VLC fails to compile after cvsuping
Joseph S. Atkinson
jsatkinson at embarqmail.com
Mon Nov 10 23:18:22 PST 2008
Rick Voland wrote:
> Rene Ladan wrote:
>> Eduardo Cerejo schreef:
>>> I just cvsuped my ports tree and vlc is the only port that it is
>>> failing to compile. I'm using FBSD 7stable and this is the error that
>>> I'm getting:
>>> ---> Upgrading 'vlc-0.8.6.i,2' to 'vlc-0.8.6.i_2,2' (multimedia/vlc)
>>> ---> Building '/usr/ports/multimedia/vlc'
>>> ===> Cleaning for vlc-0.8.6.i_2,2
>>> ===> vlc-0.8.6.i_2,2 has known vulnerabilities:
>>> => vlc -- cue processing stack overflow.
>>> => Please update your ports tree and try again.
>>> *** Error code 1
>>> Stop in /usr/ports/multimedia/vlc.
>>> ** Command failed [exit code 1]: /usr/bin/script -qa
>>> /tmp/portupgrade.1384.0 env UPGRADE_TOOL=portupgrade
>>> UPGRADE_PORT=vlc-0.8.6.i,2 UPGRADE_PORT_VER=0.8.6.i,2 make
>>> ** Fix the problem and try again.
>>> ** Listing the failed packages (-:ignored / *:skipped / !:failed)
>>> ! multimedia/vlc (vlc-0.8.6.i,2) (unknown build error)
>> I don't know if this is a FAQ yet. Add DISABLE_VULNERABILITIES=yes to your
>> /etc/make.conf and try again. This doesn't solve the vulnerabilities, so
>> IGNORE_VULNERABILITIES would be more appropriate in my opninion.
> I am confused. The purpose of this update is to "solve the
> vulnerabilities" as indicated at:
> "Fix a stack overflow vulnerability...."
> The security notice indicates that this version should be free of this
> particular issue.
> vlc -- cue processing stack overflow
> Affected packages
> vlc < 0.8.6i_2,2
> So, why is portaudit preventing the updating to this version patched to
> solve the issue?
> Is the spelling difference important?
> Rick Voland
> rpvoland at spamcop.net
The ".i" is done via the magic of the ports infrastructure. Took me a
minute to realize where that came from.
It actually looks like the wrong port revision was entered into VuXML as
vulnerable. 0.8.6.i_2,2 is the fixed version. You should be able to
build it manually as a one off without modifying make.conf via:
# make build deinstall reinstall DISABLE_VULNERABILITIES=true
I am trying to find out what needs to be done to fix this proper currently.
Thanks for the heads up.
More information about the freebsd-ports