From owner-svn-ports-head@freebsd.org Wed Apr 22 18:02:09 2020 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 587162BC488; Wed, 22 Apr 2020 18:02:09 +0000 (UTC) (envelope-from leres@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 496pDK1lgXz4ZhK; Wed, 22 Apr 2020 18:02:09 +0000 (UTC) (envelope-from leres@freebsd.org) Received: from ice.alameda.xse.com (unknown [IPv6:2600:1700:a570:11f0:f2ad:4eff:fe09:150e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: leres) by smtp.freebsd.org (Postfix) with ESMTPSA id BE145409D; Wed, 22 Apr 2020 18:02:08 +0000 (UTC) (envelope-from leres@freebsd.org) Subject: Re: svn commit: r532463 - head/security/vuxml To: Glen Barber , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org References: <202004221044.03MAixGc069557@repo.freebsd.org> From: Craig Leres Message-ID: Date: Wed, 22 Apr 2020 11:02:07 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <202004221044.03MAixGc069557@repo.freebsd.org> Content-Type: multipart/mixed; boundary="------------5E34AF8A02F7B618070012B4" Content-Language: en-US X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2020 18:02:09 -0000 This is a multi-part message in MIME format. --------------5E34AF8A02F7B618070012B4 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 2020-04-22 03:44, Glen Barber wrote: > Author: gjb > Date: Wed Apr 22 10:44:59 2020 > New Revision: 532463 > URL: https://svnweb.freebsd.org/changeset/ports/532463 > > Log: > Attempt number 2 to fix the vuxml build. > > Sponsored by: Rubicon Communications, LLC (netgate.com) > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Wed Apr 22 10:36:57 2020 (r532462) > +++ head/security/vuxml/vuln.xml Wed Apr 22 10:44:59 2020 (r532463) > @@ -96,7 +96,6 @@ Notes: > FreeBSD > 12.112.1_4 > 11.311.3_8 > - > openssl > 1.1.1,11.1.1g,1 > I think the right fix here would have been to change to (instead of removing it). r532468 removes the openssl versions block completely. What I saw this morning is that my systems were briefly reporting openssl-1.1.1f,1 as vulnerable (1:46am PDT) and then later not vulnerable (4:46am). I believe the attached patch fixes this. Craig --------------5E34AF8A02F7B618070012B4 Content-Type: text/plain; charset=UTF-8; name="patch.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="patch.txt" SW5kZXg6IHNlY3VyaXR5L3Z1eG1sL3Z1bG4ueG1sCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHNlY3Vy aXR5L3Z1eG1sL3Z1bG4ueG1sCShyZXZpc2lvbiA1MzI0OTEpCisrKyBzZWN1cml0eS92dXht bC92dWxuLnhtbAkod29ya2luZyBjb3B5KQpAQCAtOTcsNiArOTcsMTAgQEAKIAk8cmFuZ2U+ PGdlPjEyLjE8L2dlPjxsdD4xMi4xXzQ8L2x0PjwvcmFuZ2U+CiAJPHJhbmdlPjxnZT4xMS4z PC9nZT48bHQ+MTEuM184PC9sdD48L3JhbmdlPgogICAgICAgPC9wYWNrYWdlPgorICAgICAg PHBhY2thZ2U+CisJPG5hbWU+b3BlbnNzbDwvbmFtZT4KKwk8cmFuZ2U+PGdlPjEuMS4xLDE8 L2dlPjxsdD4xLjEuMWcsMTwvbHQ+PC9yYW5nZT4KKyAgICAgIDwvcGFja2FnZT4KICAgICA8 L2FmZmVjdHM+CiAgICAgPGRlc2NyaXB0aW9uPgogICAgICAgPGJvZHkgeG1sbnM9Imh0dHA6 Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPgo= --------------5E34AF8A02F7B618070012B4--