From owner-freebsd-ports@freebsd.org  Wed Sep  2 16:31:39 2015
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BD769C9713
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Wed,  2 Sep 2015 16:31:39 +0000 (UTC)
 (envelope-from robbelics@gmail.com)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com
 [IPv6:2607:f8b0:4003:c01::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6540B110A
 for <freebsd-ports@freebsd.org>; Wed,  2 Sep 2015 16:31:39 +0000 (UTC)
 (envelope-from robbelics@gmail.com)
Received: by obuk4 with SMTP id k4so12686730obu.2
 for <freebsd-ports@freebsd.org>; Wed, 02 Sep 2015 09:31:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:date:message-id:subject:from:to:content-type;
 bh=WIysB5CNFzM8nXeRos/yFRpzyIHEBpANva8eve56958=;
 b=J538viShxm6vBlDLWm5/eINP80jHg93PBIlQPoQSSARu+/VXCbRDQQNMbmh8prOk2+
 T0eJnhUY0xq2yVCN4rIIRFAYhCHP7FZG55BjxhPbHFN232BlPJIsmQ7wzZwVCJbao36K
 iB5xF8jhHPdA8vsWtmQYz9IzzztXj8Vmgle4cL7eDukiGE6YLMM4diviLKrkDTUxIjs6
 VuGw8cEIoREMGE9RBnFtUlLs+fz4OIjFPYXqMk5Kn1wLyYqSFvoQ0HzMn5s5yAtzZ9IX
 6/8h8wBJwet7t5hi8xR1sro7KhimLkpsAmB5u//9AAJbgrgL4th4QSiN1Mje4lSb64Ut
 2faA==
MIME-Version: 1.0
X-Received: by 10.60.130.136 with SMTP id oe8mr20945837oeb.10.1441211498803;
 Wed, 02 Sep 2015 09:31:38 -0700 (PDT)
Sender: robbelics@gmail.com
Received: by 10.202.172.206 with HTTP; Wed, 2 Sep 2015 09:31:38 -0700 (PDT)
Date: Wed, 2 Sep 2015 11:31:38 -0500
X-Google-Sender-Auth: EDHc1AM0URZJ4ktXssm9QaK2I4I
Message-ID: <CAPu-kW-gjcRbLv7-w-aqraty5npFyQ0vCqeWdmLnQ++Xwaf69Q@mail.gmail.com>
Subject: lang/go security problem on one but not the other
From: Rob Belics <rob@spartantheatre.org>
To: freebsd-ports@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 16:31:39 -0000

The date for vuln.xml, on the server which it won't build on, is September
1 while the date on the other is July 25.

Here is the output when I try this:

===>>> The following actions will be taken if you choose to proceed:
Install lang/go
Install lang/go14

===>>> Proceed? y/n [y]


===>>> Starting build for lang/go <<<===

===>>> Starting check for build dependencies
===>>> Gathering dependency list for lang/go from ports
===>>> Launching child to install lang/go14

===>>> lang/go >> lang/go14 (1/1)

===>>> Port directory: /usr/ports/lang/go14

===>>> Starting check for build dependencies
===>>> Gathering dependency list for lang/go14 from ports
===>>> Dependency check complete for lang/go14

===>>> lang/go >> lang/go14 (1/1)

===>  Cleaning for go14-1.4.2
===>  go14-1.4.2 has known vulnerabilities:
go14-1.4.2 is vulnerable:
go -- multiple vulnerabilities
CVE: CVE-2015-5741
CVE: CVE-2015-5740
CVE: CVE-2015-5739
WWW:
https://vuxml.FreeBSD.org/freebsd/4464212e-4acd-11e5-934b-002590263bf5.html

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make: stopped in /usr/ports/lang/go14

===>>> make build failed for lang/go14
===>>> Aborting update

===>>> Update for lang/go14 failed
===>>> Aborting update


===>>> You can restart from the point of failure with this command line:
       portmaster <flags> lang/go lang/go14