Re: ICU Portupdate faulty

2017-05-08 Thread Jos Chrispijn

Dear team,

Thanks for your suggestions and solution. You really raised my learning 
curve here.


Regards,
Jos Chrispijn

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-06 Thread Jos Chrispijn

Thanks y'all for your support - this was a real eye opener.

Best regards,
Jos

Op 5-5-2017 om 19:19 schreef Kevin Oberman:
On Fri, May 5, 2017 at 6:37 AM, Jos Chrispijn 
mailto:bsdpo...@cloudzeeland.nl>> wrote:



Op 5-5-2017 om 18:05 schreef Adam Weinberger:

On 5 May, 2017, at 9:48, mokhi mailto:mokh...@gmail.com>> wrote:

Well, as I can see here <
http://www.freshports.org/devel/icu/
 > an
older version of this port is vulnerable not current version.
Maybe by updating your tree your problem will be solved :-]

Yes, this is the correct answer. After icu got patched, the
VuXML entry was lowered to mark 58.2_2,1 as non-vulnerable.
Jos, it sounds like your ports tree is after the icu update
but before the VuXML modification. Update your ports tree to
bring in the new VuXML file and you should be good.

Adam, perhaps I am missing the clue here:

- I had the correct updated version in my ports collection
- Updating the vulnerable installed icu version with that version
should not provide the Vulnerability message as that version is
updates with the correct version in my icu port.

In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes"
was the only way of getting my faulty icu version updated to the
version that is in my port.

Kind of confused,
Jos 



The VuXML DB is not a part of the ports tree. It is usually updated by 
the nightly periodic script, but you can manually fetch it with "pkg 
audit -F -q".

--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com 
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683


___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Adam Weinberger
> On 5 May, 2017, at 11:13, Matthew D. Fuller  wrote:
> 
> On Fri, May 05, 2017 at 10:05:05AM -0600 I heard the voice of
> Adam Weinberger, and lo! it spake thus:
>> 
>> Yes, this is the correct answer. After icu got patched, the VuXML
>> entry was lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds
>> like your ports tree is after the icu update but before the VuXML
>> modification. Update your ports tree to bring in the new VuXML file
>> and you should be good.
> 
> No, it's not looking at the vuxml file right in ports.  It'll be using
> the audit file downloaded nightly as part of
> /usr/local/etc/periodic/security/410.pkg-audit, so it'll always be ~a
> day out of date.  Run `pkg audit -F` manually to kick a refetch of the
> latest.

Ah! You and Kevin are completely right. Thank you for giving Jos the right 
answer.

# Adam


-- 
Adam Weinberger
ad...@adamw.org
https://www.adamw.org

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Kevin Oberman
On Fri, May 5, 2017 at 6:37 AM, Jos Chrispijn 
wrote:

>
> Op 5-5-2017 om 18:05 schreef Adam Weinberger:
>
>> On 5 May, 2017, at 9:48, mokhi  wrote:
>>>
>>> Well, as I can see here < http://www.freshports.org/devel/icu/ > an
>>> older version of this port is vulnerable not current version.
>>> Maybe by updating your tree your problem will be solved :-]
>>>
>> Yes, this is the correct answer. After icu got patched, the VuXML entry
>> was lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds like your
>> ports tree is after the icu update but before the VuXML modification.
>> Update your ports tree to bring in the new VuXML file and you should be
>> good.
>>
> Adam, perhaps I am missing the clue here:
>
> - I had the correct updated version in my ports collection
> - Updating the vulnerable installed icu version with that version should
> not provide the Vulnerability message as that version is updates with the
> correct version in my icu port.
>
> In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes" was the
> only way of getting my faulty icu version updated to the version that is in
> my port.
>
> Kind of confused,
> Jos


The VuXML DB is not a part of the ports tree. It is usually updated by the
nightly periodic script, but you can manually fetch it with "pkg audit -F
-q".
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Matthew D. Fuller
On Fri, May 05, 2017 at 10:05:05AM -0600 I heard the voice of
Adam Weinberger, and lo! it spake thus:
> 
> Yes, this is the correct answer. After icu got patched, the VuXML
> entry was lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds
> like your ports tree is after the icu update but before the VuXML
> modification. Update your ports tree to bring in the new VuXML file
> and you should be good.

No, it's not looking at the vuxml file right in ports.  It'll be using
the audit file downloaded nightly as part of
/usr/local/etc/periodic/security/410.pkg-audit, so it'll always be ~a
day out of date.  Run `pkg audit -F` manually to kick a refetch of the
latest.


