from
"http://www.freebsd.org/gnome/gnomelogalyzer.sh", which will diagnose the
problem and suggest a solution. If - and only if - the gnomelogalyzer cannot
solve the problem, report the build failure to the FreeBSD GNOME team at
gnome@FreeBSD.org, and attach (a)
"/usr/ports/x11-toolkits/gtk20/work/gtk+-2.20.1/config.log", (b) the output
of the failed make command, and (c) the gnomelogalyzer output. Also, it might
be a good idea to provide an overview of all packages installed on your system
(i.e. an `ls /var/db/pkg`). Put your attachment up on any website,
copy-and-paste into http://freebsd-gnome.pastebin.com, or use send-pr(1) with
the attachment. Try to avoid sending any attachments to the mailing list
(gnome@FreeBSD.org), because attachments sent to FreeBSD mailing lists are
usually discarded by the mailing list software.
*** Error code 1

Stop in /usr/ports/x11-toolkits/gtk20.
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20100723-47947-4zvsye-0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=gtk-2.16.6 UPGRADE_PORT_VER=2.16.6 make
** Fix the problem and try again.
--->  Skipping 'deskutils/kdepim4' (kdepim-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'print/libspectre' (libspectre-0.2.2_1) because a requisite package 'cups-image-1.3.10_4' (print/cups-image) failed (specify -k to force)
--->  Skipping 'sysutils/kdeadmin4' (kdeadmin-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'graphics/kdegraphics4' (kdegraphics-4.3.1) because a requisite package 'kdelibs-4.3.1_5' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'misc/kdeedu4' (kdeedu-4.3.1) because a requisite package 'kdelibs-4.3.1_5' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'devel/libglade2' (libglade2-2.6.4_1) because a requisite package 'gtk-2.16.6' (x11-toolkits/gtk20) failed (specify -k to force)
--->  Skipping 'www/firefox35' (firefox-3.5.4,1) because a requisite package 'gtk-2.16.6' (x11-toolkits/gtk20) failed (specify -k to force)
--->  Skipping 'x11/xscreensaver' (xscreensaver-5.10) because a requisite package 'gtk-2.16.6' (x11-toolkits/gtk20) failed (specify -k to force)
--->  Skipping 'devel/kdesdk4' (kdesdk-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'www/kdewebdev4' (kdewebdev-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11/kdebase4-workspace' (kdebase-workspace-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11-clocks/kdetoys4' (kdetoys-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'deskutils/kdeplasma-addons' (kdeplasma-addons-4.3.1) because a requisite package 'libspectre-0.2.2_1' (print/libspectre) failed (specify -k to force)
--->  Skipping 'x11/kdebase4' (kdebase-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'misc/kdeutils4' (kdeutils-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11-themes/kdeartwork4' (kdeartwork-4.3.1) because a requisite package 'gtk-2.16.6' (x11-toolkits/gtk20) failed (specify -k to force)
--->  Skipping 'net/kdenetwork4' (kdenetwork-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11/kde4' (kde4-4.3.1) because a requisite package 'kdepim-runtime-4.3.1' (deskutils/kdepim4-runtime) failed (specify -k to force)
** Listing the failed packages (-:ignored / *:skipped / !:failed)
        * graphics/netpbm (netpbm-10.26.63_1)
        ! print/cups-image (cups-image-1.3.10_4)        (linker error)
        * print/ghostscript8 (ghostscript8-8.64_6)
        * graphics/ImageMagick (ImageMagick-6.6.0.10)
        ! x11/kdelibs4 (kdelibs-4.3.1_5)        (unknown build error)
        * x11/kdelibs4 (kdelibs-experimental-4.3.1)
        * accessibility/kdeaccessibility4 (kdeaccessibility-4.3.1)
        * multimedia/kdemultimedia4 (kdemultimedia-4.3.1_1)
        * games/kdegames4 (kdegames-4.3.1)
        * deskutils/kdepimlibs4 (kdepimlibs-4.3.1)
        * deskutils/kdepim4-runtime (kdepim-runtime-4.3.1)
        * x11/kdebase4-runtime (kdebase-runtime-4.3.1_2)
        ! x11-toolkits/gtk20 (gtk-2.16.6)       (configure error)
        * deskutils/kdepim4 (kdepim-4.3.1_1)
        * print/libspectre (libspectre-0.2.2_1)
        * sysutils/kdeadmin4 (kdeadmin-4.3.1)
        * graphics/kdegraphics4 (kdegraphics-4.3.1)
        * misc/kdeedu4 (kdeedu-4.3.1)
        * devel/libglade2 (libglade2-2.6.4_1)
        * www/firefox35 (firefox-3.5.4,1)
        * x11/xscreensaver (xscreensaver-5.10)
        * devel/kdesdk4 (kdesdk-4.3.1)
        * www/kdewebdev4 (kdewebdev-4.3.1)
        * x11/kdebase4-workspace (kdebase-workspace-4.3.1)
        * x11-clocks/kdetoys4 (kdetoys-4.3.1)
        * deskutils/kdeplasma-addons (kdeplasma-addons-4.3.1)
        * x11/kdebase4 (kdebase-4.3.1_1)
        * misc/kdeutils4 (kdeutils-4.3.1_1)
        * x11-themes/kdeartwork4 (kdeartwork-4.3.1)
        * net/kdenetwork4 (kdenetwork-4.3.1)
        * x11/kde4 (kde4-4.3.1)
cell# w
```


----------



## wblock@ (Jul 23, 2010)

beesatmsu said:
			
		

> I am using regular freebsd...the system is quite "new" -- freshly installed in Feb/March.
> 
> UPDATIng does not mention tiff at all. so now what do I do with tiff?



`# portupgrade -r tiff`

Or use portmaster, where AFAIK the -r is not usually needed (equivalent to -rf in portupgrade).



> it does not really say how I upgrade to firefox3.6 either. and it says no java.



The portupgrade and portmaster man pages should have examples.  I use portupgrade, and generally use the -r option by default.


----------



## beesatmsu (Jul 23, 2010)

I did pkg_delete for firefox and installed a new one, no problem.

I tried portupgrade for kde but it did not work.

