メンテナンス・トラブルシュート - - SSL - openssl か openssl-devel か - openssl 1.0.2_12 → 1.0.2_13
1. 問題 ports の更新を確認中に > pkg version -vl "<" openssl-1.0.2_12 < needs updating (index has 1.0.2_13) というので > portupgrade -vRr openssl すると ---> Session started at: 日時 [Reading data from pkg(8) ... - 227 packages found - done] ・・・ openssl-1.0.2_13 is vulnerable: OpenSSL -- vulnerability in DSA signing CVE: CVE-2016-2178 WWW: https://vuxml.FreeBSD.org/freebsd/6f0529e2-2e82-11e6-b2ec-b499baebfeaf.html 1 problem(s) in the installed packages found. => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** [check-vulnerable] Error code 1 Stop in /usr/ports/security/openssl. *** [stage] Error code 1 Stop in /usr/ports/security/openssl. ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20160613-77857-1x096eu env UPGRADE_TOOL=portupgrade UPGRADE_PORT=openssl-1.0.2_12 UPGRADE_PORT_VER=1.0.2_12 make ** Fix the problem and try again. ---> Build of security/openssl ended at: 日時 (consumed 00:00:02) ---> Upgrade of security/openssl ended at: Mon, 日時 (consumed 00:00:02) ---> ** Upgrade tasks 1: 0 done, 0 ignored, 0 skipped and 1 failed ---> Listing the results (+:done / -:ignored / *:skipped / !:failed) ! security/openssl (openssl-1.0.2_12) (security vulnerabilities) ---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed ---> Session ended at: 日時 2. 解決 こういうときは、特に理由がなければ、いう通りにするのが一番よいのです。 > cd /usr/ports/security/openssl > make DISABLE_VULNERABILITIES=yes > reinstall 無事に終わったようなので確認してみます。 > pkg version -v | grep openssl openssl-1.0.2_13 = up-to-date with index うまくいきました。
> pkg version -vl "<" openssl-1.0.2_12 < needs updating (index has 1.0.2_13)
> portupgrade -vRr openssl
---> Session started at: 日時 [Reading data from pkg(8) ... - 227 packages found - done] ・・・ openssl-1.0.2_13 is vulnerable: OpenSSL -- vulnerability in DSA signing CVE: CVE-2016-2178 WWW: https://vuxml.FreeBSD.org/freebsd/6f0529e2-2e82-11e6-b2ec-b499baebfeaf.html 1 problem(s) in the installed packages found. => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** [check-vulnerable] Error code 1 Stop in /usr/ports/security/openssl. *** [stage] Error code 1 Stop in /usr/ports/security/openssl. ** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20160613-77857-1x096eu env UPGRADE_TOOL=portupgrade UPGRADE_PORT=openssl-1.0.2_12 UPGRADE_PORT_VER=1.0.2_12 make ** Fix the problem and try again. ---> Build of security/openssl ended at: 日時 (consumed 00:00:02) ---> Upgrade of security/openssl ended at: Mon, 日時 (consumed 00:00:02) ---> ** Upgrade tasks 1: 0 done, 0 ignored, 0 skipped and 1 failed ---> Listing the results (+:done / -:ignored / *:skipped / !:failed) ! security/openssl (openssl-1.0.2_12) (security vulnerabilities) ---> Packages processed: 0 done, 0 ignored, 0 skipped and 1 failed ---> Session ended at: 日時
> cd /usr/ports/security/openssl > make DISABLE_VULNERABILITIES=yes > reinstall
> pkg version -v | grep openssl openssl-1.0.2_13 = up-to-date with index
