Date: Wed, 2 Sep 2015 23:43:20 +0200 From: Julien Laffaye <jlaffaye@freebsd.org> To: Kevin Oberman <rkoberman@gmail.com>, Rob Belics <rob@spartantheatre.org> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: lang/go security problem on one but not the other Message-ID: <55E76D78.8020209@freebsd.org> In-Reply-To: <CAN6yY1sga1S6sA_VLHgKxg3V%2Bzv4k3WQZC=taDK%2BmXRygJd%2B1w@mail.gmail.com> References: <CAPu-kW-gjcRbLv7-w-aqraty5npFyQ0vCqeWdmLnQ%2B%2BXwaf69Q@mail.gmail.com> <CAN6yY1sga1S6sA_VLHgKxg3V%2Bzv4k3WQZC=taDK%2BmXRygJd%2B1w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/2/2015 9:49 PM, Kevin Oberman wrote: > On Wed, Sep 2, 2015 at 9:31 AM, Rob Belics <rob@spartantheatre.org> wrote: > >> The date for vuln.xml, on the server which it won't build on, is September >> 1 while the date on the other is July 25. >> > OK. So the July 25 system seems to not be updating the vuln.xml file and > that file is from prior to the discovery of the vulnerabilities in 1.4.2. > > First, you need to find out why one system does not seem to be updating the > vuln.xml file. It should be updated by > /usr/local/etc/periodic/security/410.pkg-audit which is installed as part > of pkg. You can try running it manually (as root) to see what the problem > might be. > > Second, you should drop the maintainer of go14, jlaffaye@, a request that > he update go14 to 1.4.3. It is quite likely that he is already aware of the > issue and just has not gotten it taken care of yet. the vulnerability was > first reported on Aug. 28, so it is pretty recent. It is not unlikely that > he has been on vacation at this time of the year. There is no such release as 1.4.3. And it is unclear if the Go team would release one as 1.5 is out (they dont support old branches). lang/go14 is only in the PT to bootstrap lang/go, so refusing to build this port because it has security issues in the net package is kind of annoying. > -- > Kevin Oberman, Network Engineer, Retired > E-mail: rkoberman@gmail.com > PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 > _______________________________________________ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55E76D78.8020209>