Installing a vulnerable port

If you need to install a port which is vulnerable, FreeBSD will stop with something like this:

===>  subversion-1.0.4 has known vulnerabilities:
>> subversion -- WebDAV fails to protect metadata.
Reference: <http://people.freebsd.org/~eik/portaudit/184f5d0b-0fe8-11d9-8a8a-000c41e2cdad.html>

>> subversion: remote exploitable buffer overflow in 'svn://' parser.
Reference: <http://people.freebsd.org/~eik/portaudit/4616bc3b-bd0f-11d8-a252-02e0185c0b53.html>

>> mod\_authz\_svn access control bypass.
Reference: <http://people.freebsd.org/~eik/portaudit/cc35a97d-da35-11d8-9b0a-000347a4fa7d.html>

>> Please update your ports tree and try again.

*** Error code 1

Stop in /usr/ports/devel/subversion.

However, in this case I know I can install this port because I’m not going to be doing anything to expose those vulnerabilities. To force the port to install, you need to define the DISABLE_VULNERABILITIES knob:

make -DDISABLE_VULNERABILITIES install clean

Of course, it would be better to update the ports tree and install a less vulnerable version, but on the particular machine I’m doing this on, that’s not an option.

If you don’t have vulnerability checking when installing ports, then you need to install security/portaudit from ports.