```
/usr/local/sbin/portupgrade -fr x11/kde4
[Updating the pkgdb <format:bdb_btree> in /var/db/pkg ... - 519 packages found (-1 +5) (...)..... done]
Stale dependency: kde4-4.3.1 --> libvorbis-1.2.3,3 -- manually run 'pkgdb -F' to fix, or specify -O to force.
```


----------



## beesatmsu (Jul 23, 2010)

I fixed the stale dependency by using "pkgdb -F" first and then did kde4, no errors (and way too fast, compared to png).

but I tried for mDNSResponder (apparently it is needed by kde4).


```
cell# /usr/local/sbin/portupgrade -fr net/mDNSResponder
--->  Upgrading 'mDNSResponder-108' to 'mDNSResponder-214' (net/mDNSResponder)
--->  Building '/usr/ports/net/mDNSResponder'
===>  Cleaning for mDNSResponder-214
===>  mDNSResponder-214 has known vulnerabilities:
=> mDNSResponder -- corrupted stack crash when parsing bad resolv.conf.
   Reference: <http://portaudit.FreeBSD.org/1cd87e2a-81e3-11df-81d8-00262d5ed8ee.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/net/mDNSResponder.
--->  Backing up the old version
--->  Uninstalling the old version
--->  Deinstalling 'mDNSResponder-108'
--->  Preserving /usr/local/lib/libdns_sd.so.1 as /usr/local/lib/compat/pkg/libdns_sd.so.1
pkg_delete: package 'mDNSResponder-108' is required by these other packages
and may not be deinstalled (but I'll delete it anyway):
kde4-4.4.5_1
kdeaccessibility-4.3.1
kdeadmin-4.3.1
kdeartwork-4.3.1
kdebase-4.3.1_1
kdebase-runtime-4.3.1_2
kdebase-workspace-4.3.1
kdeedu-4.3.1
kdegames-4.3.1
kdegraphics-4.3.1
kdelibs-4.3.1_5
kdelibs-experimental-4.3.1
kdemultimedia-4.3.1_1
kdenetwork-4.3.1
kdepim-4.3.1_1
kdepim-runtime-4.3.1
kdepimlibs-4.3.1
kdeplasma-addons-4.3.1
kdesdk-4.3.1
kdetoys-4.3.1
kdeutils-4.3.1_1
kdewebdev-4.3.1
[Updating the pkgdb <format:bdb_btree> in /var/db/pkg ... - 518 packages found (-1 +0) (...) done]
--->  Installing the new version via the port
===>  mDNSResponder-214 has known vulnerabilities:
=> mDNSResponder -- corrupted stack crash when parsing bad resolv.conf.
   Reference: <http://portaudit.FreeBSD.org/1cd87e2a-81e3-11df-81d8-00262d5ed8ee.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/net/mDNSResponder.
*** Error code 1

