# updating ports and everything



## hirohitosan (Dec 10, 2008)

Hi there. I came from Linux (Ubuntu) environment and there is very simple to update the system.

I read about updating the FreeBSD system and I'm a little confused. I installed portaudit and 

```
# portaudit
Affected package: libxml2-2.6.30
Type of problem: libxml2 -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>                                                                   

Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>                                                                   

Affected package: libxml2-2.6.30
Type of problem: libxml2 -- two vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html>                                                                   

Affected package: python25-2.5.1_1
Type of problem: python -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/0dccaa28-7f3c-11dd-8de5-0030843d3802.html>                                                                   

Affected package: freetype2-2.3.5
Type of problem: FreeType 2 -- Multiple Vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/4fb43b2f-46a9-11dd-9d38-00163e000016.html>

Affected package: apache-2.2.6_2
Type of problem: apache -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/c84dc9ad-41f7-11dd-a4f9-00163e000016.html>

Affected package: xorg-server-1.4_4,1
Type of problem: xorg -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/800e8bd5-3acb-11dd-8842-001302a18722.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

Affected package: python25-2.5.1_1
Type of problem: python -- Integer Signedness Error in zlib Module.
Reference: <http://www.FreeBSD.org/ports/portaudit/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html>

Affected package: pcre-7.4
Type of problem: pcre -- buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/f9e96930-e6df-11dc-8c6a-00304881ac9a.html>

11 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
```

I installed cvsup. OK now what is the next step?
How to upgrade the ports collections and the system?

thanxs


----------



## VitalyMoiseev (Dec 10, 2008)

hirohitosan said:
			
		

> How to upgrade the ports collections and the system?
> 
> thanxs



portsnap
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-portsnap.html


----------



## fender0107401 (Dec 10, 2008)

It is a simple question, but to solve it you should know that is ports and ports tree.

read handbook chapter 4


----------



## sverreh (Dec 10, 2008)

I assume you have the ports collection installed. The first thing to do is to run portsnap. If you haven't done that before, do the following as root.


```
# portsnap fetch extract
```

This will update your ports tree. If you need to update it later, you simply run:


```
# portsnap fetch update
```

With your ports tree updated, I would recommend to install portmaster:


```
# cd /usr/ports/ports-mgmt/portmaster && make install clean
```

Now you can use portmaster to install the latest versions of your outdated programs. Let's take python25 as an example. First you locate it in the ports tree:


```
# cd /usr/ports
# make search name=python25
Port:   python25-2.5.2_3
Path:   /usr/ports/lang/python25
Info:   An interpreted object-oriented programming language
Maint:  python@FreeBSD.org
B-deps:
R-deps:
WWW:    http://www.python.org/
```

And then you update it:


```
# portmaster /usr/ports/lang/python25
===>>> Gathering distinfo list for installed ports

===>>> Currently installed version: python25-2.5.2_3
===>>> Port directory: /usr/ports/lang/python25
===>>> Gathering dependency list for lang/python25 from ports
===>>> No dependencies for lang/python25
===>>> Starting build for lang/python25 <<<===
...
...
#
```

If everything goes well (as it usually does :e), your python25 is updated from version 2.5.1_1 to 2.5.2_3.


----------



## ProITex (Dec 11, 2008)

Thanks , very good howto


----------



## hirohitosan (Dec 11, 2008)

well I did all 

# portsnap fetch update

I installed portmaster and go back to 

```
# portaudit
Affected package: libxml2-2.6.30
Type of problem: libxml2 -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>                                                                   

Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>                                                                   

Affected package: libxml2-2.6.30
Type of problem: libxml2 -- two vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html>                                                                   

Affected package: python25-2.5.1_1
Type of problem: python -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/0dccaa28-7f3c-11dd-8de5-0030843d3802.html>

Affected package: freetype2-2.3.5
Type of problem: FreeType 2 -- Multiple Vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/4fb43b2f-46a9-11dd-9d38-00163e000016.html>

Affected package: apache-2.2.6_2
Type of problem: apache -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/c84dc9ad-41f7-11dd-a4f9-00163e000016.html>

Affected package: xorg-server-1.4_4,1
Type of problem: xorg -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/800e8bd5-3acb-11dd-8842-001302a18722.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

Affected package: python25-2.5.1_1
Type of problem: python -- Integer Signedness Error in zlib Module.
Reference: <http://www.FreeBSD.org/ports/portaudit/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html>

Affected package: pcre-7.4
Type of problem: pcre -- buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/f9e96930-e6df-11dc-8c6a-00304881ac9a.html>

11 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
```


----------



## DutchDaemon (Dec 11, 2008)

Did you actually *upgrade* your ports using portmaster? You *updated* your ports tree and you *installed* portmaster .. now combine the two ..


