Date: Wed, 18 Dec 2013 10:35:15 +0000 From: Matthew Seaman <matthew.seaman@adestra.com> To: freebsd-questions@freebsd.org Subject: Re: Portaudit detects wrong version of subversion Message-ID: <52B17A63.7010800@adestra.com> In-Reply-To: <201312181021.19689.jmc-freebsd2@milibyte.co.uk> References: <201312181021.19689.jmc-freebsd2@milibyte.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --97rswhH1B9E6JPSej0uRRMCNwk0s7fmSa Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 12/18/13 10:21, Mike Clarke wrote: >=20 > There appears to be an inconsistency somewhere in my ports. I build all= my=20 > ports from source and don't use pkg add. >=20 > curlew:/home/mike% portaudit=20 > Affected package: subversion-1.7.13 > Type of problem: subversion -- multiple vulnerabilities. > Reference:=20 > http://portaudit.FreeBSD.org/e3244a7b-5603-11e3-878d-20cf30e32f6d.html >=20 > 1 problem(s) in your installed packages found. >=20 > You are advised to update or deinstall the affected package(s) immediat= ely. >=20 > But I'm running version subversion-1.8.5, not subversion-1.7.13 >=20 > curlew:/home/mike% svn --version --quiet > 1.8.5 >=20 > And there's no sign of any other version on my system >=20 > curlew:/home/mike% pkg info -x subversion > subversion-1.8.5 >=20 > Although portaudit reports a problem everything looks OK with pkg audit= >=20 > curlew:/home/mike% pkg audit > 0 problem(s) in the installed packages found. >=20 > Where should I be looking to clean up this inconsistency? >=20 portaudit works with the old still pkg_install database -- on a pkgngized system you should use 'pkg audit' instead. Does essentially the same job, but using /var/db/pkg/local.sqlite rather than all those old sub-directories for individual ports under /var/db/pkg. If this is something in your daily/weekly/monthly e-mails, there is a directly equivalent periodic script using 'pkg audit' which you can turn on, and turn off the portaudit one. Or just 'pkg delete portaudit' because it doesn't really do anything useful on a pkgngized system. Cheers, Matthew --97rswhH1B9E6JPSej0uRRMCNwk0s7fmSa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSsXpqXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnXeIQAIouDzfXPLOw82PAp8qQHzdd ICwDeRw+zotn6rN6KtIg2ZxQT6hLZryj7ScuHrQj1KmmJGlJ8/FZ0NJxR7EMp3VO /JSkPNJtbuBXOpmm1QBeFPDSm04HHo9vXO3586iXtrpY5gz7qWfJKAUC62FqUARv 41UHNaVc0SOgjOVzpLrmZsDyCRHFHQIiEE4yCPod3He5/RCuamKHETu71YLzvqUA EdSsocAXLwDWw/BA13otxwjcqUNe8Van0OyJUcv7hqjbJmu/cSfnTXSeZTJ43hKo 8ylX1mfwlMCaFJWP081gngKDEM+AxDm+MEDezJwG9D2p0xODUfIZBkKZGZwmUt+G 0Zbyoz54AQA24PWbojpmLfLCPtsYNcGUXVW0TxeYCOXDUg5TnecyoTFBH29l7y8Q qOWv1QQv7o+QzK4MuRsXlRpSy8IHZy/dJ+LoqTMk8BxY8vhHUfY4NneInq503pMp U7TKJgiBxOUnt713NMoQdI04nEt67/VdcOCcqeRlLqfjH4phkh/iti3pnP3Vnzgj SZwRc8kWleULNkw45mNiSRaYYfhB5biEJ6mWEcn/N7tdZBJNVQS0Emm6Sq6LIWar /k8NCkHgy4wubPSE1PuHKlHeJK2jFXYQUCV9j2lBWclxqExKMh/dnULkZrVHxJFJ 8P1fWgHiJcvTzzc+bAW9 =Qk0T -----END PGP SIGNATURE----- --97rswhH1B9E6JPSej0uRRMCNwk0s7fmSa--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52B17A63.7010800>