# Newbie question - installing xrdb



## Fraoch (May 4, 2011)

Hello:

I'm a newbie trying to learn something about FreeBSD inside VirtualBox.

I've tried installing Xorg and I got the following error (see screenshot).

I'm pretty sure I know what it's telling me, that xrdb has a known, unpatched vulnerability and that it won't install until it is patched.  Quite smart, actually.

However my ports tree is up to date - that's the first thing I did just before I tried to make Xorg.  I used *portsnap fetch* then *portsnap update* as the handbook describes (my /usr/ports was already populated from the install CD).

Of course it would be wise to stop here in a production environment, but seeing as I'm just trying to learn a thing or two in VirtualBox and want to try FreeBSD out, is there a way to get xrdb installed anyway?  I just want to try out X, that's all.

According to http://vul.hackerjournals.com/?p=20500 , the vulnerability was first reported on April 15th, so it's fairly recent.


----------



## wblock@ (May 5, 2011)

Fraoch said:
			
		

> However my ports tree is up to date - that's the first thing I did just before I tried to make Xorg.  I used *portsnap fetch* then *portsnap update* as the handbook describes (my /usr/ports was already populated from the install CD).



I don't use portsnap much, but I believe the extract step is required.  Since x11/xrdb is version 1.0.6_1 here, it does suggest you're missing an update.

It is possible, but often a mistake to override the portaudit safety.  See
`% man ports | less -p DISABLE`


----------



## Fraoch (May 5, 2011)

wblock said:
			
		

> I don't use portsnap much, but I believe the extract step is required.  Since x11/xrdb is version 1.0.6_1 here, it does suggest you're missing an update.



Hmm, good point, because I soldiered on and encountered the same error with webkit-gtk2 while trying to install Midori (web browser).

The handbook indicates that *portsnap extract* should be used if /usr/ports is empty:

http://www.freebsd.org/doc/handbook/ports-using.html

which is why I used *portsnap update* to update what was added from the install CD.

I think I'll delete my /usr/ports directory and populate it using *csup* as the handbook indicates.



> It is possible, but often a mistake to override the portaudit safety.  See
> `% man ports | less -p DISABLE`



Yeah, I'd rather not if there's any way around it.  Best do things the proper way.

Thank you!


----------



## SirDice (May 5, 2011)

Yep, the _1 includes a patch for the vulnerability.

http://www.freebsd.org/cgi/cvsweb.cgi/ports/x11/xrdb/Makefile


----------



## DutchDaemon (May 6, 2011)

No need to resort to csup(1) to populate the ports tree. Just remove /usr/ports and run [cmd=]portsnap fetch extract[/cmd] to get a pristine new ports tree. After that, run [cmd=]portsnap fetch update[/cmd] on a regular basis to keep it current.


----------

