Curious Ports Behavior
- Reply: Tim Daneliuk : "Re: Curious Ports Behavior"
- Reply: Tim Daneliuk : "Re: Curious Ports Behavior"
- Reply: Herbert J. Skuhra: "Re: Curious Ports Behavior"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 12 Jun 2022 19:49:35 UTC
Two machines, one physical running on an older i5. The other is a cloud based virtual machine. Both running 13.1-STABLE as of 6/1/2022 I just did a fresh clone of the ports tree on both machines before asking here. When I attempt to compile www/apache23 on the VM, I have no problems. But attempting to compile www/apach23 on the physical machine emits this: ===> apache24-2.4.54 has known vulnerabilities: apache24-2.4.54 is vulnerable: Apache httpd -- Multiple vulnerabilities CVE: CVE-2022-26377 CVE: CVE-2022-28330 CVE: CVE-2022-28614 CVE: CVE-2022-28615 CVE: CVE-2022-29404 CVE: CVE-2022-30522 CVE: CVE-2022-30556 CVE: CVE-2022-31813 WWW: https://vuxml.FreeBSD.org/freebsd/49adfbe5-e7d1-11ec-8fbd-d4c9ef517024.html IOW, the physical machine port installation stops because of known vulnerabilities, but the VM instance works fine. There is no evidence of "DISABLE_VULNERABILITIES" in the VM's environment or /etc/make.conf Can anyone suggest a reason for this difference of behavior and/or a possible remediation. I don't want servers running with high severity vulnerabilities ...