Bad VuXML check on PNG port ?
Jacques A. Vidrine
nectar at FreeBSD.org
Mon May 3 11:06:24 PDT 2004
On Mon, May 03, 2004 at 07:59:31PM +0200, Artur Pydo wrote:
> Hello,
>
> Jacques A. Vidrine wrote:
>
> >The VuXML document needed to be updated after ache@ made the fix.
> >I've done so now.
>
> Yes but the file located at :
>
> ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/eik/auditfile.tbz
>
> has not been updated and it works as the reference database for
> portaudit and, i suppose, for the pkg_install-base-devel ports.
>
> Nothing has changed for me even after updating the ports tree
> and the portaudit reference file. I know that there is a workaround
> modifying 'auditfile' by hand as it is a ascii file.
What you are describing is a problem with portaudit. You might want
to contact eik@ to determine why the lag time.
> I suggest that in future one avoid setting vulnerable versions as > 0
> because the update fails as long as the reference file has not been
> updated with the correct vulnerable port later.
>
> In this case it would be much more efficient to set 'png<1.2.5_3'
> from the beginning.
I guess you mean `png <= 1.2.5_3'. That approach has its own
problems, but I do use it sometimes if I am quite certain of which
later port version will be fixed.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security
mailing list