From owner-freebsd-ports@freebsd.org  Fri May  5 16:37:55 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D35BDD5FD2A
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Fri,  5 May 2017 16:37:55 +0000 (UTC)
 (envelope-from bsdports@cloudzeeland.nl)
Received: from ares.cloudzeeland.nl (cloudzeeland.xs4all.nl [83.161.133.58])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "cloudzeeland.nl",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 621D915B2
 for <freebsd-ports@freebsd.org>; Fri,  5 May 2017 16:37:54 +0000 (UTC)
 (envelope-from bsdports@cloudzeeland.nl)
Received: from ares.cloudzeeland.nl (unknown [10.10.10.32])
 by ares.cloudzeeland.nl (Postfix) with ESMTP id 8781D4FE7E05;
 Fri,  5 May 2017 18:37:51 +0200 (CEST)
Received: from [10.10.10.40] (styx.zeeland24.nl [82.176.127.71])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by ares.cloudzeeland.nl (Postfix) with ESMTPSA id 2F14F4FE7E04;
 Fri,  5 May 2017 18:37:51 +0200 (CEST)
Subject: Re: ICU Portupdate faulty
To: Adam Weinberger <adamw@adamw.org>, mokhi <mokhi64@gmail.com>
References: <1c87d7b6-54f7-77f0-7476-338bd24aee54@cloudzeeland.nl>
 <CAByVWPVRp4PnW0Fm26aL_TW4R9BUtOQvn9XEEaQtJFqHMz3xaA@mail.gmail.com>
 <8d3c7d80-d51e-3743-eb41-d6633c498153@cloudzeeland.nl>
 <CAByVWPUeeCDcNo8d8OW3EJo2S5VzENukkvAYrYzObjnix6vggA@mail.gmail.com>
 <06F34A01-9844-48E2-8ED4-FA148BC426C8@adamw.org>
Cc: freebsd-ports@freebsd.org
From: Jos Chrispijn <bsdports@cloudzeeland.nl>
Message-ID: <360f4dc3-c97a-592d-c321-5ce591c89193@cloudzeeland.nl>
Date: Fri, 5 May 2017 18:37:53 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <06F34A01-9844-48E2-8ED4-FA148BC426C8@adamw.org>
X-Virus-Scanned: ClamAV using ClamSMTP on ares.cloudzeeland.nl
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 May 2017 16:37:55 -0000


Op 5-5-2017 om 18:05 schreef Adam Weinberger:
>> On 5 May, 2017, at 9:48, mokhi <mokhi64@gmail.com> wrote:
>>
>> Well, as I can see here < http://www.freshports.org/devel/icu/ > an
>> older version of this port is vulnerable not current version.
>> Maybe by updating your tree your problem will be solved :-]
> Yes, this is the correct answer. After icu got patched, the VuXML entry was lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds like your ports tree is after the icu update but before the VuXML modification. Update your ports tree to bring in the new VuXML file and you should be good.
Adam, perhaps I am missing the clue here:

- I had the correct updated version in my ports collection
- Updating the vulnerable installed icu version with that version should 
not provide the Vulnerability message as that version is updates with 
the correct version in my icu port.

In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes" was 
the only way of getting my faulty icu version updated to the version 
that is in my port.

Kind of confused,
Jos