-- 
Matthew Fuller (MF4839)   |  fulle...@over-yonder.net
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/
   On the Internet, nobody can hear you scream.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Jos Chrispijn


Op 5-5-2017 om 18:05 schreef Adam Weinberger:

On 5 May, 2017, at 9:48, mokhi  wrote:

Well, as I can see here < http://www.freshports.org/devel/icu/ > an
older version of this port is vulnerable not current version.
Maybe by updating your tree your problem will be solved :-]

Yes, this is the correct answer. After icu got patched, the VuXML entry was 
lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds like your ports tree 
is after the icu update but before the VuXML modification. Update your ports 
tree to bring in the new VuXML file and you should be good.

Adam, perhaps I am missing the clue here:

- I had the correct updated version in my ports collection
- Updating the vulnerable installed icu version with that version should 
not provide the Vulnerability message as that version is updates with 
the correct version in my icu port.


In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes" was 
the only way of getting my faulty icu version updated to the version 
that is in my port.


Kind of confused,
Jos
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Jos Chrispijn

Yes I noticed as well.
Point is that after updating my tree, the issue still exists allthough I 
have th correct portupdate in my ports.


Let me check what is going wrong here.

Thanks,
Jos

Op 5-5-2017 om 17:48 schreef mokhi:

Well, as I can see here < http://www.freshports.org/devel/icu/ > an
older version of this port is vulnerable not current version.
Maybe by updating your tree your problem will be solved :-]


___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Adam Weinberger
> On 5 May, 2017, at 9:48, mokhi  wrote:
> 
> Well, as I can see here < http://www.freshports.org/devel/icu/ > an
> older version of this port is vulnerable not current version.
> Maybe by updating your tree your problem will be solved :-]

Yes, this is the correct answer. After icu got patched, the VuXML entry was 
lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds like your ports tree 
is after the icu update but before the VuXML modification. Update your ports 
tree to bring in the new VuXML file and you should be good.

# Adam


-- 
Adam Weinberger
ad...@adamw.org
https://www.adamw.org


___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread mokhi
Well, as I can see here < http://www.freshports.org/devel/icu/ > an
older version of this port is vulnerable not current version.
Maybe by updating your tree your problem will be solved :-]
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Jim Ohlstein

Hello,

On 05/05/2017 11:37 AM, Jos Chrispijn wrote:

I am really not a fan of that.

Better would be to solve the 'vulneratbilities' issue.
/Jos


The vulnerabilites are outlined in 
http://www.vuxml.org/freebsd/607f8b57-7454-42c6-a88a-8706f327076d.html 
and appear to be patched in devel/icu 58.2_2,1 committed yesterday. See 
https://svnweb.freebsd.org/ports?view=revision&revision=440117.




Op 5-5-2017 om 17:24 schreef mokhi:

It seems the port has known vulnerabilities.
If you are sure about what you are doing, run the make command with
"DISABLE_VULNERABILITIES=yes" option as it suggests.


--
Jim Ohlstein
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread Jos Chrispijn

I am really not a fan of that.

Better would be to solve the 'vulneratbilities' issue.
/Jos

Op 5-5-2017 om 17:24 schreef mokhi:

It seems the port has known vulnerabilities.
If you are sure about what you are doing, run the make command with
"DISABLE_VULNERABILITIES=yes" option as it suggests.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


Re: ICU Portupdate faulty

2017-05-05 Thread mokhi
It seems the port has known vulnerabilities.
If you are sure about what you are doing, run the make command with
"DISABLE_VULNERABILITIES=yes" option as it suggests.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"


ICU Portupdate faulty

2017-05-05 Thread Jos Chrispijn

Can you tell me how to solve this when trying to update the icu port?

I updated my ports before processing.

===>  icu-58.2_2,1 has known vulnerabilities:

icu-58.2_2,1 is vulnerable:
icu -- multiple vulnerabilities
CVE: CVE-2017-7868
CVE: CVE-2017-7867
WWW: 
https://vuxml.FreeBSD.org/freebsd/607f8b57-7454-42c6-a88a-8706f327076d.html


1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update 
available.
=> If you wish to ignore this vulnerability rebuild with 'make 
DISABLE_VULNERABILITIES=yes'

*** Error code 1

Stop.
make: stopped in /usr/ports/devel/icu

Thanks,
Jos Chrispijn


___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"