You may have read about my weird network failure during which only firefox seemed to reach anything on the internet. The portsnap fetch function does work but in a sort of spotty inconsistent maybe not at all fashion. I had to resort to using svn to update ports, so I am now back to being able to update my ports whether directly or with poudriere. One of the things I know to do when websites strangely fail to connect is to update security/css_root_nss along with possibly a quick close and restart of firefox, until this time. I saw one of the most odd error messages:
===> Deinstalling for ca_root_nss ===> ca_root_nss not installed, skipping pkg-static: unable to open vulnxml file (null): Invalid argument ===> ca_root_nss-3.58 has known vulnerabilities: => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make[2]: stopped in /usr/ports/security/ca_root_nss *** Error code 1 Stop. make[1]: stopped in /usr/ports/security/ca_root_nss *** Error code 1 Stop. make: stopped in /usr/ports/security/ca_root_nss
Yeah, recert is a simple alias to make the updating quick and a bit easier. Inside my root
# quickly re-install certificates alias recert make -C /usr/ports/security/ca_root_nss reinstall clean
Instead of using that I successfully installed ca_root_nss by including the DISABLE_VULNERABILITIES=yes with make as was suggested. This is still not a very good situation so to fix it I assumed that I needed to install something else, but saw the same issue again.
root@ichigo:/usr/ports/security/vuxml # make install clean pkg-static: unable to open vulnxml file (null): Invalid argument ===> vuxml-1.1_5 has known vulnerabilities: => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make: stopped in /usr/ports/security/vuxml
Even after using the same override method to get this installed, trying to install ca_root_nss I saw the same error mentioned above. Maybe something for vuxml was not installed, so I checked the
@xmlcatmgr share/xml/dtd/vuxml/catalog @xmlcatmgr share/xml/dtd/vuxml/catalog.xml share/xml/dtd/vuxml/vuxml-10.dtd share/xml/dtd/vuxml/vuxml-11.dtd share/xml/dtd/vuxml/vuxml-model-10.mod share/xml/dtd/vuxml/vuxml-model-11.mod share/xml/dtd/vuxml/xml1.dcl root@ichigo:~ # cd /usr/local/share/xml/dtd/vuxml /usr/local/share/xml/dtd/vuxml: No such file or directory. root@ichigo:~ # cd /usr/share/xml/dtd/vuxml /usr/share/xml/dtd/vuxml: No such file or directory.
This is strange. I finally got smart and did an online search for "pkg-static: unable to open vulnxml file (null): Invalid argument" which brought me to an old mailing list reply which gave me the answer. I guess that due to my attempts to recover from the portsnap failing a few things were erased that I needed, the fix was easy:
Fetching vuln.xml.bz2: 100% 891 KiB 912.8kB/s 00:01 linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- out-of-bounds reads CVE: CVE-2017-17457 CVE: CVE-2017-17456 CVE: CVE-2017-14246 CVE: CVE-2017-14245 WWW: https://vuxml.FreeBSD.org/freebsd/30704aba-1da4-11e8-b6aa-4ccc6adda413.html linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- multiple vulnerabilities CVE: CVE-2017-14634 CVE: CVE-2017-12562 CVE: CVE-2017-8365 CVE: CVE-2017-8363 CVE: CVE-2017-8362 CVE: CVE-2017-8361 WWW: https://vuxml.FreeBSD.org/freebsd/2b386075-1d9c-11e8-b6aa-4ccc6adda413.html linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- out-of-bounds read memory access CVE: CVE-2017-6892 WWW: https://vuxml.FreeBSD.org/freebsd/004debf9-1d16-11e8-b6aa-4ccc6adda413.html linux-c7-libsndfile-1.0.25_5 is vulnerable: libsndfile -- multiple vulnerabilities CVE: CVE-2017-7742 CVE: CVE-2017-7741 CVE: CVE-2017-7586 CVE: CVE-2017-7585 WWW: https://vuxml.FreeBSD.org/freebsd/5a97805e-93ef-4dcb-8d5e-dbcac263bfc2.html apache-openoffice-4.1.7_3 is vulnerable: Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents CVE: CVE-2020-13958 WWW: https://vuxml.FreeBSD.org/freebsd/4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6.html 5 problem(s) in 2 installed package(s) found.
This command seems to have created the files that were needed, since after the update output above I could install security/vuxml or
While cleaning up this blog post in 2026, I discovered that the mailing list reply url I gave did not function. I have replaced it with what I believe is the same thread or one very similar to what I had found in 2020.
No comments:
Post a Comment