Stop in /usr/ports/net/mDNSResponder.
===>  Cleaning for mDNSResponder-214
--->  Cleaning out obsolete shared libraries
--->  Upgrading 'kdelibs-4.3.1_5' to 'kdelibs-4.4.5' (x11/kdelibs4)
--->  Building '/usr/ports/x11/kdelibs4'
===>  Cleaning for kdelibs-4.4.5

===>  kdelibs-4.4.5 conflicts with installed package(s):
      kdebase-workspace-4.3.1

      They install files into the same place.
      Please remove them first with pkg_delete(1).
*** Error code 1

Stop in /usr/ports/x11/kdelibs4.
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20100723-99256-1vyp7gg-0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=kdelibs-4.3.1_5 UPGRADE_PORT_VER=4.3.1_5 make
** Fix the problem and try again.
--->  Skipping 'x11/kdelibs4' (kdelibs-experimental-4.3.1) because it has already failed
--->  Skipping 'multimedia/kdemultimedia4' (kdemultimedia-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'games/kdegames4' (kdegames-4.3.1) because a requisite package 'kdelibs-4.3.1_5' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'accessibility/kdeaccessibility4' (kdeaccessibility-4.3.1) because a requisite package 'kdelibs-4.3.1_5' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'graphics/kdegraphics4' (kdegraphics-4.3.1) because a requisite package 'kdelibs-4.3.1_5' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'deskutils/kdepimlibs4' (kdepimlibs-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'deskutils/kdepim4-runtime' (kdepim-runtime-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11/kdebase4-runtime' (kdebase-runtime-4.3.1_2) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'deskutils/kdepim4' (kdepim-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'sysutils/kdeadmin4' (kdeadmin-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'devel/kdesdk4' (kdesdk-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'misc/kdeedu4' (kdeedu-4.3.1) because a requisite package 'kdelibs-4.3.1_5' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'www/kdewebdev4' (kdewebdev-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11/kdebase4-workspace' (kdebase-workspace-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11-clocks/kdetoys4' (kdetoys-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'deskutils/kdeplasma-addons' (kdeplasma-addons-4.3.1) because a requisite package 'kdegraphics-4.3.1' (graphics/kdegraphics4) failed (specify -k to force)
--->  Skipping 'x11/kdebase4' (kdebase-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'misc/kdeutils4' (kdeutils-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'net/kdenetwork4' (kdenetwork-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11-themes/kdeartwork4' (kdeartwork-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11/kde4' (kde4-4.4.5_1) because a requisite package 'kdepim-runtime-4.3.1' (deskutils/kdepim4-runtime) failed (specify -k to force)
** Listing the failed packages (-:ignored / *:skipped / !:failed)
        ! x11/kdelibs4 (kdelibs-4.3.1_5)        (unknown build error)
        * x11/kdelibs4 (kdelibs-experimental-4.3.1)
        * multimedia/kdemultimedia4 (kdemultimedia-4.3.1_1)
        * games/kdegames4 (kdegames-4.3.1)
        * accessibility/kdeaccessibility4 (kdeaccessibility-4.3.1)
        * graphics/kdegraphics4 (kdegraphics-4.3.1)
        * deskutils/kdepimlibs4 (kdepimlibs-4.3.1)
        * deskutils/kdepim4-runtime (kdepim-runtime-4.3.1)
        * x11/kdebase4-runtime (kdebase-runtime-4.3.1_2)
        * deskutils/kdepim4 (kdepim-4.3.1_1)
        * sysutils/kdeadmin4 (kdeadmin-4.3.1)
        * devel/kdesdk4 (kdesdk-4.3.1)
        * misc/kdeedu4 (kdeedu-4.3.1)
        * www/kdewebdev4 (kdewebdev-4.3.1)
        * x11/kdebase4-workspace (kdebase-workspace-4.3.1)
        * x11-clocks/kdetoys4 (kdetoys-4.3.1)
        * deskutils/kdeplasma-addons (kdeplasma-addons-4.3.1)
        * x11/kdebase4 (kdebase-4.3.1_1)
        * misc/kdeutils4 (kdeutils-4.3.1_1)
        * net/kdenetwork4 (kdenetwork-4.3.1)
        * x11-themes/kdeartwork4 (kdeartwork-4.3.1)
        * x11/kde4 (kde4-4.4.5_1)
cell#
```


----------



## beesatmsu (Jul 23, 2010)

yes, you are right!
I tried -r, not -fr, and mDNSResponder worked (no messages at all, though, which is also strange).

trying tiff now. and it seems to be working.




			
				wblock said:
			
		

> `# portupgrade -r tiff`
> 
> Or use portmaster, where AFAIK the -r is not usually needed (equivalent to -rf in portupgrade).
> 
> ...


----------



## beesatmsu (Jul 23, 2010)

pretty much the same message with
portupgrade -r graphics/tiff


