# can't install Apache22 using ports



## tvs (Mar 25, 2014)

Hi,

I'm trying to install Apache22 using ports in FreeBSD 10 and I got this error:


```
/usr/ports/www/apache22 # make install
apache22-2.2.26 has known vulnerabilities:
apache22-2.2.26 is vulnerable:
apache -- several vulnerabilities
CVE: CVE-2013-6438
CVE: CVE-2014-0098
WWW: http://portaudit.FreeBSD.org/91ecb546-b1e6-11e3-980f-20cf30e32f6d.html
=> Please update your ports tree and try again.
*** Error code 1
```

I did `portsnap fetch update` and then tried again but it doesn't seem to help (I got the same error). Is there anything else I should do in order to install Apache22?

Thanks in advance for any help!


----------



## archan127 (Mar 25, 2014)

According to http://www.freshports.org, www/apache22 is listed as vulnerable. The maintainer has not patched the security vulnerabilies yet. If you really need the port to be installed on your computer, you can use


```
DISABLE_VULNERABILITIES=yes
```
However, I would not recommend or endorse that unless you clearly understand the security implications of doing so. 

Also, I have found that if FreeBSD 10 misses the daily 3 am maintenance, you may have to manually update the pkg audit database by using `pkg audit -F` to update the database. It seems `portsnap fetch` doesn't update that automatically. (I found that out trying to update python33).


----------



## kpa (Mar 25, 2014)

That's not surprising that the vulnerability DB isn't updated by portsnap(8) because it isn't designed to deal with the vulnerabilty DB at all. That's why there is a separate periodic(8) job that runs pkg-audit(8).


```
firewall ~ % ls -l /usr/local/etc/periodic/security/410.pkg-audit 
-r-xr-xr-x  1 root  wheel  2654 Mar 16 03:45 /usr/local/etc/periodic/security/410.pkg-audit
```


----------



## pez (Mar 28, 2014)

it should work now if you update your ports.


----------



## tvs (Mar 29, 2014)

Thank you everybody for your help!


----------

