You may have read about my weird network failure during which only firefox seemed to reach anything on the internet. The portsnap fetch function does work but in a sort of spotty inconsistent maybe not at all fashion. I had to resort to using svn to update ports, so I am now back to being able to update my ports whether directly or with poudriere. One of the things I know to do when websites strangely fail to connect is to update security/css_root_nss along with possibly a quick close and restart of firefox, until this time. I saw one of the most odd error messages:
recert
===> Deinstalling for ca_root_nss ===> ca_root_nss not installed, skipping pkg-static: unable to open vulnxml file (null): Invalid argument ===> ca_root_nss-3.58 has known vulnerabilities: => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make[2]: stopped in /usr/ports/security/ca_root_nss *** Error code 1 Stop. make[1]: stopped in /usr/ports/security/ca_root_nss *** Error code 1 Stop. make: stopped in /usr/ports/security/ca_root_nss
Yeah, recert is a simple alias to make the updating quick and a bit easier. Inside my root ~/.cshrc
# quickly re-install certificates alias recert make -C /usr/ports/security/ca_root_nss reinstall cleanInstead of using that I successfully installed ca_root_nss by including the DISABLE_VULNERABILITIES=yes with make as was suggested. This is still not a very good situation so to fix it I assumed that I needed to install something else, but saw the same issue again.
root@ichigo:/usr/ports/security/vuxml # make install clean pkg-static: unable to open vulnxml file (null): Invalid argument ===> vuxml-1.1_5 has known vulnerabilities: => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make: stopped in /usr/ports/security/vuxml
Even after using the same override method to get this installed, trying to install ca_root_nss I saw the same error mentioned above. Maybe something for vuxml was not installed, so I checked the pkg-plist for it and verified the locations to see if things were indeed installed.
more /usr/ports/security/vuxml/pkg-plist
@xmlcatmgr share/xml/dtd/vuxml/catalog @xmlcatmgr share/xml/dtd/vuxml/catalog.xml share/xml/dtd/vuxml/vuxml-10.dtd share/xml/dtd/vuxml/vuxml-11.dtd share/xml/dtd/vuxml/vuxml-model-10.mod share/xml/dtd/vuxml/vuxml-model-11.mod share/xml/dtd/vuxml/xml1.dcl root@ichigo:~ # cd /usr/local/share/xml/dtd/vuxml /usr/local/share/xml/dtd/vuxml: No such file or directory. root@ichigo:~ # cd /usr/share/xml/dtd/vuxml /usr/share/xml/dtd/vuxml: No such file or directory.
This is strange. I finally got smart and did an online search for "pkg-static: unable to open vulnxml file (null): Invalid argument" which brought me to an old mailing list reply which gave me the answer. I guess that due to my attempts to recover from the portsnap failing a few things were erased that I needed, the fix was easy:
pkg audit -F
Fetching vuln.xml.bz2: 100% 891 KiB 912.8kB/s 00:01 linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- out-of-bounds reads CVE: CVE-2017-17457 CVE: CVE-2017-17456 CVE: CVE-2017-14246 CVE: CVE-2017-14245 WWW: https://vuxml.FreeBSD.org/freebsd/30704aba-1da4-11e8-b6aa-4ccc6adda413.html linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- multiple vulnerabilities CVE: CVE-2017-14634 CVE: CVE-2017-12562 CVE: CVE-2017-8365 CVE: CVE-2017-8363 CVE: CVE-2017-8362 CVE: CVE-2017-8361 WWW: https://vuxml.FreeBSD.org/freebsd/2b386075-1d9c-11e8-b6aa-4ccc6adda413.html linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- out-of-bounds read memory access CVE: CVE-2017-6892 WWW: https://vuxml.FreeBSD.org/freebsd/004debf9-1d16-11e8-b6aa-4ccc6adda413.html linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- multiple vulnerabilities CVE: CVE-2017-7742 CVE: CVE-2017-7741 CVE: CVE-2017-7586 CVE: CVE-2017-7585 WWW: https://vuxml.FreeBSD.org/freebsd/5a97805e-93ef-4dcb-8d5e-dbcac263bfc2.html apache-openoffice-4.1.7_3 is vulnerable: Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents CVE: CVE-2020-13958 WWW: https://vuxml.FreeBSD.org/freebsd/4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6.html 5 problem(s) in 2 installed package(s) found.
This command seems to have created the files that were needed, since after the update output above I could install security/vuxml or security/ca_root_nss without issue. I've mentioned before that I seem to very frequently encounter strange errors and weird issues with my FreeBSD machine. They're all learning experiences and with this blog to help document them hopefully you learn from them as well, but surely I'll keep discovering random bizarre "ghost in the machine" style issues. You may be more lucky than me to either not run into any of these things, or less nice, yours will be completely different from mine.
No comments:
Post a Comment
Thank you for your interest!