```
checking for BASE_DEPENDENCIES... configure: error: Package requirements (glib-2.0 >= 2.23.6    atk >= 1.29.2    pango >= 1.20    cairo >= 1.6) were not met:

Requested 'glib-2.0 >= 2.23.6' but version of GLib is 2.20.5
Requested 'atk >= 1.29.2' but version of Atk is 1.26.0

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables BASE_DEPENDENCIES_CFLAGS
and BASE_DEPENDENCIES_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

===>  Script "configure" failed unexpectedly.
Please run the gnomelogalyzer, available from
"http://www.freebsd.org/gnome/gnomelogalyzer.sh", which will diagnose the
problem and suggest a solution. If - and only if - the gnomelogalyzer cannot
solve the problem, report the build failure to the FreeBSD GNOME team at
gnome@FreeBSD.org, and attach (a)
"/usr/ports/x11-toolkits/gtk20/work/gtk+-2.20.1/config.log", (b) the output
of the failed make command, and (c) the gnomelogalyzer output. Also, it might
be a good idea to provide an overview of all packages installed on your system
(i.e. an `ls /var/db/pkg`). Put your attachment up on any website,
copy-and-paste into http://freebsd-gnome.pastebin.com, or use send-pr(1) with
the attachment. Try to avoid sending any attachments to the mailing list
(gnome@FreeBSD.org), because attachments sent to FreeBSD mailing lists are
usually discarded by the mailing list software.
*** Error code 1

