On Wed, Aug 30, 2023 at 04:33 Stuart Henderson <s...@spacehopper.org> wrote:
> On 2023/08/30 07:39, Oikei wrote: > > Hello, I'm new to OpenBSD so im unsure if im doing something wrong or if > im even posting to the right mailing list > > It has come to my attention that the net/synapse package is 14 updates > behind and is vulnerable. I checked openbsd.app and the net/synapse > package really is 14 updates behind, with it being on 1.76 while the latest > is 1.90. > > Checking the source on github: > https://github.com/openbsd/ports/tree/master/net/synapse > > it was updated last month and is on 1.89. On openbsd.app, you’d need to toggle on the “Search -current” setting to see the newest packages. See <https://www.openbsd.org/faq/faq5.html#Flavors> for the differences between -release, -stable, and -current (helpful context for Stuart’s detailed explanation and advice below.) On a related note, if you are using pkg_info(1) on -release or -stable, you'll want to use `pkg_info -aq` instead of just `pkg_info -q` to search packages to ensure that -stable versions are included. > So my question is, why is the latest version in the repos 1.76 when > looking at the source its on 1.89? Sorry if I totally missed something... > > You can't tell from the git mirror*, but if you look in the original > CVS repo (https://cvsweb.openbsd.org/ports/net/synapse/Makefile) > you'll see some commits with CVS tags e.g. OPENBSD_7_3 and some > without. > > Those without tags are only in -current snapshots not a release. > > Often ports security updates do get backported to the most recent > OpenBSD release (with binary packages built for some common cpu > archs), but synapse is a super fast changing target and very > often requires specific new versions of other ports, so it's not > a great candidate for that, it's too hard to check that all those > other updates don't break older versions of other ports. > > So if you're running software like this I recommend running > snapshots and updating both base and all packages fairly often. Morgan >
