# Ports install of oscommerce - SNAFU



## jaymax (Dec 17, 2009)

OS 7.2 /i386 platform, porting oscommerce-2.2.r2.a from ports, gives the following


```
# make install
===>  Extracting for oscommerce-2.2.r2.a,2
=> MD5 Checksum OK for oscommerce-2.2rc2a.zip.
=> SHA256 Checksum OK for oscommerce-2.2rc2a.zip.
===>   oscommerce-2.2.r2.a,2 depends on executable: unzip - found
===>  Patching for oscommerce-2.2.r2.a,2
===>  Configuring for oscommerce-2.2.r2.a,2
===>  Installing for oscommerce-2.2.r2.a,2
===>   oscommerce-2.2.r2.a,2 depends on file: /usr/local/include/php/main/php.h - found
===>   oscommerce-2.2.r2.a,2 depends on file: /usr/local/lib/php/20060613-debug/mysql.so - found
===>   oscommerce-2.2.r2.a,2 depends on file: /usr/local/lib/php/20060613-debug/session.so - found
===>   oscommerce-2.2.r2.a,2 depends on file: /usr/local/lib/php/20060613-debug/pcre.so - found
===>   oscommerce-2.2.r2.a,2 depends on file: /usr/local/lib/php/20060613-debug/gd.so - not found
===>    Verifying install for /usr/local/lib/php/20060613-debug/gd.so in /usr/ports/graphics/php5-gd
===>  Found saved configuration for php5-gd-5.2.11_2
===>  Extracting for php5-gd-5.2.11_2
=> MD5 Checksum OK for php-5.2.11.tar.bz2.
=> SHA256 Checksum OK for php-5.2.11.tar.bz2.
===>  Patching for php5-gd-5.2.11_2
===>  Applying FreeBSD patches for php5-gd-5.2.11_2
===>   php5-gd-5.2.11_2 depends on file: /usr/local/bin/phpize - found
===>   php5-gd-5.2.11_2 depends on file: /usr/local/libdata/pkgconfig/xpm.pc - found
===>   php5-gd-5.2.11_2 depends on file: /usr/local/bin/autoconf-2.62 - found
===>   php5-gd-5.2.11_2 depends on shared library: freetype.9 - found
===>   php5-gd-5.2.11_2 depends on shared library: png.5 - found
===>   php5-gd-5.2.11_2 depends on shared library: jpeg.10 - not found
===>    Verifying install for jpeg.10 in /usr/ports/graphics/jpeg
===>  Extracting for jpeg-7
=> MD5 Checksum OK for jpegsrc.v7.tar.gz.
=> SHA256 Checksum OK for jpegsrc.v7.tar.gz.
=> MD5 Checksum OK for jpegexiforient.c.
=> SHA256 Checksum OK for jpegexiforient.c.
=> MD5 Checksum OK for exifautotran.txt.
=> SHA256 Checksum OK for exifautotran.txt.
===>  Patching for jpeg-7
===>  Applying FreeBSD patches for jpeg-7
===>   jpeg-7 depends on package: libtool>=2.2 - not found
===>    Verifying install for libtool>=2.2 in /usr/ports/devel/libtool22
===>  libtool-2.2.6a_1 has known vulnerabilities:
=> libtool -- Library Search Path Privilege Escalation Issue.
   Reference: <http://portaudit.FreeBSD.org/77c14729-dc5e-11de-92ae-02e0184b8d35.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/devel/libtool22.
*** Error code 1

Stop in /usr/ports/graphics/jpeg.
*** Error code 1

Stop in /usr/ports/graphics/php5-gd.
*** Error code 1

Stop in /usr/ports/graphics/php5-gd.
*** Error code 1

Stop in /usr/ports/www/oscommerce.
```

This is just after updating ports with portupgrade -ay
What is the best strategy to correct this? Normally, I'd just compile and install but this doesn't maintain the pkg db. 

Thanks!


----------



## crsd (Dec 17, 2009)

Just do what it says 


> => Please update your ports tree and try again.


----------



## DutchDaemon (Dec 17, 2009)

jpeg-7 is seriously old ... you haven't updated your ports tree is _months_. And that is, indeed, a prerequisite for getting anything installed correctly.


----------



## jaymax (Dec 17, 2009)

I thought running "portupgrade -ay" did that, it ran for hours! doing something?


----------



## DutchDaemon (Dec 17, 2009)

portupgrade is a tool for upgrading _installed ports_, not for upgrading the _ports tree_. If you don't upgrade the ports tree, your installed ports won't find newer versions. See portsnap(8).


----------



## jaymax (Dec 18, 2009)

Thanks! Setting up a CVSUP cron job was easier. Thanks again


----------



## DutchDaemon (Dec 18, 2009)

Note /usr/ports/UPDATING ... jpeg-7 has been superseded, and installing the new jpeg libraries means a complete overhaul of anything depending on it (which is the entire solar system, except Pluto and parts of New Guinea). 

So follow those instructions, and any other instructions that are applicable to your installed ports.


----------



## jaymax (Dec 20, 2009)

Well might have gotten past one hump only to run into another. PHP needed an upgrade / replacement. SNAFU outlined stepwise below.

mach1# 
	
	



```
pwd
```


```
/usr/ports/lang/php5
```

mach1# 
	
	



```
make install
```


```
===>  php5-5.2.11_1 has known vulnerabilities:
=> php -- multiple vulnerabilities.
   Reference: <http://portaudit.FreeBSD.org/39a25a63-eb5c-11de-b650-00215c6a37bb.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/lang/php5.
*** Error code 1

Stop in /usr/ports/lang/php5.
```
mach1#

mach1# 
	
	



```
cvsup -L 2 -h cvsup2.freebsd.org /usr/share/cvsup/ports-supfile
```


mach1# 
	
	



```
cvsup -L 2 -h cvsup2.freebsd.org /usr/share/cvsup/ports-supfile
Parsing supfile "/usr/share/cvsup/ports-supfile"
Connecting to cvsup2.freebsd.org
Connected to cvsup2.freebsd.org
Server software version: SNAP_16_1h
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection ports-all/cvs
Shutting down connection to server
Finished successfully
```

Repeated 





> make install


 same error conditions


looking at http://portaudit.FreeBSD.org/39a25a63-eb5c-11de-b650-00215c6a37bb.html
seems to indicate some vulnerability and that a PHP vers: 5.2.12.has been released, however I do not see it in the porttree.
Should I just download it from php, compile & install independently of the ports tree?


----------



## DutchDaemon (Dec 20, 2009)

No, just wait for the new version. Anything installed outside of the ports/packages system will be a b*tch to setup and maintain in the long run, and it will be 'invisible' to the other ports that depend on it, so you'll end up resolving/relinking dependencies all day long, and other ports will still try to install the ports version of php5 because they need it and think it's not installed.


----------



## jaymax (Dec 20, 2009)

Thanks for that piece of advice, I experienced that before and don't want to experience it again. Typically how long does it take for a new version to be available?


----------



## DutchDaemon (Dec 20, 2009)

Well, people have been waiting for php 5.3 since Summer, but since this is a published vulnerability in an already working port which just needs patching, it shoudn't be more than a couple of days. Best guess.


----------



## jaymax (Dec 29, 2009)

The problem is now 2 weeks +, the system has been down closing in on a month now, I have no idea of what to do and not getting any word of when an upgrade is forthcoming is even worse.

Is this port actively maintained? I have written to Alex Dupre at 
ale@FreeBSD.org, who I assume is the maintainer, today for the second time but have not received any reply.


----------

