From owner-freebsd-questions@FreeBSD.ORG Mon Jul 31 18:10:31 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 332CE16A4DD for ; Mon, 31 Jul 2006 18:10:31 +0000 (UTC) (envelope-from svein.h@lvor.halvorsen.cc) Received: from fri.itea.ntnu.no (fri.itea.ntnu.no [129.241.7.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E27143D49 for ; Mon, 31 Jul 2006 18:10:27 +0000 (GMT) (envelope-from svein.h@lvor.halvorsen.cc) Received: from localhost (localhost [127.0.0.1]) by fri.itea.ntnu.no (Postfix) with ESMTP id 4649984A4 for ; Mon, 31 Jul 2006 20:10:26 +0200 (CEST) Received: from maren.thelosingend.net (maren.math.ntnu.no [129.241.211.48]) by fri.itea.ntnu.no (Postfix) with SMTP for ; Mon, 31 Jul 2006 20:10:26 +0200 (CEST) Received: (qmail 47076 invoked by uid 88); 31 Jul 2006 20:10:25 +0200 Received: from 37.84-48-193.nextgentel.com (HELO [10.0.0.7]) (84.48.193.37) by maren.thelosingend.net (qpsmtpd/0.31.1) with ESMTP; man, 31 jul 2006 20:10:22 +0200 Message-ID: <44CE47F0.8020505@lvor.halvorsen.cc> Date: Mon, 31 Jul 2006 20:12:00 +0200 From: Svein Halvor Halvorsen User-Agent: Thunderbird 1.5.0.2 (X11/20060522) MIME-Version: 1.0 To: jan gestre References: In-Reply-To: X-Enigmail-Version: 0.94.0.0 OpenPGP: id=9198BB40; url=mailto:pgpkey@svein.halvorsen.cc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigD051478B6538D48BA5508E0D" X-Virus-Checked: Checked X-Content-Scanned: with sophos and spamassassin at mailgw.ntnu.no. Cc: FreeBSD Questions Subject: Re: portsdb output and portaudit question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 18:10:31 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD051478B6538D48BA5508E0D Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable jan gestre wrote: > i was trying to portupgrade ruby coz portaudit is complaining of > vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at= > first i couldn't upgrade ruby coz portupgrade is complaining maybe coz > portaudit but someone in the list suggested this: >=20 > # portupgrade -Rr -m DISABLE_VULNERABILITIES=3D"yes" ruby >=20 > whoala it installed the ruby package but still portaudit complains even= > though the installed version is current which has no vulnerability. is = this > normal? any way to fix these? This is expected behavior. The ports system will let you upgrade a vulnerable port without complaint. It will however complain if you try to install (or upgrade to) a version that has vulnerabilities. Since portupgrade complained, it's no surprise that portaudit also complains after the forced upgrade. This means that either the version in ports aren't fixed yet (the existence of a vulnerability of a prior version does not imply that said vulnerability is fixed in the current version), or that your ports tree is out of date. Seeing that the latter is not true, I would say you just have to wait for an updated version to appear in ports. You can create an account at freshports and ad ruby to your "watch list". That means you'll get notified when new versions arrive. Svein Halvor --------------enigD051478B6538D48BA5508E0D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) Comment: mailto:pgpkey@svein.halvorsen.cc to get my PGP-key iD8DBQFEzkfwhQg3vZGYu0ARAq+FAJ0U6UGU6g+HANhHYIQ8Zgryty1BwQCePWuQ hDi/qY3e8DWXhs9jietgJcY= =O70F -----END PGP SIGNATURE----- --------------enigD051478B6538D48BA5508E0D--