From owner-freebsd-vuxml@FreeBSD.ORG Wed Sep 22 16:13:39 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9B6716A4CE for ; Wed, 22 Sep 2004 16:13:39 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E49D43D39 for ; Wed, 22 Sep 2004 16:13:39 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id B7E403D37 for ; Wed, 22 Sep 2004 12:13:38 -0400 (EDT) From: "Dan Langille" To: freebsd-vuxml@freebsd.org Date: Wed, 22 Sep 2004 12:13:38 -0400 MIME-Version: 1.0 Message-ID: <41516C72.24016.483CEA47@localhost> Priority: normal In-reply-to: <20040921192821.K69630@xeon.unixathome.org> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: Re: FreshPorts beta now displays VuXML data X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 16:13:39 -0000 On 21 Sep 2004 at 19:35, Dan Langille wrote: > I just finished the first cut of the code that marks commits as affected > by VuXML data. Have a look at your favourite VuXML entry and see if the > associated package is affected. > > e.g. http://beta.freshports.org/?package=pine > > This type of linking will be available in production once > FreshPorts::VuXML is migrated from beta to production. > > I have not reviewed the output, however I do know that the display does > not yet handle multiple VuXML entries affecting a given package version. > However, the database does handle this type of relationship and > I've verified that it is being recorded. The HTML is lagging > behind the data. > > If you see any errors etc, please let me know. We have the first issue. FreshPorts beta is handling PORTEPOCH, but that value is not set correctly for existing commits. Hence, 'pkg_version -t' does not get the correct values for testing commit versions against vuln entries. mat@ has provided this which gives me a list of ports which contain an EPOCH: awk -F\| '$1 ~ /,/ {print $1 "\t\t" $2}' /usr/ports/INDEX-5 That's a good starting point. From there, I need to determine the date[s] on which the PORTEPOCH came into effect. With that, I can do something like this: update commit_log_ports set port_epoch='1' where port_id = 7366 and commit_log_id >= 57525; Ideas and suggestions are welcome. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/