# portupgrade -m "WITH_CONTENT_SCAN=yes WITH_SASLAUTHD=yes WITH_DOMAINKEYS=yes" exim

• Log into the database as root, and run the following commands to remove anonymous accounts:
use mysql;
delete from user where User='';
delete from db where User='';
flush privileges;
SET PASSWORD FOR root@localhost=PASSWORD('newgoodstrongpassword');
SET PASSWORD FOR root@127.0.0.1=PASSWORD('newgoodstrongpassword');
SET PASSWORD FOR root@host.example.com=PASSWORD('newgoodstrongpassword');

> sudo portupgrade -rR php5
---> Upgrading 'php5-5.1.6' to 'php5-5.1.6_1' (lang/php5)
---> Building '/usr/ports/lang/php5'
===> Cleaning for autoconf-2.59_2
===> Cleaning for pkg-config-0.21
===> Cleaning for libxml2-2.6.26
===> Cleaning for perl-5.8.8
===> Cleaning for m4-1.4.4
===> Cleaning for help2man-1.36.4_1
===> Cleaning for gmake-3.81_1
===> Cleaning for libiconv-1.9.2_2
===> Cleaning for p5-gettext-1.05_1
===> Cleaning for gettext-0.14.5_2
===> Cleaning for libtool-1.5.22_2
===> Cleaning for php5-5.1.6_1
===> php5-5.1.6_1 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/lang/php5.

Portaudit has stopped your portupgrade because one of the ports you are installing has a known security vulnerability – it’s even handy enough to provide a link to more information.

But what if you are willing to accept or mitigate the risk of the security hole – how do you build the port without portaudit stopping you? The answer is the-DDISABLE_VULNERABILITIES flag:

> sudo portupgrade -rR -m -DDISABLE_VULNERABILITIES php5
Password:
---> Upgrading 'php5-5.1.6' to 'php5-5.1.6_1' (lang/php5)
---> Building '/usr/ports/lang/php5' with make flags: -DDISABLE_VULNERABILITIES
===> Cleaning for autoconf-2.59_2
===> Cleaning for pkg-config-0.21
===> Cleaning for libxml2-2.6.26
===> Cleaning for perl-5.8.8
===> Cleaning for m4-1.4.4
===> Cleaning for help2man-1.36.4_1
===> Cleaning for gmake-3.81_1
===> Cleaning for libiconv-1.9.2_2
===> Cleaning for p5-gettext-1.05_1
===> Cleaning for gettext-0.14.5_2
===> Cleaning for libtool-1.5.22_2
===> Cleaning for php5-5.1.6_1
===> Found saved configuration for php5-5.1.6_1
[...]

Obviously, use the -DDISABLE_VULNERABILITIES flag with caution. Tip seen at TaoSecurity.

> pkg_info -g -x drupal
Information for drupal-4.6.9:

Mismatched Checksums:
/usr/local/www/drupal/.htaccess fails the original MD5 checksum

In this case, you might want to preserve your .htaccess file to merge it back in to your drupal installation after upgrading.

WRKDIRPREFIX=/home/anl/ports-build
DISTDIR=/home/anl/ports-dist

WRKDIRPREFIX is a directory that the unprivileged user as able to write to; DISTDIR is the directory their downloads of source files are written to.

If the port you are building requires another port to be installed for it to be built, you will be prompted for the root password, so this technique is not suitable for unattended port installations.

# portupgrade -rR -o lang/perl5.8 lang/perl5

After the upgrade (this is applicable after any Perl ports upgrade, such as 5.8.8 to 5.8.9), run the perl-after-upgrade script, first in test mode, then in fix mode:

# perl-after-upgrade
# perl-after-upgrade -f

Fix any errors highlighted by perl-after-upgrade, and reinstall any required packages. Review files left behind from the older Perl installation (typically /usr/local/lib/perl5/site_perl/5.X.Y/). After verifying that the upgraded Perl works as expected, remove +CONTENTS.bak files from subdirectories under /var/db/pkg.

See the perl-after-upgrade man page for more details.