From owner-freebsd-ports@freebsd.org Tue Aug 16 11:08:31 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8848BBBB643 for ; Tue, 16 Aug 2016 11:08:31 +0000 (UTC) (envelope-from bsdports@cloudzeeland.nl) Received: from ares.cloudzeeland.nl (cloudzeeland.xs4all.nl [83.161.133.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cloudzeeland.nl", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 464FA1DC8; Tue, 16 Aug 2016 11:08:30 +0000 (UTC) (envelope-from bsdports@cloudzeeland.nl) Received: from ares.cloudzeeland.nl (ares.cloudzeeland.nl [10.10.10.32]) by ares.cloudzeeland.nl (Postfix) with ESMTP id 0FD374FAD4B3; Tue, 16 Aug 2016 13:08:28 +0200 (CEST) Received: from [10.10.10.34] (daedalus.cloudzeeland.nl [10.10.10.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by ares.cloudzeeland.nl (Postfix) with ESMTPSA id E9B6A4FAD467; Tue, 16 Aug 2016 13:08:27 +0200 (CEST) Subject: Re: Perl upgrade - 5.20.x vulnerable To: koobs@FreeBSD.org, FreeBSD Ports ML References: <3f8f41ff-3262-1021-2e28-2aaae89849b6@cloudzeeland.nl> <2915322d-0b1a-d36e-0725-c10bd0d32b7c@cloudzeeland.nl> <280f6f77-ad33-6ebb-d54a-a97129f793b3@FreeBSD.org> From: JosC Message-ID: <84206cd3-10fb-2125-c7e9-921d74432c92@cloudzeeland.nl> Date: Tue, 16 Aug 2016 13:08:27 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <280f6f77-ad33-6ebb-d54a-a97129f793b3@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP on ares.cloudzeeland.nl X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 11:08:31 -0000 In een bericht van 16-8-2016 11:07: > Try running pkg audit -F to force updating/refreshing the latest VuXML > changes. > > In this case the lang/perl5.20 (port) version string that the fix was > made in [1], was only added to an existing entry in security/vuxml as an > 'update' yesterday [2] > > [1] http://svnweb.freebsd.org/changeset/ports/420220 > [2] http://svnweb.freebsd.org/changeset/ports/420219 > > In the absence of running 'pkg audit -F', only > the"LOCALBASE/periodic/security/410.pkg-audit script updates the vuxml > file and audit results. Until that happens, or pkg audit -F is run, pkg > will still see an older version. > > Let us know how it goes Yep, that did the trick, thanks. Thinking with you I now ask myself: - Would it be a good idea to make this vuxml file update part of the Makefile? Then these occurrences won't happen anymore - I read in this fine mailing list that users may have various versions of Perl running due to incompatibillity with other port(version)s the run. Does the vuxml file update you suggested not interfere with these other Perl versions that are also running or do these versions have their own vuxml file? Best, Jos Chrispijn