Sujet : pkg/ports, pkg audit, and libxml2
De : wbe (at) *nospam* UBEBLOCK.psr.com.invalid (Winston)
Groupes : comp.unix.bsd.freebsd.miscDate : 14. Jun 2025, 23:50:25
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <ydwm9evsy6.fsf@UBEblock.psr.com>
User-Agent : Gnus/5.13 (Gnus v5.13)
A while back, a security notice for libxml2 appeared.
The links from 'pkg audit' to pages describing its issues
gave the version number required to resolve the issues.
My questions:
1) Does having what appears to be a FreeBSD-style version number on
those problem description pages in any way imply that the fixed
version is available via 'ports', or is it usually just the
upstream's version number converted to what will eventually be
its FreeBSD version number?
2) On average, is there usually much lag between an updated version
becoming available via ports versus via pkg (latest)?
In the case of libxml2 in particular, pkg audit flagged it what seems
like 2-3 weeks ago as needing an upgrade to 2.14.2, yet pkg as of today
still has only version 2.11.9. This seems like longer than usual for a
fix to appear.
Thanks,
-WBE
pkg/ports, pkg audit, and libxml2
Re: pkg/ports, pkg audit, and libxml2