It does not seem that pkg audit -F will download a vulnerabillity file beyond the samba from the 28/3 2021
if i download the "local copy" it does not include the vulnerabilities after the 28/3 2021
This is probably a casualty of the migration of ports to Git. I guess there's a build server that needs to be pointed in the right direction. Assigned to clusteradm.
The vuxml site was not updated post migration to git.
Everything should be back to normal. Can you confirm?
vulnerabilities now show correctly, but portsnap does not get the correct ports updates
so eg 10. April have a lang/python38 update to 3.8.9, this does not materialise into a correct ports update, same update ?
root@build:/usr/ports/lang/python38 # portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found.
Fetching snapshot tag from ipv4.aws.portsnap.freebsd.org... done.
Ports tree hasn't changed since last snapshot.
No updates needed.
Ports tree is already up to date.
root@build:/usr/ports/lang/python38 # cat distinfo
TIMESTAMP = 1613897717
SHA256 (python/Python-3.8.8.tar.xz) = 7c664249ff77e443d6ea0e4cf0e587eae918ca3c48d081d1915fe2a1f1bcc5cc
SIZE (python/Python-3.8.8.tar.xz) = 18271736
I know Ed is still working on making Portsnap aware of Git. It sounds like the vuxml part is fixed. I don't believe we're tracking Portsnap in another bug, so we might as well track it here.
Portsnap is converted over to git and running
> FreeBSD Portsnap builds are up and running again, now obtaining the ports tree
> from git. My apologies for the long delay -- the timing of the svn->git switch
> was awkward for me for personal reasons -- and thanks to @ed_maste for stepping
> in to help.
> Portsnap was serving up broken ports trees for ~18 hours -- a quick hack to
> remove superfluous git metadata ended up accidentally removing the entire Mk/
> directory from the snapshots being served up. #oops
vuxml and portsnap are fixed. Please reopen if you still see anything abnormal. Thanks.