VLC fails to compile after cvsuping
Rick Voland
rpvoland at spamcop.net
Mon Nov 10 20:44:57 PST 2008
Rene Ladan wrote:
> Eduardo Cerejo schreef:
>> I just cvsuped my ports tree and vlc is the only port that it is
>> failing to compile. I'm using FBSD 7stable and this is the error that
>> I'm getting:
>>
>> ---> Upgrading 'vlc-0.8.6.i,2' to 'vlc-0.8.6.i_2,2' (multimedia/vlc)
>> ---> Building '/usr/ports/multimedia/vlc'
>> ===> Cleaning for vlc-0.8.6.i_2,2
>> ===> vlc-0.8.6.i_2,2 has known vulnerabilities:
>> => vlc -- cue processing stack overflow.
>> Reference:
>> <http://www.FreeBSD.org/ports/portaudit/4b09378e-addb-11dd-a578-0030843d3802.html>
>>
>> => Please update your ports tree and try again.
>> *** Error code 1
>>
>> Stop in /usr/ports/multimedia/vlc.
>> ** Command failed [exit code 1]: /usr/bin/script -qa
>> /tmp/portupgrade.1384.0 env UPGRADE_TOOL=portupgrade
>> UPGRADE_PORT=vlc-0.8.6.i,2 UPGRADE_PORT_VER=0.8.6.i,2 make
>> ** Fix the problem and try again.
>> ** Listing the failed packages (-:ignored / *:skipped / !:failed)
>> ! multimedia/vlc (vlc-0.8.6.i,2) (unknown build error)
>
> I don't know if this is a FAQ yet. Add DISABLE_VULNERABILITIES=yes to your
> /etc/make.conf and try again. This doesn't solve the vulnerabilities, so
> IGNORE_VULNERABILITIES would be more appropriate in my opninion.
>
> Regards,
> Rene
I am confused. The purpose of this update is to "solve the
vulnerabilities" as indicated at:
http://www.freshports.org/multimedia/vlc
"Fix a stack overflow vulnerability...."
The security notice indicates that this version should be free of this
particular issue.
http://www.vuxml.org/freebsd/4b09378e-addb-11dd-a578-0030843d3802.html
vlc -- cue processing stack overflow
Affected packages
vlc < 0.8.6i_2,2
So, why is portaudit preventing the updating to this version patched to
solve the issue?
Is the spelling difference important?
0.8.6i_2,2
vs
0.8.6.i_2,2
Thanks,
Rick Voland
rpvoland at spamcop.net
More information about the freebsd-ports
mailing list