# Updated libgcrypt, now can't run Firefox or Chromium



## drhowarddrfine (Aug 1, 2014)

During my weekly updating of ports, I wasn't paying attention and one of the ports I updated also updated security/libgcrypt. Now both www/firefox and www/chromium won't upgrade because they have security issues of MULTIPLE_VULNERABILITIES and FORBIDDEN, respectively. But when I tried to run either currently installed browser, they now can't find security/libgcrypt so I'm stuck.

I was hoping the security issues would be resolved quickly but it's been a few days so I'm looking for advice on how to get out of this situation.


----------



## pkubaj (Aug 1, 2014)

When compiling, define DISABLE_VULNERABILITIES. E.g. `portmaster -m "DISABLE_VULNERABILITIES=yes`. As for FORBIDDEN, you can just hash that in the port's Makefile.
BTW, Firefox isn't patched because gecko@ wants to commit the new version together with Seamonkey. See http://lists.freebsd.org/pipermail/free ... 04364.html.


----------



## drhowarddrfine (Aug 1, 2014)

pkubaj said:
			
		

> When compiling, define DISABLE_VULNERABILITIES. E.g. `portmaster -m "DISABLE_VULNERABILITIES=yes`. As for FORBIDDEN, you can just hash that in the port's Makefile.



I tried compiling Firefox as you showed late last night but it failed. Chromium also failed when I tried commenting out FORBIDDEN last night. I didn't write down the errors cause I was going to bed. I'll try that again in a bit to see what the errors are.

Thanks for the info about Firefox.

EDIT: Firefox is compiling so far by disabling vulnerabilites. I don't know what I did wrong last night. I'll try Chromium again when that's done.


----------



## drhowarddrfine (Aug 1, 2014)

Here's the error when I comment out FORBIDDEN, disable vulnerabilities and try to compile Chromium: 



> File "/usr/local/lib/python2.7/multiprocessing/synchronize.py", line 59, in < module> " function, see issue 3770.")
> ImportError: This platform lacks a functioning sem_open implementation, therrefore, the required syncronization primitives needed will not function, see issue 3770.
> *** [do-configure] Error code 1


----------



## jalla (Aug 1, 2014)

For the time being you can keep the previous version of chromium running (probably firefox as well) with a symlink to the new libgcrypt

```
ln -s /usr/local/lib/libgcrypt.so.20.0.1 /usr/local/lib/libgcrypt.so.19
```


----------



## wblock@ (Aug 1, 2014)

We have a doc somewhere on how that can come back to haunt you.

How old is this system?  I remember `kldload sem` was needed, but that was a long time back.


----------



## drhowarddrfine (Aug 1, 2014)

Yeah, I'm always reluctant to do that since I tend to forget those are there and I once got tripped up for a long time when I last did that. It's a personal problem but now I need to get some work done so I guess I'll have to bite the bullet.

@wblock I'm on version 9.2


----------



## protocelt (Aug 1, 2014)

drhowarddrfine said:
			
		

> Here's the error when I comment out FORBIDDEN, disable vulnerabilities and try to compile Chromium:
> 
> 
> 
> ...



Hi,

Make sure lang/python27 is built with 
	
	



```
SEM=on
```
If it isn't, rebuild lang/python27 with the option turned on and www/chromium should build. SEM is on by default now.


----------



## wblock@ (Aug 1, 2014)

Back in 2010, I wrote a little Ruby script to detect those fake library links, now updated to use pkg(8).  If you do use them, run it every so often to remind you.  Maybe right before upgrading ports: http://www.wonkity.com/~wblock/fakelib/fastfakelib.


----------



## drhowarddrfine (Aug 1, 2014)

@protocelt SEM was not set in my config for lang/python27. I went ahead and set that and rebuilt but, since the new version of chromium has vulnerabilities, and I got the old one up and running, I'll just leave it alone for now. Thanks.


----------

