ICU Portupdate faulty
Jos Chrispijn
bsdports at cloudzeeland.nl
Sat May 6 08:33:02 UTC 2017
Thanks y'all for your support - this was a real eye opener.
Best regards,
Jos
Op 5-5-2017 om 19:19 schreef Kevin Oberman:
> On Fri, May 5, 2017 at 6:37 AM, Jos Chrispijn
> <bsdports at cloudzeeland.nl <mailto:bsdports at cloudzeeland.nl>> wrote:
>
>
> Op 5-5-2017 om 18:05 schreef Adam Weinberger:
>
> On 5 May, 2017, at 9:48, mokhi <mokhi64 at gmail.com
> <mailto:mokhi64 at gmail.com>> wrote:
>
> Well, as I can see here <
> http://www.freshports.org/devel/icu/
> <http://www.freshports.org/devel/icu/> > an
> older version of this port is vulnerable not current version.
> Maybe by updating your tree your problem will be solved :-]
>
> Yes, this is the correct answer. After icu got patched, the
> VuXML entry was lowered to mark 58.2_2,1 as non-vulnerable.
> Jos, it sounds like your ports tree is after the icu update
> but before the VuXML modification. Update your ports tree to
> bring in the new VuXML file and you should be good.
>
> Adam, perhaps I am missing the clue here:
>
> - I had the correct updated version in my ports collection
> - Updating the vulnerable installed icu version with that version
> should not provide the Vulnerability message as that version is
> updates with the correct version in my icu port.
>
> In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes"
> was the only way of getting my faulty icu version updated to the
> version that is in my port.
>
> Kind of confused,
> Jos
>
>
> The VuXML DB is not a part of the ports tree. It is usually updated by
> the nightly periodic script, but you can manually fetch it with "pkg
> audit -F -q".
> --
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkoberman at gmail.com <mailto:rkoberman at gmail.com>
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-ports
mailing list