Date: Fri, 5 May 2017 07:19:45 -1000 From: Kevin Oberman <rkoberman@gmail.com> To: Jos Chrispijn <bsdports@cloudzeeland.nl> Cc: Adam Weinberger <adamw@adamw.org>, mokhi <mokhi64@gmail.com>, FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: ICU Portupdate faulty Message-ID: <CAN6yY1v-OkQCGMdADXQO_HFTfCS5=n9xZpkSH7xGYa%2ByMEGnuQ@mail.gmail.com> In-Reply-To: <360f4dc3-c97a-592d-c321-5ce591c89193@cloudzeeland.nl> References: <1c87d7b6-54f7-77f0-7476-338bd24aee54@cloudzeeland.nl> <CAByVWPVRp4PnW0Fm26aL_TW4R9BUtOQvn9XEEaQtJFqHMz3xaA@mail.gmail.com> <8d3c7d80-d51e-3743-eb41-d6633c498153@cloudzeeland.nl> <CAByVWPUeeCDcNo8d8OW3EJo2S5VzENukkvAYrYzObjnix6vggA@mail.gmail.com> <06F34A01-9844-48E2-8ED4-FA148BC426C8@adamw.org> <360f4dc3-c97a-592d-c321-5ce591c89193@cloudzeeland.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 5, 2017 at 6:37 AM, Jos Chrispijn <bsdports@cloudzeeland.nl> wrote: > > Op 5-5-2017 om 18:05 schreef Adam Weinberger: > >> On 5 May, 2017, at 9:48, mokhi <mokhi64@gmail.com> wrote: >>> >>> Well, as I can see here < http://www.freshports.org/devel/icu/ > an >>> older version of this port is vulnerable not current version. >>> Maybe by updating your tree your problem will be solved :-] >>> >> Yes, this is the correct answer. After icu got patched, the VuXML entry >> was lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds like your >> ports tree is after the icu update but before the VuXML modification. >> Update your ports tree to bring in the new VuXML file and you should be >> good. >> > Adam, perhaps I am missing the clue here: > > - I had the correct updated version in my ports collection > - Updating the vulnerable installed icu version with that version should > not provide the Vulnerability message as that version is updates with the > correct version in my icu port. > > In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes" was the > only way of getting my faulty icu version updated to the version that is in > my port. > > Kind of confused, > Jos The VuXML DB is not a part of the ports tree. It is usually updated by the nightly periodic script, but you can manually fetch it with "pkg audit -F -q". -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1v-OkQCGMdADXQO_HFTfCS5=n9xZpkSH7xGYa%2ByMEGnuQ>