Rene Ladan wrote: > Eduardo Cerejo schreef: >> I just cvsuped my ports tree and vlc is the only port that it is >> failing to compile. I'm using FBSD 7stable and this is the error that >> I'm getting: >> >> ---> Upgrading 'vlc-0.8.6.i,2' to 'vlc-0.8.6.i_2,2' (multimedia/vlc) >> ---> Building '/usr/ports/multimedia/vlc' >> ===> Cleaning for vlc-0.8.6.i_2,2 >> ===> vlc-0.8.6.i_2,2 has known vulnerabilities: >> => vlc -- cue processing stack overflow. >> Reference: >> <http://www.FreeBSD.org/ports/portaudit/4b09378e-addb-11dd-a578-0030843d3802.html> >> >> => Please update your ports tree and try again. >> *** Error code 1 >> >> Stop in /usr/ports/multimedia/vlc. >> ** Command failed [exit code 1]: /usr/bin/script -qa >> /tmp/portupgrade.1384.0 env UPGRADE_TOOL=portupgrade >> UPGRADE_PORT=vlc-0.8.6.i,2 UPGRADE_PORT_VER=0.8.6.i,2 make >> ** Fix the problem and try again. >> ** Listing the failed packages (-:ignored / *:skipped / !:failed) >> ! multimedia/vlc (vlc-0.8.6.i,2) (unknown build error) > > I don't know if this is a FAQ yet. Add DISABLE_VULNERABILITIES=yes to your > /etc/make.conf and try again. This doesn't solve the vulnerabilities, so > IGNORE_VULNERABILITIES would be more appropriate in my opninion. > > Regards, > Rene
I am confused. The purpose of this update is to "solve the vulnerabilities" as indicated at: http://www.freshports.org/multimedia/vlc "Fix a stack overflow vulnerability...." The security notice indicates that this version should be free of this particular issue. http://www.vuxml.org/freebsd/4b09378e-addb-11dd-a578-0030843d3802.html vlc -- cue processing stack overflow Affected packages vlc < 0.8.6i_2,2 So, why is portaudit preventing the updating to this version patched to solve the issue? Is the spelling difference important? 0.8.6i_2,2 vs 0.8.6.i_2,2 Thanks, Rick Voland [EMAIL PROTECTED] _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
