From owner-freebsd-ports@freebsd.org Tue Feb 2 13:29:41 2021 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BA68F532709 for ; Tue, 2 Feb 2021 13:29:41 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DVQdv3phVz3HjF; Tue, 2 Feb 2021 13:29:39 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from ivaldir.etoilebsd.net (etoilebsd.net [178.32.217.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id 05FEF29617; Tue, 2 Feb 2021 13:29:38 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: by ivaldir.etoilebsd.net (Postfix, from userid 1001) id 82C41121C1D; Tue, 2 Feb 2021 14:29:07 +0100 (CET) Date: Tue, 2 Feb 2021 14:29:07 +0100 From: Baptiste Daroussin To: Robert Huff Cc: freebsd-ports@freebsd.org Subject: Re: broken vuln.xml? Message-ID: <20210202132907.s3ti3db4nst7hwmx@ivaldir.net> References: <24601.19440.720600.521935@jerusalem.litteratus.org> <20210202130114.54c0c6be@raksha.tavi.co.uk> <20210202130446.k2xlenarnp3dpkdy@ivaldir.net> <24601.20654.427393.632949@jerusalem.litteratus.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ufdbjtw3htt4djbl" Content-Disposition: inline In-Reply-To: <24601.20654.427393.632949@jerusalem.litteratus.org> X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2021 13:29:41 -0000 --ufdbjtw3htt4djbl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 02, 2021 at 08:16:30AM -0500, Robert Huff wrote: >=20 > Baptiste Daroussin writes: >=20 > > On Tue, Feb 02, 2021 at 01:01:14PM +0000, Bob Eager wrote: > > =20 > > > > This appears to have broken (Sunday?) on one of my systems. > > > > What is the correct way to download/regenerate this file? > > >=3D20 > > > portaudit is being replaced by pkg audit. > > >=3D20 > > > This may already have happened - I am not sure. > > =20 > > portaudit has been replaced by pkg audit 7 years ago! (removed > > from the ports tree in 2014. >=20 > So here's my problem: > Starting yesterday all attempts to rebuild ports - any port - end > like this: >=20 > portmaster: java-zoneinfo-2020.d > =3D=3D=3D>>> Currently installed version: java-zoneinfo-2020.d > =3D=3D=3D>>> Port directory: /usr/ports/java/java-zoneinfo >=20 > =3D=3D=3D>>> Gathering distinfo list for installed ports >=20 > =3D=3D=3D>>> Launching 'make checksum' for java/java-zoneinfo in backgrou= nd > =3D=3D=3D>>> Gathering dependency list for java/java-zoneinfo from ports > =3D=3D=3D>>> Initial dependency check complete for java/java-zoneinfo >=20 > portmaster: java-zoneinfo-2020.d > =3D=3D=3D>>> Starting build for java/java-zoneinfo <<<=3D=3D=3D >=20 > =3D=3D=3D>>> All dependencies are up to date >=20 > =3D=3D=3D> Cleaning for java-zoneinfo-2021.a > pkg-static: Invalid end of XML > pkg-static: cannot process vulnxml > =3D=3D=3D> java-zoneinfo-2021.a has known vulnerabilities: >=20 > =3D> Please update your ports tree and try again. > =3D> Note: Vulnerable ports are marked as such even if there is no update= available. > =3D> If you wish to ignore this vulnerability rebuild with 'make DISABLE_= VULNERABILITIES=3Dyes' > *** Error code 1 >=20 > Stop. > make: stopped in /usr/ports/java/java-zoneinfo >=20 > Am I even asking about the right file? > What broke, why (if possible), and how do I fix it? >=20 >=20 > Respectfully, >=20 >=20 > Robert Huff >=20 Does pkg audit -F fixes your problem ? Best regards, Bapt --ufdbjtw3htt4djbl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAmAZU6EACgkQY4mL3PG3 Plqwpw//Rz88LhBLx89OYZ1JLewtaSwadFjcicxcq6XRmG1Yc/qvLyXoG3tJBBd1 zyvzvznuT2T4zDNMvqyBgWmD96/bQEwCJ6d22enxr2RFHe2r8uWe7iw2wdSzwDdE IxxbySeo0T4fBCSVH5+hm0FZC3AJ74m69Juys27yzMnrns/OWKKYtojUnr5kLsKJ IYshYzueAtEUlmGFaiYIXx+w7jt3rpV47WSoM5EGndT9HDCw3Dpb1W0EzWSiz2XJ yjTSke3AXY/5orCTkw9MgTrDhGD0WnP+8CEpLWhnQB3XTRwHRIFqFQLBHhtCgcwt iKu06Q1rrT4iMTfBCTNucL0kAFcm0tK1ejOkfOioaVs+qBaR5HzpLDl6+3SLSOD5 mtG41p7F7v5PUwCVSs5bOz3EMVHkTWnEkGhgcRjaRhdXCmWMPgfOzDl+dh8qi5ps nEQfeur/653BTVjKviWpG/lf/RMhWsH1dZMbNEk7l0FnUM6zYrHxXoLQUWoXzDDH WIzVst80qAfC9MkYGvk5/FlkgkmuDWnsZVNd++iTGQg97lMP5KZ6/bWs3oGIcP17 ++mF7KVs6sn+ToVLQefVkF3CrMMwR5RZS3S9nD/M+A0rsgZ9l7coVFFNnzgL16dr ApGzlBw7w+Gu+Le35N1q479qpefR5nsiAjVK50KVW2+47c7lXVE= =OQsx -----END PGP SIGNATURE----- --ufdbjtw3htt4djbl--