From owner-freebsd-questions@FreeBSD.ORG Mon Jul 31 18:23:04 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3962D16A4DA for ; Mon, 31 Jul 2006 18:23:04 +0000 (UTC) (envelope-from freebsd.ph@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 795F243D45 for ; Mon, 31 Jul 2006 18:23:03 +0000 (GMT) (envelope-from freebsd.ph@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so954053uge for ; Mon, 31 Jul 2006 11:23:02 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=EdngYdlHYE2s0L4uE5FUhl3BKuvvSN4nw73Np32D5liJJreU1BLVdrElr60sPSmz1SB3gYNqTjOBo2P+GVrb/sdYu+HPkqJ0BqFaSIFgtWQ9tBInvGtn4ICshYf+MQeHJOs+eDj6W/3Bd1wRiseIqzHtTk+jmKbxs3Y1M42Uzm8= Received: by 10.78.203.15 with SMTP id a15mr630120hug; Mon, 31 Jul 2006 11:23:02 -0700 (PDT) Received: by 10.78.141.18 with HTTP; Mon, 31 Jul 2006 11:23:02 -0700 (PDT) Message-ID: Date: Tue, 1 Aug 2006 02:23:02 +0800 From: "jan gestre" To: "Svein Halvor Halvorsen" In-Reply-To: <44CE47F0.8020505@lvor.halvorsen.cc> MIME-Version: 1.0 References: <44CE47F0.8020505@lvor.halvorsen.cc> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: FreeBSD Questions Subject: Re: portsdb output and portaudit question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 18:23:04 -0000 On 8/1/06, Svein Halvor Halvorsen wrote: > > jan gestre wrote: > > i was trying to portupgrade ruby coz portaudit is complaining of > > vulnerabilities, i did run cvsup and portsdb -Uu before portupgrade, at > > first i couldn't upgrade ruby coz portupgrade is complaining maybe coz > > portaudit but someone in the list suggested this: > > > > # portupgrade -Rr -m DISABLE_VULNERABILITIES="yes" ruby > > > > whoala it installed the ruby package but still portaudit complains even > > though the installed version is current which has no vulnerability. is > this > > normal? any way to fix these? > > > This is expected behavior. The ports system will let you upgrade a > vulnerable port without complaint. It will however complain if you try > to install (or upgrade to) a version that has vulnerabilities. Since > portupgrade complained, it's no surprise that portaudit also complains > after the forced upgrade. > > This means that either the version in ports aren't fixed yet (the > existence of a vulnerability of a prior version does not imply that said > vulnerability is fixed in the current version), or that your ports tree > is out of date. Seeing that the latter is not true, I would say you > just have to wait for an updated version to appear in ports. > > You can create an account at freshports and ad ruby to your "watch > list". That means you'll get notified when new versions arrive. > > > i portupgrade the previous version ruby-1.8.4_8,1 to the current version > which is ruby-1.8.4_9,1 and i also saw from the portaudit complaint that > the new version is not anymore affected by the vulnerabilities of the old > version meaning the maintainer already fixed this, however portaudit is > still complaining. and how about the portsdb output? why is it complaining > of stuff i don't have installed? TIA