Stop in /usr/ports/x11-toolkits/gtk20.
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20100723-9076-1km584r-0 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=gtk-2.16.6 UPGRADE_PORT_VER=2.16.6 make
** Fix the problem and try again.
--->  Skipping 'deskutils/kdepim4' (kdepim-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'print/libspectre' (libspectre-0.2.2_1) because a requisite package 'cups-image-1.3.10_4' (print/cups-image) failed (specify -k to force)
--->  Skipping 'sysutils/kdeadmin4' (kdeadmin-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'graphics/kdegraphics4' (kdegraphics-4.3.1) because a requisite package 'libspectre-0.2.2_1' (print/libspectre) failed (specify -k to force)
--->  Skipping 'misc/kdeedu4' (kdeedu-4.3.1) because a requisite package 'netpbm-10.26.63_1' (graphics/netpbm) failed (specify -k to force)
--->  Skipping 'devel/libglade2' (libglade2-2.6.4_1) because a requisite package 'gtk-2.16.6' (x11-toolkits/gtk20) failed (specify -k to force)
--->  Skipping 'devel/kdesdk4' (kdesdk-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11/xscreensaver' (xscreensaver-5.10) because a requisite package 'gtk-2.16.6' (x11-toolkits/gtk20) failed (specify -k to force)
--->  Skipping 'www/kdewebdev4' (kdewebdev-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11/kdebase4-workspace' (kdebase-workspace-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11-clocks/kdetoys4' (kdetoys-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'deskutils/kdeplasma-addons' (kdeplasma-addons-4.3.1) because a requisite package 'libspectre-0.2.2_1' (print/libspectre) failed (specify -k to force)
--->  Skipping 'x11/kdebase4' (kdebase-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'misc/kdeutils4' (kdeutils-4.3.1_1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
--->  Skipping 'x11-themes/kdeartwork4' (kdeartwork-4.3.1) because a requisite package 'gtk-2.16.6' (x11-toolkits/gtk20) failed (specify -k to force)
--->  Skipping 'net/kdenetwork4' (kdenetwork-4.3.1) because a requisite package 'kdelibs-experimental-4.3.1' (x11/kdelibs4) failed (specify -k to force)
** Listing the failed packages (-:ignored / *:skipped / !:failed)
        ! graphics/netpbm (netpbm-10.26.63_1)   (install error)
        ! print/cups-image (cups-image-1.3.10_4)        (linker error)
        * print/ghostscript8 (ghostscript8-8.64_6)
        * graphics/ImageMagick (ImageMagick-6.6.0.10)
        ! x11/kdelibs4 (kdelibs-4.3.1_5)        (uninstall error)
        * x11/kdelibs4 (kdelibs-experimental-4.3.1)
        ! accessibility/kdeaccessibility4 (kdeaccessibility-4.3.1)      (unknown build error)
        * multimedia/kdemultimedia4 (kdemultimedia-4.3.1_1)
        ! games/kdegames4 (kdegames-4.3.1)      (unknown build error)
        * deskutils/kdepimlibs4 (kdepimlibs-4.3.1)
        * deskutils/kdepim4-runtime (kdepim-runtime-4.3.1)
        * x11/kdebase4-runtime (kdebase-runtime-4.3.1_2)
        ! x11-toolkits/gtk20 (gtk-2.16.6)       (configure error)
        * deskutils/kdepim4 (kdepim-4.3.1_1)
        * print/libspectre (libspectre-0.2.2_1)
        * sysutils/kdeadmin4 (kdeadmin-4.3.1)
        * graphics/kdegraphics4 (kdegraphics-4.3.1)
        * misc/kdeedu4 (kdeedu-4.3.1)
        * devel/libglade2 (libglade2-2.6.4_1)
        * devel/kdesdk4 (kdesdk-4.3.1)
        * x11/xscreensaver (xscreensaver-5.10)
        * www/kdewebdev4 (kdewebdev-4.3.1)
        * x11/kdebase4-workspace (kdebase-workspace-4.3.1)
        * x11-clocks/kdetoys4 (kdetoys-4.3.1)
        * deskutils/kdeplasma-addons (kdeplasma-addons-4.3.1)
        * x11/kdebase4 (kdebase-4.3.1_1)
        * misc/kdeutils4 (kdeutils-4.3.1_1)
        * x11-themes/kdeartwork4 (kdeartwork-4.3.1)
        * net/kdenetwork4 (kdenetwork-4.3.1)
```


----------



## beesatmsu (Jul 23, 2010)

I am manually updating glib, atk, pango, cairo...can find ports for all the later three, but not glib or Glib...how do I update glib-2.0 to 2.23.6?


----------



## beesatmsu (Jul 23, 2010)

tired of getting errors again at updating pango. 

tried portmaster -aDB, 
went on for a while, then
got the following. give up for the day.


```
===>>> Launching child to update libdvdread-4.1.3_1 to libdvdread-4.1.3_2

===>>> Port directory: /usr/ports/multimedia/libdvdread
===>>> Launching 'make checksum' for multimedia/libdvdread in background
===>>> Gathering dependency list for multimedia/libdvdread from ports
===>>> Starting recursive 'make config' check
===>>> Launching child to update multimedia/libdvdcss
        libdvdread-4.1.3_1 >> multimedia/libdvdcss

===>>> Port directory: /usr/ports/multimedia/libdvdcss
===>>> Launching 'make checksum' for multimedia/libdvdcss in background
===>>> Gathering dependency list for multimedia/libdvdcss from ports
===>>> Starting recursive 'make config' check
===>>> Recursive 'make config' check complete for multimedia/libdvdcss
        libdvdread-4.1.3_1 >> multimedia/libdvdcss
===>>> Continuing 'make config' dependency check for multimedia/libdvdread
===>>> Recursive 'make config' check complete for multimedia/libdvdread
===>>> Returning to update check of installed ports


