Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 May 2004 13:06:21 -0500
From:      "Jacques A. Vidrine" <nectar@FreeBSD.org>
To:        Artur Pydo <artur@pydo.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Bad VuXML check on PNG port ?
Message-ID:  <20040503180621.GA16203@madman.celabo.org>
In-Reply-To: <40968883.3070103@pydo.org>
References:  <40965500.4040205@pydo.org> <20040503144335.GA15293@madman.celabo.org> <40968883.3070103@pydo.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 03, 2004 at 07:59:31PM +0200, Artur Pydo wrote:
> Hello,
> 
> Jacques A. Vidrine wrote:
> 
> >The VuXML document needed to be updated after ache@ made the fix.
> >I've done so now.
> 
> Yes but the file located at :
> 
> ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/eik/auditfile.tbz
> 
> has not been updated and it works as the reference database for
> portaudit and, i suppose, for the pkg_install-base-devel ports.
>
> Nothing has changed for me even after updating the ports tree
> and the portaudit reference file. I know that there is a workaround
> modifying 'auditfile' by hand as it is a ascii file.

What you are describing is a problem with portaudit.  You might want
to contact eik@ to determine why the lag time.

> I suggest that in future one avoid setting vulnerable versions as > 0
> because the update fails as long as the reference file has not been
> updated with the correct vulnerable port later.
> 
> In this case it would be much more efficient to set 'png<1.2.5_3'
> from the beginning.

I guess you mean `png <= 1.2.5_3'.  That approach has its own
problems, but I do use it sometimes if I am quite certain of which
later port version will be fixed.

Cheers,
-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040503180621.GA16203>