----------



## hirohitosan (Dec 11, 2008)

I started to update my packages with portmaster. It works fine with python but when it comes to xorg after lot of messages I was suggested to deinstall xorg. So I go to /usr/ports/x11/xorg and type deinslall. Now I want to reinstall back XServer. So I type reinstall to reinstall the port and then 

how can install again X server?

after this I try again 

```
# portaudit
Affected package: gnutls-2.0.2_1
Type of problem: gnutls -- X.509 certificate chain validation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/45298931-b3bf-11dd-80f8-001cc0377035.html>

Affected package: libvorbis-1.2.0_1,3
Type of problem: libvorbis -- various security issues.
Reference: <http://www.FreeBSD.org/ports/portaudit/f5a76faf-244c-11dd-b143-0211d880e350.html>

Affected package: png-1.2.22
Type of problem: png -- unknown chunk processing uninitialized memory access.
Reference: <http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b2dd5.html>

3 problem(s) in your installed packages found.
```

well what I have to do now to resolve these problems

thanks


----------



## bernux (Dec 11, 2008)

to know all your port which need update you should do :

portversion -v -l"<"

to upgrade all your port which need update :
portmaster -a 
or
portupgrade -arR   (if you use portupgrade)


----------



## Ole (Dec 11, 2008)

A good idea to add "-b" key for portupgrade. It makes backup of all packages in upgrading process. Location where store backup .tbz describing  by PKG_BACKUP_DIR environment. Or sets in /usr/local/etc/pkgtools.conf by hands:


> ENV['PKG_BACKUP_DIR'] = '/var/pkgbackups'


----------



## sverreh (Dec 11, 2008)

hirohitosan said:
			
		

> I started to update my packages with portmaster. It works fine with python but when it comes to xorg after lot of messages I was suggested to deinstall xorg. So I go to /usr/ports/x11/xorg and type deinslall. Now I want to reinstall back XServer. So I type reinstall to reinstall the port and then
> 
> how can install again X server?



I'm not quite sure what you did here.:q Did you actually type "reinstall" and not "make reinstall"? And something seems yo be missing after "then":



> So I type reinstall to reinstall the port and then
> 
> how can install again X server?



What happened after "then"? Any error messages? Have you lost Xorg, or is it still working? I notice the vulnerability check does not mention xorg-server any more. Maybe things worked out allright? Try to run the command:


```
# pkg_info -x xorg
```

This will tell you the status of all programs matching "xorg" that you have installed.


----------



## hirohitosan (Dec 12, 2008)

bernux said:
			
		

> portversion -v -l"<"



if I try

```
# portversion -v -l"<"
portversion: Command not found.
```


----------



## Ole (Dec 12, 2008)

portversion command is part of portupgrade

/usr/ports/ports-mgmt/portupgrade


----------



## sverreh (Dec 12, 2008)

bernux said:
			
		

> to know all your port which need update you should do :
> 
> portversion -v -l"<"



Or, since he already has installed portmaster:

```
% portmaster -L  |less
```

This avoids updating and "fixing" portupgrade's database, which may sometimes cause quite a hassle. That was my main reason for switching to portmaster.


----------



## hirohitosan (Dec 13, 2008)

sverreh said:
			
		

> Or, since he already has installed portmaster:
> 
> ```
> % portmaster -L  |less
> ```


I tried


```
portmaster -L  |less
```

and after a very long list I got this message:

```
===>>> 572 total installed ports
        ===>>> 224 have new versions available
```
what can I say ... almost a half of packages has new version. There is a way to update all or I have to do by hand each of the package with
# portamster

I cannot update all?


----------



## sverreh (Dec 13, 2008)

hirohitosan said:
			
		

> what can I say ... almost a half of packages has new version. There is a way to update all or I have to do by hand each of the package with
> # portamster
> 
> I cannot update all?



Don't worry! You don't need to update a port just because a newer version is available. If a port has the functionality that you require, there is no need to update it unless it has vulnerabilities. *portaudit* will list those ports for you.

