VLC fails to compile after cvsuping

Rick Voland rpvoland at spamcop.net
Mon Nov 10 20:44:57 PST 2008

Rene Ladan wrote:
> Eduardo Cerejo schreef:
>> I just cvsuped my ports tree and vlc is the only port that it is
>> failing to compile.  I'm using FBSD 7stable and this is the error that
>> I'm getting:
>> --->  Upgrading 'vlc-0.8.6.i,2' to 'vlc-0.8.6.i_2,2' (multimedia/vlc)
>> --->  Building '/usr/ports/multimedia/vlc'
>> ===>  Cleaning for vlc-0.8.6.i_2,2
>> ===>  vlc-0.8.6.i_2,2 has known vulnerabilities:
>> => vlc -- cue processing stack overflow.
>>    Reference:
>> <http://www.FreeBSD.org/ports/portaudit/4b09378e-addb-11dd-a578-0030843d3802.html>
>> => Please update your ports tree and try again.
>> *** Error code 1
>> Stop in /usr/ports/multimedia/vlc.
>> ** Command failed [exit code 1]: /usr/bin/script -qa
>> /tmp/portupgrade.1384.0 env UPGRADE_TOOL=portupgrade
>> UPGRADE_PORT=vlc-0.8.6.i,2 UPGRADE_PORT_VER=0.8.6.i,2 make
>> ** Fix the problem and try again.
>> ** Listing the failed packages (-:ignored / *:skipped / !:failed)
>>         ! multimedia/vlc (vlc-0.8.6.i,2)        (unknown build error)
> I don't know if this is a FAQ yet.  Add DISABLE_VULNERABILITIES=yes to your
> /etc/make.conf and try again. This doesn't solve the vulnerabilities, so
> IGNORE_VULNERABILITIES would be more appropriate in my opninion.
> Regards,
> Rene

I am confused.  The purpose of this update is to "solve the
vulnerabilities" as indicated at:
"Fix a stack overflow vulnerability...."

The security notice indicates that this version should be free of this
particular issue.
vlc -- cue processing stack overflow
Affected packages
vlc < 0.8.6i_2,2

So, why is portaudit preventing the updating to this version patched to
solve the issue?

Is the spelling difference important?


Rick Voland
rpvoland at spamcop.net

More information about the freebsd-ports mailing list