# perl-5.8.8 vulnerability-problem



## Nokobon (May 31, 2009)

Hello,
I just tried to install ddclient on FreeBSD 7.1, but it fails because portaudit detects a security problem with perl.
The output during installation is:

```
# make install clean
===>  Installing for ddclient-3.7.3
===>   ddclient-3.7.3 depends on file: /usr/local/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm - not found
===>    Verifying install for /usr/local/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm in /usr/ports/security/p5-IO-Socket-SSL
===>  Extracting for p5-IO-Socket-SSL-1.15
=> MD5 Checksum OK for IO-Socket-SSL-1.15.tar.gz.
=> SHA256 Checksum OK for IO-Socket-SSL-1.15.tar.gz.
===>   p5-IO-Socket-SSL-1.15 depends on file: /usr/local/bin/perl5.8.8 - not found
===>    Verifying install for /usr/local/bin/perl5.8.8 in /usr/ports/lang/perl5.8
[B]===>  perl-5.8.8_1 has known vulnerabilities:
=> perl -- Directory Permissions Race Condition.
   Reference: <http://www.FreeBSD.org/ports/portaudit/4a99d61c-f23a-11dd-9f55-0030843d3802.html>[/B]
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/perl5.8.
*** Error code 1

Stop in /usr/ports/security/p5-IO-Socket-SSL.
*** Error code 1

Stop in /usr/ports/dns/ddclient.
```

The reference says, that this problem affects only perl <5.8.9.
So i updated my port-tree...but there is no newer version of perl than 5.8.8_1.

What can I do?
Ignore the portaudit-warning?

Thanks,
Nokobon


----------



## lyuts (May 31, 2009)

I'm using FreeBSD 7.1 and i have perl 5.8.9 in my distfiles.


```
[21]lyuts@mybox/usr/ports/distfiles> find . -name 'perl*'
./perl
./perl/perl-5.8.9.tar.bz2
./perl-5.8.8.tar.bz2
```

Looks like you need to update your ports tree.


----------



## hydra (May 31, 2009)

You may use the newer lang/perl5.10 port. First, install the perl port, then the program you wish to use (ddclient in your case).


----------



## SirDice (Jun 1, 2009)

Nokobon said:
			
		

> So i updated my port-tree...but there is no newer version of perl than 5.8.8_1.


How did you update your ports tree?

The current version of perl is 5.8.9_2.

lang/perl5.8


----------



## Nokobon (Jun 1, 2009)

Thank you for your suggestions...
I updated the ports-tree before but didn't run

```
portsnap extract
```
That was my fault.

Now what is the current verion of perl?
5.8.9_2. or 5.10?

Now I have perl5.10 and installed it with ddclient...


----------



## SirDice (Jun 1, 2009)

There are 2 versions of perl, 5.8 and 5.10. Both are supported but 5.10 has a few new features. Unless you have any specific reason to do so I would stick to 5.8 as not everything is compatible with 5.10.


----------



## DutchDaemon (Jun 1, 2009)

And you should run [cmd=]perl-after-upgrade[/cmd] if you switch to a new Perl too. I'd advise you to reinstall your p5-* ports too.


----------



## Nokobon (Jun 2, 2009)

Thank you!
I`ll do so...


----------

