Portaudit detects wrong version of subversion
Matthew Seaman
matthew.seaman at adestra.com
Wed Dec 18 10:51:46 UTC 2013
On 12/18/13 10:21, Mike Clarke wrote:
>
> There appears to be an inconsistency somewhere in my ports. I build all my
> ports from source and don't use pkg add.
>
> curlew:/home/mike% portaudit
> Affected package: subversion-1.7.13
> Type of problem: subversion -- multiple vulnerabilities.
> Reference:
> http://portaudit.FreeBSD.org/e3244a7b-5603-11e3-878d-20cf30e32f6d.html
>
> 1 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s) immediately.
>
> But I'm running version subversion-1.8.5, not subversion-1.7.13
>
> curlew:/home/mike% svn --version --quiet
> 1.8.5
>
> And there's no sign of any other version on my system
>
> curlew:/home/mike% pkg info -x subversion
> subversion-1.8.5
>
> Although portaudit reports a problem everything looks OK with pkg audit
>
> curlew:/home/mike% pkg audit
> 0 problem(s) in the installed packages found.
>
> Where should I be looking to clean up this inconsistency?
>
portaudit works with the old still pkg_install database -- on a
pkgngized system you should use 'pkg audit' instead. Does essentially
the same job, but using /var/db/pkg/local.sqlite rather than all those
old sub-directories for individual ports under /var/db/pkg.
If this is something in your daily/weekly/monthly e-mails, there is a
directly equivalent periodic script using 'pkg audit' which you can turn
on, and turn off the portaudit one. Or just 'pkg delete portaudit'
because it doesn't really do anything useful on a pkgngized system.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20131218/5c5b5b4d/attachment.sig>
More information about the freebsd-questions
mailing list