# libxml2 port update



## Ico (Nov 22, 2008)

So I did


```
[root@lucy /usr/ports/textproc/libxml2]# portaudit -a
Affected package: libxml2-2.6.32_1
Type of problem: libxml2 -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
```

and found out that I have to update libxml2.. butt


```
[root@lucy /usr/ports/textproc/libxml2]# portmaster libxml2
===>>> Gathering distinfo list for installed ports

===>>> Currently installed version: libxml2-2.6.32_1
===>>> Port directory: /usr/ports/textproc/libxml2
===>>> Launching 'make checksum' for textproc/libxml2 in background
===>>> Gathering dependency list for textproc/libxml2 from ports
===>>> Starting recursive 'make config' check
===>>> Recursive 'make config' check complete for textproc/libxml2

===>>> Starting build for textproc/libxml2 <<<===

===>>> The 'make config' check found no dependencies to update

===>  Cleaning for libxml2-2.6.32_1

===>  libxml2-2.6.32_1 has known vulnerabilities:
=> libxml2 -- multiple vulnerabilities.
   Reference: <http://www.FreeBSD.org/ports/portaudit/f1e0164e-b67b-11dd-a55e-00163e000016.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/textproc/libxml2.

===>>> make failed for textproc/libxml2
===>>> Aborting update
```

Does this mean that there is no newer version of libxml2 in the ports yet? I did a portupgrade and have the latest version of the ports tree already. It is a dependency for php5 so I can't just delete it right now.

Suggestions?


----------



## gilinko (Nov 22, 2008)

You need to update your ports tree. So either run portsnap, csup or however you keep your ports tree up to date, and then try again as port revision 2 does exist in the tree(libxml2-2.6.32_2)


----------



## kamikaze (Nov 22, 2008)

You ought to update your ports tree and the vulnerability database.

# portaudit -Fa


----------



## feillex (Nov 22, 2008)

try the following 3 steps
1
	
	



```
rm /var/db/portaudit/auditfile.tbz
```
2
	
	



```
portmaster libxml2
```
3
	
	



```
portaudit -Fda
```


----------



## Mel_Flynn (Nov 22, 2008)

Gilinko already gave the correct answer, the rest is FUD.

You can verify that the security fixes got in the 19th of November here.


----------



## Ico (Nov 22, 2008)

Thanks guys, problem solved. I suppose I was a bit confused about how to upgrade the ports tree.. thought portupgrade was for that reason, my bad.

so basically whenever there's a vulnerability do:


```
# csup -L 2 /root/ports-supfile
# portmaster -a                   #to update all installed ports
```

or


```
# portmaster portname             #to update the vulnerable port
```


----------



## anomie (Nov 22, 2008)

Ico said:
			
		

> so basically whenever there's a vulnerability do:
> 
> 
> ```
> ...



This is a matter of preference / opinion, but I'd suggest updating only the vulnerable port (not all ports, which sometimes gets you into trouble). I don't have a lot of tolerance for breakage. 

Also, make a habit of reading /usr/ports/UPDATING after you update your ports tree. This file includes special instructions for upgrading certain ports.


----------

