Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 Jul 2006 20:12:00 +0200
From:      Svein Halvor Halvorsen <svein.h@lvor.halvorsen.cc>
To:        jan gestre <freebsd.ph@gmail.com>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: portsdb output and portaudit question
Message-ID:  <44CE47F0.8020505@lvor.halvorsen.cc>
In-Reply-To: <a25afc300607311057s6072667bsf14671c83c609813@mail.gmail.com>
References:  <a25afc300607311057s6072667bsf14671c83c609813@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD051478B6538D48BA5508E0D
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

jan gestre wrote:
> i was trying to portupgrade ruby coz portaudit is complaining of
> vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at=

> first i couldn't upgrade ruby coz portupgrade is complaining maybe coz
> portaudit but someone in the list suggested this:
>=20
> # portupgrade -Rr -m DISABLE_VULNERABILITIES=3D"yes" ruby
>=20
> whoala it installed the ruby package but still portaudit complains even=

> though the installed version is current which has no vulnerability. is =
this
> normal? any way to fix these?


This is expected behavior. The ports system will let you upgrade a
vulnerable port without complaint. It will however complain if you try
to install (or upgrade to) a version that has vulnerabilities. Since
portupgrade complained, it's no surprise that portaudit also complains
after the forced upgrade.

This means that either the version in ports aren't fixed yet (the
existence of a vulnerability of a prior version does not imply that said
vulnerability is fixed in the current version), or that your ports tree
 is out of date. Seeing that the latter is not true, I would say you
just have to wait for an updated version to appear in ports.

You can create an account at freshports and ad ruby to your "watch
list". That means you'll get notified when new versions arrive.


	Svein Halvor


--------------enigD051478B6538D48BA5508E0D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
Comment: mailto:pgpkey@svein.halvorsen.cc to get my PGP-key

iD8DBQFEzkfwhQg3vZGYu0ARAq+FAJ0U6UGU6g+HANhHYIQ8Zgryty1BwQCePWuQ
hDi/qY3e8DWXhs9jietgJcY=
=O70F
-----END PGP SIGNATURE-----

--------------enigD051478B6538D48BA5508E0D--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44CE47F0.8020505>