- 1. 概要
- 2. 状況
- 3. 対処
1. 概要
発生は、2025年7月16日。
2025年6月23日に「libxml2-2.11.9 → 2.11.9_1」で発生したようなことが、またぞろか?
2. 状況
下記のような状態です。
$ portversion -v | grep '<'
[Reading data from pkg(8) ... - 862 packages found - done]
libxml2-2.14.4_1 < needs updating (port has 2.14.5)
py311-libxml2-python-2.14.4 < needs updating (port has 2.14.5)
「py311-libxml2-python」も「libxml2」の影響を受けていますわな。
「libxml2」をアップグレードしようとすると。
env BATCH=yes portupgrade -rR libxml2
[Reading data from pkg(8) ... - 657 packages found - done]
[Gathering depends for textproc/libxml2 ............................... done]
[Gathering depends for databases/rrdtool ............................................................................... done]
[Gathering depends for textproc/p5-XML-LibXML ......... done]
[Gathering depends for graphics/ImageMagick7 ........................................................................... done]
[Gathering depends for graphics/poppler-glib ........................................................................... done]
[Gathering depends for www/apache24 .................. done]
[Gathering depends for www/mod_php82 ............ done]
[Gathering depends for textproc/php82-simplexml ............ done]
[Gathering depends for textproc/php82-xml .... done]
[Gathering depends for textproc/php82-xmlreader ......... done]
[Gathering depends for textproc/php82-xmlwriter .... done]
[Gathering depends for security/clamav ..................... done]
[Gathering depends for textproc/augeas ....... done]
[Gathering depends for devel/py-lxml ..... done]
[Gathering depends for x11/libxkbcommon ................ done]
[Gathering depends for databases/postgresql16-server ................................... done]
[Gathering depends for textproc/libxml2-python ....... done]
[Gathering depends for textproc/xmlto ................... done]
[Exclude up-to-date packages ........................................................................................... done]
---> Upgrading 'libxml2-2.14.4_1' to 'libxml2-2.14.5' (textproc/libxml2)
---> Building '/usr/ports/textproc/libxml2'
===> Cleaning for libxml2-2.14.5
===> libxml2-2.14.5 has known vulnerabilities:
libxml2-2.14.5 is vulnerable:
libxml2 -- multiple vulnerabilities
CVE: CVE-2025-49795
CVE: CVE-2025-49795
CVE: CVE-2025-49794
CVE: CVE-2025-6170
CVE: CVE-2025-6021
WWW: https://vuxml.FreeBSD.org/freebsd/abbc8912-5efa-11f0-ae84-99047d0a6bcc.html
1 problem(s) in 1 package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/textproc/libxml2
egrep: empty (sub)expression
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20250716-97279-abn4cc env UPGRADE_TOOL=portupgrade UPGRADE_PORT=libxml2-2.14.4_1 UPGRADE_PORT_VER=2.14.4_1 make
** Fix the problem and try again.
---> Skipping 'textproc/libxml2-python' (py311-libxml2-python-2.14.4) because a requisite package 'libxml2-2.14.4_1' (textproc/libxml2) failed (specify -k to force)
** Listing the failed packages (-:ignored / *:skipped / !:failed)
! textproc/libxml2 (libxml2-2.14.4_1) (security vulnerabilities)
* textproc/libxml2-python (py311-libxml2-python-2.14.4)
3. 対処
ここは、前回の教訓を生かして。
cd /usr/ports/textproc/libxml2
make DISABLE_VULNERABILITIES=yes
make reinstall
うまくいきました。
これで「py311-libxml2」の方を。
env BATCH=yes portupgrade -rR py311-libxml2-python
無事、アップグレードできました。
|
|
