# Old perl error returns



## jonfr (Jan 26, 2014)

An error that I had solved regarding perl (see here) has returned. When I try to fix it with `portmaster -r perl` I get this error.


```
===>>> Currently installed version: ntp-4.2.6p5_2
===>>> Port directory: /usr/ports/net/ntp

        ===>>> This port is marked FORBIDDEN
        ===>>> CVE-2013-5211 / VU


        ===>>> If you are sure you can build it, remove the
               FORBIDDEN line in the Makefile and try again.

===>>> Update for ntp-4.2.6p5_2 failed
===>>> Aborting update

===>>> Killing background jobs
Terminated
Terminated
Terminated
===>>> Exiting
```

I am currently running this version of perl.


```
root@saturn:/usr/local/etc/mrtg # perl -v

This is perl 5, version 16, subversion 3 (v5.16.3) built for amd64-freebsd-thread-multi

Copyright 1987-2012, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
```

I am also running this version of FreeBSD.


```
uname -a 
FreeBSD saturn.net303.net 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
```

I have no idea how to resolve this. Since I have not seen the forbidden message before.

Thanks for the help.


----------



## dpejesh (Jan 26, 2014)

From http://www.freebsd.org/doc/en/books/porters-handbook/dads-noinstall.html


```
FORBIDDEN is used for ports that contain a security vulnerability or induce grave concern regarding the security of a FreeBSD system with a given port installed (e.g., a reputably insecure program or a program that provides easily exploitable services).
```

So the forbidden message is telling you that net/ntp is in a vulnerable state. CVE-2013-5211 is the handle assigned to the problem.

Now the problem you're having, is you're running `portmaster` with the -r option which is telling it to not only rebuild perl, but everything that depends on it, which includes net/ntp.  Try running `portmaster -x net/ntp -r perl`, this will tell `portmaster` to ignore it.


----------



## jonfr (Jan 26, 2014)

Can I update net/ntp from this vulnerable version? I don't want to run too risky system even if it just used on my LAN.

I did notice it is not on this list.


```
pkg_version -vL'='
alsa-lib-1.0.27.2                   <   needs updating (port has 1.0.27.2_1)
apache24-2.4.6                      <   needs updating (port has 2.4.6_1)
apr-1.4.8.1.5.2                     <   needs updating (port has 1.4.8.1.5.3)
autoconf-wrapper-20130530           <   needs updating (port has 20131203)
automake-wrapper-20130530           <   needs updating (port has 20131203)
bash-4.2.45                         <   needs updating (port has 4.2.45_1)
ca_root_nss-3.15.2_1                <   needs updating (port has 3.15.3.1)
cmake-modules-2.8.12.1              <   needs updating (port has 2.8.12.1_1)
curl-7.33.0_1                       <   needs updating (port has 7.33.0_2)
dnsmasq-2.67,1                      <   needs updating (port has 2.68,1)
fontconfig-2.10.95,1                <   needs updating (port has 2.11.0_1,1)
freetype2-2.5.0.1                   <   needs updating (port has 2.5.2)
gdbm-1.10                           <   needs updating (port has 1.11)
gnutls-2.12.23_2                    <   needs updating (port has 2.12.23_3)
help2man-1.43.3                     <   needs updating (port has 1.43.3_1)
java-zoneinfo-2013.h                <   needs updating (port has 2013.i)
libcheck-0.9.11                     <   needs updating (port has 0.9.12)
libffi-3.0.13                       <   needs updating (port has 3.0.13_1)
libvpx-1.2.0                        <   needs updating (port has 1.3.0)
libxcb-1.9.1                        <   needs updating (port has 1.9.3)
libxml2-2.8.0_2                     <   needs updating (port has 2.8.0_3)
mysql55-client-5.5.34               <   needs updating (port has 5.5.35)
mysql55-server-5.5.34               <   needs updating (port has 5.5.35)
openjdk-7.25.15_2                   <   needs updating (port has 7.25.15_2,1)
openldap-client-2.4.37              <   needs updating (port has 2.4.38)
p5-DBD-mysql55-4.025                <   needs updating (port has 4.026)
p5-IO-Socket-IP-0.24                <   needs updating (port has 0.27)
p5-IO-Socket-SSL-1.960              <   needs updating (port has 1.962)
p5-Net-SSLeay-1.55                  <   needs updating (port has 1.57)
p5-Socket6-0.23                     <   needs updating (port has 0.25_1)
perl5-5.16.3_3                      <   needs updating (port has 5.16.3_6)
php55-5.5.5                         <   needs updating (port has 5.5.8)
php55-bz2-5.5.5                     <   needs updating (port has 5.5.8)
php55-calendar-5.5.5                <   needs updating (port has 5.5.8)
php55-ctype-5.5.5                   <   needs updating (port has 5.5.8)
php55-curl-5.5.5                    <   needs updating (port has 5.5.8)
php55-dom-5.5.5                     <   needs updating (port has 5.5.8)
php55-exif-5.5.5                    <   needs updating (port has 5.5.8)
php55-fileinfo-5.5.5                <   needs updating (port has 5.5.8)
php55-filter-5.5.5                  <   needs updating (port has 5.5.8)
php55-ftp-5.5.5                     <   needs updating (port has 5.5.8)
php55-gd-5.5.5                      <   needs updating (port has 5.5.8)
php55-gettext-5.5.5                 <   needs updating (port has 5.5.8)
php55-hash-5.5.5                    <   needs updating (port has 5.5.8)
php55-iconv-5.5.5                   <   needs updating (port has 5.5.8)
php55-imap-5.5.5                    <   needs updating (port has 5.5.8)
php55-json-5.5.5                    <   needs updating (port has 5.5.8)
php55-mcrypt-5.5.5                  <   needs updating (port has 5.5.8)
php55-mysql-5.5.5                   <   needs updating (port has 5.5.8)
php55-mysqli-5.5.5                  <   needs updating (port has 5.5.8)
php55-opcache-5.5.5                 <   needs updating (port has 5.5.8)
php55-openssl-5.5.5                 <   needs updating (port has 5.5.8)
php55-pdo-5.5.5                     <   needs updating (port has 5.5.8)
php55-pdo_sqlite-5.5.5              <   needs updating (port has 5.5.8)
php55-phar-5.5.5                    <   needs updating (port has 5.5.8)
php55-posix-5.5.5                   <   needs updating (port has 5.5.8)
php55-session-5.5.5                 <   needs updating (port has 5.5.8)
php55-simplexml-5.5.5               <   needs updating (port has 5.5.8)
php55-snmp-5.5.5                    <   needs updating (port has 5.5.8)
php55-sqlite3-5.5.5                 <   needs updating (port has 5.5.8)
php55-tokenizer-5.5.5               <   needs updating (port has 5.5.8)
php55-xml-5.5.5                     <   needs updating (port has 5.5.8)
php55-xmlreader-5.5.5               <   needs updating (port has 5.5.8)
php55-xmlwriter-5.5.5               <   needs updating (port has 5.5.8)
php55-zip-5.5.5                     <   needs updating (port has 5.5.8)
php55-zlib-5.5.5                    <   needs updating (port has 5.5.8)
pkgconf-0.9.3                       <   needs updating (port has 0.9.4)
portaudit-0.6.1                     <   needs updating (port has 0.6.2)
portmaster-3.17.2                   <   needs updating (port has 3.17.3)
py27-setuptools-1.1.7_1             <   needs updating (port has 2.0.1)
python2-2_1                         <   needs updating (port has 2_2)
python27-2.7.6                      <   needs updating (port has 2.7.6_1)
radvd-1.9.1                         <   needs updating (port has 1.9.7)
ruby-1.9.3.448,1                    <   needs updating (port has 1.9.3.484,1)
ruby19-bdb-0.6.6_1                  <   needs updating (port has 0.6.6_3)
samba36-3.6.20_1                    <   needs updating (port has 3.6.22)
sqlite3-3.8.0.2                     <   needs updating (port has 3.8.2)
webmin-1.660                        <   needs updating (port has 1.670)
xcb-proto-1.8                       <   needs updating (port has 1.9)
xorg-macros-1.17.1                  <   needs updating (port has 1.18.0)
xproto-7.0.24                       <   needs updating (port has 7.0.25)
xtrans-1.2.7                        <   needs updating (port has 1.3.2)
```

