Subject: Re: pkgsrc netbsd mirror repository trouble with cvs
To: agtdino <agtdino@teleline.es>
From: Zafer Aydogan <zafer@aydogan.de>
List: netbsd-users
Date: 11/27/2007 19:46:16
2007/11/27, agtdino <agtdino@teleline.es>:
> Hello,
>
> I'm having trouble with update pkgsrc netbsd repository, I'm using cvs:
>
> Little info of my system:
> $uname -a
> >NetBSD netbsd 4.0_RC3 NetBSD 4.0_RC3 (GENERIC)...
> And I using bash2 for the shell.
>
> I've to download from ftp netbsd the pkgsrc-2007Q3.tar.bz2 and untar
> in /usr now ask for the pkgsrc branch
>
>         $cd /usr/pkgsrc
>         $cvs log Makefile | grep pkgsrc-2007Q.:
>
>         >pkgsrc-2007Q3: 1.83.0.4
>         >pkgsrc-2007Q2: 1.83.0.2
>         >pkgsrc-2007Q1: 1.81.0.2
>
> Previously I have to set up in the /etc/profile two vars:
>
>         CVS_RSH=ssh
>         CVSROOT=:ext:anoncvs@anoncvs.NetBSD.org:/cvsroot
>         PKGSRCDIR=/usr/pkgsrc
>
>         export CVS_RSH
>         export CVSROOT
>         export PKGSRCDIR
>
>
> I've to select the first one, "pkgsrc-2007Q3" for to do the checkout:
>
>         $ cd /usr
>         $ cvs checkout -r pkgsrc-2007Q3 -P pkgsrc
>
> To update pkgsrc just I do:
>
>         $ cd /usr/pkgsrc
>         $ cvs update -Pd
>
> Well after this, but why I have a php5 as a vulnerable package
>
> => Bootstrap dependency digest>=20010302: digest-20070803 found
> ===> Checking for vulnerabilities in php-5.2.4nb3
> ERROR: denial-of-service vulnerability in php-5.2.4nb3 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887 for more information
> php>=5<5.2.5
> ERROR: Define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
>
> I Know the php5 has version 5.2.5 in netbsd.se pkgsrc web page but why don't update for me?.
> Is a problem for repositories?. Perhaps I need to change of server, select another mirror?
>
> Now I'm investigate the fetching list for the package because don't see in the directory distfiles.
>
> Thanks and regards
>
>
>
>
>
>
You should always try to use a mirror near you.
For you probably in spain or europe.

What version does distinfo show in lang/php5 ?

zafer@bahar:/usr/pkgsrc/lang/php5 $ more distinfo
$NetBSD: distinfo,v 1.50 2007/11/23 13:20:00 adrianp Exp $

SHA1 (php-5.2.5/php-5.2.5.tar.bz2) = 6b46fd095891183b328163b70cdb5acd30a24b7a
RMD160 (php-5.2.5/php-5.2.5.tar.bz2) = 2d5755f2ae8884e80f0a5c70e8fdfdb6deed46bc
Size (php-5.2.5/php-5.2.5.tar.bz2) = 7773024 bytes
SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
SHA1 (patch-ad) = b324c33b1e70adee5b89dcecdd7690dcadcc18ec
SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e
SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab
SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
SHA1 (patch-an) = f07a08f8ee1a18f6371af9bd6c482d936e9220e4
SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df

if yours is still 5.2.4 try to update again, or select another cvs mirror.
For example anoncvs@anoncvs.se.netbsd.org:/cvsroot
Also have a look here: http://www.netbsd.org/mirrors/#anoncvs
the list is not really up to date... (wink wink @www)

Zafer.