# xorg build error



## Fleet (Jun 29, 2010)

Hello,

I ran `make install clean` in /usr/ports/x11/xorg/ and after a while I encountered the following error (transcripted):

```
===> Verifying install for png.6 in /usr/ports/graphics/png
     png-1.4.1_1 is forbidden: vulnerable to remote buffer overflow.
*** Error code 1

Stop in /usr/ports/graphics/png...
```

How do I solve this?

Best regards.


----------



## zeiz (Jun 29, 2010)

What did you install before Xorg?


----------



## Fleet (Jun 29, 2010)

The only thing I have done on this system before installing xorg was rebuilding world and customkernel and installing them. For the record I am running 8.0-RELEASE-p3 amd64 on a laptop.


----------



## wblock@ (Jun 29, 2010)

I had written:


> That is brand new.  If you know about the vulnerability and know it isn't a problem for you, you can override the safety and force it to build with make -DDISABLE_VULNERABILITIES install.



That was wrong.  DISABLE_VULNERABILITES is for use when a port is known to be a security problem by portaudit.

If a port is marked FORBIDDEN, you would have to use NO_IGNORE.  I tested this, as I should have earlier.  Sorry about that.

Again, the safe option is to wait for a newer version of png to be released in ports.  Newer versions are already available from http://libpng.sourceforge.net/, so the port is likely close behind.


----------



## Fleet (Jun 29, 2010)

Ok, then I will have to wait. Is there any commands I should run before updating my ports-tree and when that is done, can I just run "make install clean" again?
I hope its ok that I ask these extremely basic questions. I am very inexperienced when it comes to building from sources.


----------



## zeiz (Jun 29, 2010)

You may also want to wait for 8.1-RELEASE (coming soon) but in meantime just install Xorg from packages and then try upgrading it with *portupgrade* (install it first from a package).
BTW it's recommended to run before upgrading:
`# echo 'WITHOUT_NOUVEAU=yes' >> /etc/make.conf`


----------



## wblock@ (Jun 29, 2010)

Fleet said:
			
		

> Ok, then I will have to wait. Is there any commands I should run before updating my ports-tree and when that is done, can I just run "make install clean" again?
> I hope its ok that I ask these extremely basic questions. I am very inexperienced when it comes to building from sources.



`# portsclean -C`
wouldn't hurt, but otherwise it should be fine.  When you try to build xorg again, the ports code will see that png is still needed and install it.


----------



## DutchDaemon (Jun 29, 2010)

FTR, 'portsclean' is part of the portupgrade port, which is not used by everybody (and people shouldn't install portupgrade just to run portsclean either).

portmaster alternatives are:


```
portmaster --clean-distfiles
     portmaster --clean-distfiles-all
```


----------



## wblock@ (Jun 29, 2010)

png-1.4.3 is in ports now.  That didn't take long!

Incidentally, if you use a certain port a lot, it doesn't hurt to send a thank-you email to the maintainer.  Seems like every time I've done that they're surprised and appreciate that their hard work is making a difference.  You can see the maintainer of a port with
`# make maintainer`
in the port directory.


----------

