Bug 255001 - pkg audit -F is not able to download correct/current vulnerabilities xml
Summary: pkg audit -F is not able to download correct/current vulnerabilities xml
Status: Closed FIXED
Alias: None
Product: Services
Classification: Unclassified
Component: Core Infrastructure (show other bugs)
Version: unspecified
Hardware: Any Any
: --- Affects Many People
Assignee: Cluster Admin
Depends on:
Reported: 2021-04-12 11:14 UTC by peter.larsen
Modified: 2021-04-19 15:44 UTC (History)
4 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description peter.larsen 2021-04-12 11:14:13 UTC
It does not seem that pkg audit -F will download a vulnerabillity file beyond the samba from the 28/3 2021


if i download the "local copy" it does not include the vulnerabilities after the 28/3 2021

please advice
Comment 1 Philip Paeps freebsd_committer 2021-04-12 11:34:50 UTC
This is probably a casualty of the migration of ports to Git.  I guess there's a build server that needs to be pointed in the right direction.  Assigned to clusteradm.
Comment 2 Baptiste Daroussin freebsd_committer 2021-04-12 13:18:33 UTC
The vuxml site was not updated post migration to git.

Everything should be back to normal. Can you confirm?
Comment 3 peter.larsen 2021-04-12 16:01:38 UTC
vulnerabilities now show correctly, but portsnap does not get the correct ports updates

so eg 10. April have a lang/python38 update to 3.8.9, this does not materialise into a correct ports update, same update ?

fresports: 3.8.9

portsnap: 3.8.8

root@build:/usr/ports/lang/python38 # portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 4 mirrors found.
Fetching snapshot tag from ipv4.aws.portsnap.freebsd.org... done.
Ports tree hasn't changed since last snapshot.
No updates needed.
Ports tree is already up to date.
root@build:/usr/ports/lang/python38 # cat distinfo 
TIMESTAMP = 1613897717
SHA256 (python/Python-3.8.8.tar.xz) = 7c664249ff77e443d6ea0e4cf0e587eae918ca3c48d081d1915fe2a1f1bcc5cc
SIZE (python/Python-3.8.8.tar.xz) = 18271736
Comment 4 Philip Paeps freebsd_committer 2021-04-12 16:07:36 UTC
I know Ed is still working on making Portsnap aware of Git.  It sounds like the vuxml part is fixed.  I don't believe we're tracking Portsnap in another bug, so we might as well track it here.
Comment 5 Ed Maste freebsd_committer 2021-04-14 18:36:50 UTC
Portsnap is converted over to git and running

> FreeBSD Portsnap builds are up and running again, now obtaining the ports tree
> from git.  My apologies for the long delay -- the timing of the svn->git switch
> was awkward for me for personal reasons -- and thanks to @ed_maste for stepping
> in to help.
> Portsnap was serving up broken ports trees for ~18 hours -- a quick hack to
> remove superfluous git metadata ended up accidentally removing the entire Mk/
> directory from the snapshots being served up. #oops
Comment 6 Li-Wen Hsu freebsd_committer 2021-04-19 15:44:19 UTC
vuxml and portsnap are fixed. Please reopen if you still see anything abnormal. Thanks.