From owner-freebsd-questions@FreeBSD.ORG Mon Jul 31 18:36:43 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13E2D16A4E2 for ; Mon, 31 Jul 2006 18:36:43 +0000 (UTC) (envelope-from freebsd.ph@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5226843D4C for ; Mon, 31 Jul 2006 18:36:40 +0000 (GMT) (envelope-from freebsd.ph@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so961357uge for ; Mon, 31 Jul 2006 11:36:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Prr2+Px5wx+RxD15A1WX8LpZiKazY2iXPcpyP9/CEVxrscPfPK490dV2KyPTxGSBeqWgp1w82gCMpu0dGcoHOyrkU0MpJPEN62DhAfnX/g6q1YxYIEX/ZHbcxBWrlpjLYYsDmOMR+voHEqS18UvTpkfUbbFski2V8/P65sOLKuk= Received: by 10.78.123.4 with SMTP id v4mr639726huc; Mon, 31 Jul 2006 11:36:39 -0700 (PDT) Received: by 10.78.141.18 with HTTP; Mon, 31 Jul 2006 11:36:39 -0700 (PDT) Message-ID: Date: Tue, 1 Aug 2006 02:36:39 +0800 From: "jan gestre" To: "Svein Halvor Halvorsen" In-Reply-To: MIME-Version: 1.0 References: <44CE47F0.8020505@lvor.halvorsen.cc> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: FreeBSD Questions Subject: Re: portsdb output and portaudit question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 18:36:43 -0000 On 8/1/06, jan gestre wrote: > > > > On 8/1/06, Svein Halvor Halvorsen wrote: > > > jan gestre wrote: > > i was trying to portupgrade ruby coz portaudit is complaining of > > vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at > > first i couldn't upgrade ruby coz portupgrade is complaining maybe coz > > portaudit but someone in the list suggested this: > > > > # portupgrade -Rr -m DISABLE_VULNERABILITIES="yes" ruby > > > > whoala it installed the ruby package but still portaudit complains even > > though the installed version is current which has no vulnerability. is > this > > normal? any way to fix these? > > > This is expected behavior. The ports system will let you upgrade a > vulnerable port without complaint. It will however complain if you try > to install (or upgrade to) a version that has vulnerabilities. Since > portupgrade complained, it's no surprise that portaudit also complains > after the forced upgrade. > > This means that either the version in ports aren't fixed yet (the > existence of a vulnerability of a prior version does not imply that said > vulnerability is fixed in the current version), or that your ports tree > is out of date. Seeing that the latter is not true, I would say you > just have to wait for an updated version to appear in ports. > > You can create an account at freshports and ad ruby to your "watch > list". That means you'll get notified when new versions arrive. > > > i portupgrade the previous version ruby-1.8.4_8,1 to the current version > which is ruby-1.8.4_9,1 and i also saw from the portaudit complaint that > the new version is not anymore affected by the vulnerabilities of the old > version meaning the maintainer already fixed this, however portaudit is > still complaining. and how about the portsdb output? why is it complaining > of stuff i don't have installed? > > i update the portaudit database and now it's no longer reporting the > vulnerability :) which brings me back to my second question regarding the > portsdb -Uu output, why is it complaining about those packages which i don't > have installed? > many thanks in advance