*portmaster* has the *-a* option to update all ports that have new versions. I have never tried that, and would not recommend it in your case. It may take several days!

P.S.: Here is the end of the output from *# portmaster -L* on my system:

```
===>>> 717 total installed ports
        ===>>> 188 have new versions available
```
And that system works fine!


----------



## hirohitosan (Dec 13, 2008)

After running many times portmaster finally I arrive at this:

```
portaudit
Affected package: ghostscript-gpl-8.60
Type of problem: ghostscript -- zseticcspace() function buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

# whereis ghostscript-gpl
ghostscript-gpl: /usr/ports/print/ghostscript-gpl
# portmaster /usr/ports/print/ghostscript-gpl
===>>> Currently installed version: ghostscript-gpl-8.60
===>>> Port directory: /usr/ports/print/ghostscript-gpl

.....

===>>> The 'make config' check found no dependencies to update

===>  Cleaning for ghostscript-gpl-8.60

NOTE: Type "make A4=yes" to use A4 paper size by default.
===>  ghostscript-gpl-8.60 has known vulnerabilities:
=> ghostscript -- zseticcspace() function buffer overflow vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/print/ghostscript-gpl.

===>>> make failed for print/ghostscript-gpl
===>>> Aborting update

Terminated
```
I assumed at this time I can live with just 1 problem.

BTW I don't have any printer attached to my comp. and I don't intend to add in the near future. Do I really need this package?
Can I deinstall ghostscript-gpl, or even ghostscript?


----------



## sverreh (Dec 13, 2008)

hirohitosan said:
			
		

> BTW I don't have any printer attached to my comp. and I don't intend to add in the near future. Do I really need this package?
> Can I deinstall ghostscript-gpl, or even ghostscript?



I don't think it is wise to delete it before you know if any other ports require it! 

```
% pkg_info -x ghostscript
```

Just follow the advice given in the error message:


> => Please update your ports tree and try again.


----------



## hirohitosan (Dec 13, 2008)

sorry but update ports tree means?


```
# portsnap fetch extract
# portsnap fetch update
```

because I did that and after trying:


```
portmaster /usr/ports/print/ghostscript-gpl
===>>> The 'make config' check found no dependencies to update
===>  ghostscript-gpl-8.60 has known vulnerabilities:
=> ghostscript -- zseticcspace() function buffer overflow vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/print/ghostscript-gpl.
```

and 

```
# pkg_info -x ghostscript-gpl
Comment:
GPL Postscript interpreter

Required by:
evince-2.20.1
gnome2-2.20.1

Description:
Ghostscript is the well-known PostScript interpreter which is available for
all common and most esoteric platforms and supports many different printers
and some displays....
```
as I understood is required for printers


----------



## sverreh (Dec 13, 2008)

This is a bit mysterious! I updated my ports tree some hours ago, and it shows that the ghostscript-gpl port has been moved to /usr/ports/print/ghostscript8, and the version there is ghostscript8-8.63. So maybe your ports tree was not updated after all. The command you gave is correct: *portsnap fetch update*. (The *extract* is only necessary the very first time you use portsnap.) 

Could you post the output of:

```
# cd /usr/ports &&  make quicksearch name=ghostscript-gpl
```

Mine is:

```
# cd /usr/ports && make quicksearch name=ghostscript-gpl
Port:   print/ghostscript-gpl
Moved:  print/ghostscript8
Date:   2008-09-05
Reason: Renamed for better naming

Port:   print/ghostscript-gpl-nox11
Moved:  print/ghostscript8-nox11
Date:   2008-09-05
Reason: Renamed for better naming

 #
```

and yours ought to be identical if we both have an updated ports tree.


----------



## hirohitosan (Dec 13, 2008)

mine is same as I see

```
# cd /usr/ports &&  make quicksearch name=ghostscript-gpl
Port:   print/ghostscript-gpl
Moved:  print/ghostscript8
Date:   2008-09-05
Reason: Renamed for better naming

Port:   print/ghostscript-gpl-nox11
Moved:  print/ghostscript8-nox11
Date:   2008-09-05
Reason: Renamed for better naming
```

so can I try portmaster /usr/ports/print/ghostscript8
and after 
	
	



```
===>>> Done displaying pkg-message files
===>>> Installation of print/ghostscript8 (ghostscript8-8.63) complete
```
I tried again

```
portaudit
Affected package: ghostscript-gpl-8.60
Type of problem: ghostscript -- zseticcspace() function buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/ca8e56d5-e856-11dc-b5af-0017319806e7.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
```


----------



## sverreh (Dec 13, 2008)

Congratulations, you now have the newest version of ghostscript8!
The only problem is that evince and gnome (in your installation) depend upon ghostscript-gpl, and if you delete it something may break.

