From owner-freebsd-ports@FreeBSD.ORG Sun Oct 14 14:29:05 2007 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA06416A46B for ; Sun, 14 Oct 2007 14:29:05 +0000 (UTC) (envelope-from freebsd.lists@fsck.ch) Received: from secure.socket.ch (secure.socket.ch [212.103.70.36]) by mx1.freebsd.org (Postfix) with ESMTP id 7A75913C447 for ; Sun, 14 Oct 2007 14:29:05 +0000 (UTC) (envelope-from freebsd.lists@fsck.ch) Received: from 80-219-162-83.dclient.hispeed.ch ([80.219.162.83] helo=factory.fsck.ch) by secure.socket.ch with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68 (FreeBSD)) (envelope-from ) id 1Ih3lh-0001Di-GH; Sun, 14 Oct 2007 15:44:35 +0200 Message-ID: <47121D40.7040708@fsck.ch> Date: Sun, 14 Oct 2007 15:44:32 +0200 From: Tobias Roth User-Agent: Thunderbird 2.0.0.6 (X11/20070804) MIME-Version: 1.0 To: "L. Derksen" References: <47120F03.6070905@Conzales.demon.nl> In-Reply-To: <47120F03.6070905@Conzales.demon.nl> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -3.0 (---) X-Spam-Report: Spam detection software, running on the system "secure.socket.ch", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details. Content preview: L. Derksen wrote: > Hello, > > I did get a message from portaudit that my 'png-1.2.18'-package was a > security risk. So I updated my portstree with 'portsnap fetch update', > deleted the png-package (make deinstall) and then tried to install the > current png-package (1.2.22). Now the tree gives me the message: > > ===> png-1.2.18 has known vulnerabilities: > => png -- multiple vulnerabilities. > Reference: > > > => Please update your ports tree and try again. > *** Error code 1 > > Question: > Why is my ports tree not up to date with png-1.2.22? When i do a > 'portsnap fetch update' it gives me that my tree is up to date. [...] Content analysis details: (-3.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP 1.9 TVD_RCVD_IP TVD_RCVD_IP -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] -0.6 AWL AWL: From: address is in the auto white-list X-SA-Exim-Connect-IP: 80.219.162.83 X-SA-Exim-Mail-From: freebsd.lists@fsck.ch X-SA-Exim-Scanned: No (on secure.socket.ch); SAEximRunCond expanded to false Cc: ports@FreeBSD.org Subject: Re: FreeBSD Port: png-1.2.22 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Oct 2007 14:29:06 -0000 L. Derksen wrote: > Hello, > > I did get a message from portaudit that my 'png-1.2.18'-package was a > security risk. So I updated my portstree with 'portsnap fetch update', > deleted the png-package (make deinstall) and then tried to install the > current png-package (1.2.22). Now the tree gives me the message: > > ===> png-1.2.18 has known vulnerabilities: > => png -- multiple vulnerabilities. > Reference: > > > => Please update your ports tree and try again. > *** Error code 1 > > Question: > Why is my ports tree not up to date with png-1.2.22? When i do a > 'portsnap fetch update' it gives me that my tree is up to date. The portsnap server hardware is experiencing problems at the moment, this is being worked on. I figured since the png vulnerability is only DoS, and not code execution, I'll just wait until the hardware is fixed. If you don't want to wait, I suggest you get the update manually via cvs: CVSROOT="anoncvs@anoncvs1.FreeBSD.org:/home/ncvs" cvs co png Cheers, Tobias