On 8/1/06, jan gestre <[EMAIL PROTECTED]> wrote:
On 8/1/06, Svein Halvor Halvorsen <[EMAIL PROTECTED]> wrote: > jan gestre wrote: > i was trying to portupgrade ruby coz portaudit is complaining of > vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at > first i couldn't upgrade ruby coz portupgrade is complaining maybe coz > portaudit but someone in the list suggested this: > > # portupgrade -Rr -m DISABLE_VULNERABILITIES="yes" ruby > > whoala it installed the ruby package but still portaudit complains even > though the installed version is current which has no vulnerability. is this > normal? any way to fix these? This is expected behavior. The ports system will let you upgrade a vulnerable port without complaint. It will however complain if you try to install (or upgrade to) a version that has vulnerabilities. Since portupgrade complained, it's no surprise that portaudit also complains after the forced upgrade. This means that either the version in ports aren't fixed yet (the existence of a vulnerability of a prior version does not imply that said vulnerability is fixed in the current version), or that your ports tree is out of date. Seeing that the latter is not true, I would say you just have to wait for an updated version to appear in ports. You can create an account at freshports and ad ruby to your "watch list". That means you'll get notified when new versions arrive. i portupgrade the previous version ruby-1.8.4_8,1 to the current version which is ruby-1.8.4_9,1 and i also saw from the portaudit complaint that the new version is not anymore affected by the vulnerabilities of the old version meaning the maintainer already fixed this, however portaudit is still complaining. and how about the portsdb output? why is it complaining of stuff i don't have installed? i update the portaudit database and now it's no longer reporting the vulnerability :) which brings me back to my second question regarding the portsdb -Uu output, why is it complaining about those packages which i don't have installed?
many thanks in advance _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