You could probably fix that by making a softlink from ghostscript-gpl-8.60 to ghostscript8-8.63 after you have deleted ghostscript-gpl-8.60. Not sure! :\

Probably the best thing to do is to delete ghostscript-gpl-8.60 and then update gnome and evince:

```
# pkg_delete -f ghostscript-gpl-8.60
# portmaster /usr/ports/x11/gnome2
# portmaster /usr/ports/graphics/evince
```

The new versions of gnome and evince both require ghostscript8-8.63, which you already have.

I don't have gnome, but I think it can quite some time to install the new version. Be warned!    
And good luck!


----------



## hirohitosan (Dec 14, 2008)

portmaster /usr/ports/x11/gnome2 gives me:

```
===>>> Port directory: /usr/ports/sysutils/fusefs-kmod
        ===>>> This port is marked IGNORE
        ===>>> requires the userland sources to be installed. Set SRC_BASE if it is not in /usr/src

        ===>>> If you are sure you can build it, remove the
               IGNORE line in the Makefile and try again.

===>>> Update for /usr/ports/sysutils/fusefs-kmod failed
===>>> Aborting update

===>>> Update for /usr/ports/devel/gvfs failed
===>>> Aborting update

===>>> Update for libgnomeui-2.20.1.1 failed
===>>> Aborting update

===>>> Update for dasher-4.6.1,1 failed
===>>> Aborting update
```
I suppose that I need to install something else ...
The same message I have after

```
portmaster /usr/ports/graphics/evince
===>>> Port directory: /usr/ports/sysutils/fusefs-kmod
        ===>>> This port is marked IGNORE
        ===>>> requires the userland sources to be installed. Set SRC_BASE if it is not in /usr/src

        ===>>> If you are sure you can build it, remove the
               IGNORE line in the Makefile and try again.

===>>> Update for /usr/ports/sysutils/fusefs-kmod failed
===>>> Aborting update

===>>> Update for /usr/ports/devel/gvfs failed
===>>> Aborting update
```
I don't have nothing in /usr/src

```
# ls -al /usr/src/
total 4
drwxr-xr-x   2 root  wheel  512 Feb 24  2008 .
drwxr-xr-x  17 root  wheel  512 Dec  9 10:02 ..
```

do I need something to install? the kernel sources or something like that?


----------



## sverreh (Dec 14, 2008)

Searching this forum gives this link:

http://forums.freebsd.org/showthread.php?p=4184

Remember: it is always smart to search the forum before you ask! 

I hope this link will help you.


----------



## trasz@ (Dec 16, 2008)

What I used to do on my workstation is this:

portsnap fetch update
BATCH=1 portupgrade -akO

'BATCH=1' makes portupgrade not display 'make config' dialogs.  '-akO' means 'upgrade everything you can and don't stop on errors'.


----------



## hirohitosan (Dec 16, 2008)

trasz@ said:
			
		

> BATCH=1 portupgrade -akO
> 
> 'BATCH=1' makes portupgrade not display 'make config' dialogs.  '-akO' means 'upgrade everything you can and don't stop on errors'.


thanks, good point, but I use portmaster instead of portupgrade on one of my computer. There is an equivalent for portupgrade -akO in portmaster?


----------



## sverreh (Dec 16, 2008)

trasz@ said:
			
		

> What I used to do on my workstation is this:
> 
> portsnap fetch update
> BATCH=1 portupgrade -akO



But will this also install the userland sources that he needs?



> ===>>> Port directory: /usr/ports/sysutils/fusefs-kmod
> ===>>> This port is marked IGNORE
> ===>>> requires the userland sources to be installed. Set SRC_BASE if it is not in /usr/src


----------



## trasz@ (Dec 16, 2008)

Well, if the port requires kernel sources, portupgrade or the ports system cannot do much.  It's the responsibility of the user to provide it.


----------