Thanks for the help.


----------



## wblock@ (Jan 26, 2014)

No new version is available yet.  But see http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using for settings to secure it until a new version is out.


----------



## jonfr (Jan 27, 2014)

This command didn't work `portmaster -x net/ntp -r perl`. I did continue to get this error message.


```
===>>> Checking dependent ports >> ntp-4.2.6p5_2 (24/24)

===>>> Currently installed version: ntp-4.2.6p5_2
===>>> Port directory: /usr/ports/net/ntp

        ===>>> This port is marked FORBIDDEN
        ===>>> CVE-2013-5211 / VU


        ===>>> If you are sure you can build it, remove the
               FORBIDDEN line in the Makefile and try again.

===>>> Update for ntp-4.2.6p5_2 failed
===>>> Aborting update
```

I need to keep my system constant.

Thanks for the help.


----------



## jb_fvwm2 (Jan 28, 2014)

```
portmaster -d -B -i -g -P  -x ntp-4.2.6p5_2 -r perl
```
(Untested...)


----------



## jonfr (Jan 28, 2014)

Thanks. I rather not go with untested commands on this issue. I still have not been able to get past this blockage and I even removed the forbidden line in the Makefile.


----------



## SirDice (Jan 28, 2014)

Have you considered just removing it and using an alternative like net/openntpd?


----------



## jonfr (Jan 28, 2014)

That would be a good option. There are however several packages that are on my system that depend on net/ntp so I would need some way to recompile them with the net/openntpd program (if that is possible).

Thanks for the help.


----------



## jonfr (Jan 29, 2014)

I did recompile everything in the end. I just skipped net/ntp. I continue to get this error when I run indexmaker for mrtg.


```
Hexadecimal number > 0xffffffff non-portable at (eval 13) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 14) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 15) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 16) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 17) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 18) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 19) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 20) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 21) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 22) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 23) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 24) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 25) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 26) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 27) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 28) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 29) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 30) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 31) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 32) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 33) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 34) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 35) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 36) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 37) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 38) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 39) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 40) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 41) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 42) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 43) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 44) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 45) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 46) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 47) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 48) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 49) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 50) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 51) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 52) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 53) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 54) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 55) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 56) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 57) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 58) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 59) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 60) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 61) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 62) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 63) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 64) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 65) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 66) line 1.
Hexadecimal number > 0xffffffff non-portable at (eval 67) line 1.
```

I am not sure what the fault is now. It might be something else than before.

Thanks for the help.


----------