        ===>>> The math/libgmp4 port moved to math/gmp
        ===>>> Reason: Switch to newer performance release


===>>> The math/libgmp4 port has been deleted: Has expired: Use math/gmp instead.
===>>> Aborting update

Terminated
Terminated
Terminated
Terminated
Terminated
Terminated
Terminated
Terminated
Terminated
Terminated
```


----------



## wblock@ (Jul 23, 2010)

beesatmsu said:
			
		

> I am manually updating glib, atk, pango, cairo...can find ports for all the later three, but not glib or Glib...how do I update glib-2.0 to 2.23.6?



It's in devel/glib20.

Let me also suggest you look at the -n option for both portupgrade and portmaster.  That prevents the program from actually doing anything, but it tells you what it would have done.  That's a good way to find out the important detail of the order of ports to rebuild.  For example, from your list above:
`# portupgrade -nrf glib atk pango cairo`

This lets you see the lowest-level dependency to rebuild first, so you don't have to rebuild everything again later.


----------



## beesatmsu (Jul 23, 2010)

wblock, thanks.
I googled and found glib also.

I did your command:
now what I do?

```
cell# portupgrade -nrf glib atk pango cairo
--->  Session started at: Fri, 23 Jul 2010 14:38:14 -0400
** Port marked as IGNORE: multimedia/qt4-phonon-gst:
        conflicts with multimedia/phonon-gstreamer. You have defined WITH_KDE_PHONON to override Qt4 phonon
** Port marked as IGNORE: multimedia/qt4-phonon:
        conflicts with multimedia/phonon. You have defined WITH_KDE_PHONON to override Qt4 phonon
[Updating the pkgdb <format:bdb_btree> in /var/db/pkg ... - 527 packages found (-0 +1) . done]
Stale dependency: atk-1.30.0_1 --> gio-fam-backend-2.24.1_1 -- manually run 'pkgdb -F' to fix, or specify -O to force.
--->  Session ended at: Fri, 23 Jul 2010 14:38:30 -0400 (consumed 00:00:15)
cell#
```


----------



## beesatmsu (Jul 23, 2010)

I did glib first, no error.
now doing atk pango cairo,

then I will do tiff. hopefully it will all work...

it takes forever even for glib (so many dependencies!).


----------



## beesatmsu (Jul 23, 2010)

got error again at portupgrade atk pango cairo

says stale dependency.

so did pkgdb -F
got error that mDNSResponder has some problem.

went to that port...but still stuck...I am pretty sure I did upgrade it earlier today with portmaster with no errors.

looks like now I am stuck because it is refusing to install 214 (the newest in the port).



```
cell# cd /usr/ports/net/mDNSResponder.
/usr/ports/net/mDNSResponder.: No such file or directory.
cell# cd /usr/ports/net/mDNSResponder
cell# make install clean
===>  mDNSResponder-214 has known vulnerabilities:
=> mDNSResponder -- corrupted stack crash when parsing bad resolv.conf.
   Reference: <http://portaudit.FreeBSD.org/1cd87e2a-81e3-11df-81d8-00262d5ed8ee.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/net/mDNSResponder.
```


----------



## beesatmsu (Jul 23, 2010)

http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/147007
does not tell you how to apply the patch for mDNSresponder!


----------



## beesatmsu (Jul 28, 2010)

Ok, one server is all done, KDE still starts, but Konquerer (a KDE browser) crashes...but firefox 3.6 works ok. not sure why mDNSResponder is gone from the list of security report.

right now still 2, the apache one is new. I will probably ignore it since I do not use mod_cache. 

```
Affected package: apache-2.2.13
Type of problem: apache -- Remote DoS bug in mod_cache and mod_dav.
Reference: <http://portaudit.FreeBSD.org/28a7310f-9855-11df-8d36-001aa0166822.html>

Affected package: kdebase-workspace-4.3.1
Type of problem: KDM -- local privilege escalation vulnerability.
Reference: <http://portaudit.FreeBSD.org/3987c5d1-47a9-11df-a0d5-0016d32f24fb.html>
```

tried to "portupgrade -rf apache", and got some errors.


----------



## beesatmsu (Jul 30, 2010)

take home message:

no easy way! need to upgrade each package, or reinstall...


----------

