# Broke portaudit 0.60 ( 6.4-RELEASE)



## CaptainSASH (Mar 26, 2012)

After updating to version 0.60 to 6.4-RELEASE broke portaudit


```
root@gw-dream # uname -v
FreeBSD 6.4-RELEASE-p11 #1: Thu Nov 17 11:43:11 EET 2011     root@gw-dream.uti-ua.com:/usr/obj/usr/src/sys/GW-DREAM

root@gw-dream # portaudit -Fda
auditfile.tbz                                 100% of   75 kB   75 kBps
unknown option '-sha256'
options are
-c              to output the digest with separating colons
-d              to output debug info
-hex            output as hex dump
-binary         output in binary form
-sign   file    sign digest using private key in file
-verify file    verify a signature using public key in file
-prverify file  verify a signature using private key in file
-keyform arg    key file format (PEM or ENGINE)
-signature file signature to verify
-binary         output in binary form
-engine e       use engine e, possibly a hardware device.
-md5 to use the md5 message digest algorithm (default)
-md4 to use the md4 message digest algorithm
-md2 to use the md2 message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha to use the sha message digest algorithm
-mdc2 to use the mdc2 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
portaudit: Database contains invalid signature.
Old database restored.
portaudit: Download failed.
root@gw-dream #
```

Any ideas?


----------



## SirDice (Mar 26, 2012)

Support for 6.4-RELEASE ended in November 2010.


----------



## DutchDaemon (Mar 26, 2012)

Upgrade to a supported release of FreeBSD. We cannot and will not offer support on end-of-life releases on this forum.


----------



## hatifnatt (Mar 31, 2012)

My solution.

Do you have security/openssl installed? If you have, its version must be 0.9.8Ñƒ or greater, I have 
	
	



```
/usr/local/bin/openssl version
OpenSSL 1.0.0h 12 Mar 2012
```

If you don't have security/openssl installed, you must install it. Simply like 
	
	



```
cd /usr/ports/security/openssl
make -DDISABLE_VULNERABILITIES install
```

-DDISABLE_VULNERABILITIES - because if you have a broken portaudit installed every port has "vulnerabilities". Th*e*n you need to copy the configuration file for openssl.

```
cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf
```

Also a small patch file

```
--- portaudit-cmd.sh.orig       Mon Mar 12 01:32:58 2012
+++ portaudit-cmd.sh    Sat Mar 31 07:31:47 2012
@@ -31,7 +31,7 @@
 #
 # $FreeBSD: ports/ports-mgmt/portaudit/files/portaudit-cmd.sh,v 1.20 2012/03/11 21:32:58 simon Exp $
 #
-
+openssl="/usr/local/bin/openssl"
 portaudit_confs()
 {
        if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
@@ -78,10 +78,10 @@
        local TMPFILE=`mktemp -t portaudit`

        extract_auditfile_raw | egrep "^#SIGNATURE: " | sed "s/^#SIGNATURE: //g" \
-               | openssl enc -d -a >$TMPFILE
+               | "$openssl" enc -d -a >$TMPFILE
        signatureresult=`extract_auditfile_raw | egrep -v "^#SIGNATURE: " \
            | egrep -v "^#CHECKSUM: " \
-           | openssl dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
+           | "$openssl" dgst -sha256 -verify ${portaudit_pubkey} -signature $TMPFILE`
        if [ -n "$TMPFILE" ]; then
                rm "$TMPFILE"
        fi
```
You need to use it on ports-mgmt/portaudit like 
	
	



```
cd /usr/ports/ports-mgmt/portaudit/files
patch -p0 < patch-file
```

That must help to temporary solve the problem, but you must update your system, or stop updating ports. Because every update now full of pain :e


----------



## CaptainSASH (Apr 2, 2012)

@hatifnatt, thanks for the question decided to radically - updated to 7.4-RELEASE.


----------

