Date: Sun, 30 Oct 2022 23:05:26 GMT From: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: db1cf95d315f - main - security/gvm: Fix issues with newer version of glib2/pcre2 Message-ID: <202210302305.29UN5QDq065466@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by acm: URL: https://cgit.FreeBSD.org/ports/commit/?id=db1cf95d315f7052f7fe73e224723df88f266586 commit db1cf95d315f7052f7fe73e224723df88f266586 Author: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> AuthorDate: 2022-10-30 23:01:31 +0000 Commit: Jose Alonso Cardenas Marquez <acm@FreeBSD.org> CommitDate: 2022-10-30 23:05:16 +0000 security/gvm: Fix issues with newer version of glib2/pcre2 PR: 267429 Reported by: freebsd _at_ ny-central.org, andrew _at_ tekrealm.net Obtained from: https://github.com/greenbone/gvmd/pull/1867/files --- security/gsad/Makefile | 1 + security/gsad/files/patch-src_gsad.c | 51 ++++++++++++++++++++++ security/gvm/Makefile | 2 +- security/gvmd/Makefile | 5 +-- security/gvmd/files/patch-src_manage.c | 15 +++++-- security/gvmd/files/patch-src_manage_configs.c | 11 +++++ security/gvmd/files/patch-src_manage_port_lists.c | 11 +++++ .../gvmd/files/patch-src_manage_report_formats.c | 11 +++++ security/gvmd/files/patch-src_manage_sql.c | 47 +++++++++++++++++--- .../files/patch-src_manage_sql_report_formats.c | 19 ++++++++ security/gvmd/files/patch-src_utils.c | 13 +++++- 11 files changed, 172 insertions(+), 14 deletions(-) diff --git a/security/gsad/Makefile b/security/gsad/Makefile index c6dd153735ef..544f509f724e 100644 --- a/security/gsad/Makefile +++ b/security/gsad/Makefile @@ -1,6 +1,7 @@ PORTNAME= gsad DISTVERSIONPREFIX= v DISTVERSION= 22.4.0 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= acm@FreeBSD.org diff --git a/security/gsad/files/patch-src_gsad.c b/security/gsad/files/patch-src_gsad.c new file mode 100644 index 000000000000..ac66b56ca8b4 --- /dev/null +++ b/security/gsad/files/patch-src_gsad.c @@ -0,0 +1,51 @@ +--- src/gsad.c 2022-10-30 17:54:07.766381000 -0500 ++++ src/gsad.c 2022-10-30 17:57:38.383048000 -0500 +@@ -480,7 +480,7 @@ + gvm_validator_add (validator, "asset_name", "(?s)^.*$"); + gvm_validator_add (validator, "asset_type", "^(host|os)$"); + gvm_validator_add (validator, "asset_id", +- "^([[:alnum:]-_.:\\/~()']|&)+$"); ++ "^([[:alnum:]\\-_.:\\/~()']|&)+$"); + gvm_validator_add (validator, "auth_algorithm", "^(md5|sha1)$"); + gvm_validator_add (validator, "auth_method", "^(0|1|2)$"); + /* Defined in RFC 2253. */ +@@ -595,7 +595,7 @@ + gvm_validator_add (validator, "list_fname", + "^([[:alnum:]_-]|%[%CcDFMmNTtUu])+$"); + /* Used for users, credentials, and scanner login name. */ +- gvm_validator_add (validator, "login", "^[[:alnum:]-_@.]+$"); ++ gvm_validator_add (validator, "login", "^[[:alnum:]\\-_@.]+$"); + gvm_validator_add (validator, "lsc_password", "^.*$"); + gvm_validator_add (validator, "max_result", "^[0-9]+$"); + gvm_validator_add (validator, "max_groups", "^-?[0-9]+$"); +@@ -605,10 +605,10 @@ + gvm_validator_add (validator, "note_required", "(?s)^(.)+$"); + gvm_validator_add (validator, "note_id", "^[a-z0-9\\-]+$"); + gvm_validator_add (validator, "override_id", "^[a-z0-9\\-]+$"); +- gvm_validator_add (validator, "name", "^[#-_[:alnum:], \\./]*$"); ++ gvm_validator_add (validator, "name", "^[#\\-_[:alnum:], \\./]*$"); + gvm_validator_add (validator, "info_name", "(?s)^.*$"); + gvm_validator_add (validator, "info_type", "(?s)^.*$"); +- gvm_validator_add (validator, "info_id", "^([[:alnum:]-_.:\\/~()']|&)+$"); ++ gvm_validator_add (validator, "info_id", "^([[:alnum:]\\-_.:\\/~()']|&)+$"); + gvm_validator_add (validator, "details", "^[0-1]$"); + /* Number is special cased in params_mhd_validate to remove the space. */ + gvm_validator_add (validator, "number", "^ *[0-9]+ *$"); +@@ -660,7 +660,7 @@ + "filter|group|host|info|nvt|note|os|ovaldef|override|permission|port_list|" + "report|report_format|result|role|scanner|schedule|tag|target|task|ticket|" + "tls_certificate|user|vuln|)$"); +- gvm_validator_add (validator, "resource_id", "^[[:alnum:]-_.:\\/~]*$"); ++ gvm_validator_add (validator, "resource_id", "^[[:alnum:]\\-_.:\\/~]*$"); + gvm_validator_add (validator, "resources_action", "^(|add|set|remove)$"); + gvm_validator_add ( + validator, "optional_resource_type", +@@ -719,7 +719,7 @@ + gvm_validator_add (validator, "uuid", "^[0-9abcdefABCDEF\\-]{1,40}$"); + gvm_validator_add (validator, "usage_type", "^(audit|policy|scan|)$"); + /* This must be "login" with space and comma. */ +- gvm_validator_add (validator, "users", "^[[:alnum:]-_@., ]*$"); ++ gvm_validator_add (validator, "users", "^[[:alnum:]\\-_@., ]*$"); + gvm_validator_add (validator, "x_field", "^[\\[\\]_[:alnum:]]+$"); + gvm_validator_add (validator, "y_fields:name", "^[0-9]+$"); + gvm_validator_add (validator, "y_fields:value", "^[\\[\\]_[:alnum:]]+$"); diff --git a/security/gvm/Makefile b/security/gvm/Makefile index 15291eb26c67..d208a4dce920 100644 --- a/security/gvm/Makefile +++ b/security/gvm/Makefile @@ -1,6 +1,6 @@ PORTNAME= gvm PORTVERSION= 22.4.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= acm@FreeBSD.org diff --git a/security/gvmd/Makefile b/security/gvmd/Makefile index 1bbc884129a6..6e2822bab6fa 100644 --- a/security/gvmd/Makefile +++ b/security/gvmd/Makefile @@ -1,6 +1,6 @@ PORTNAME= gvmd DISTVERSION= 22.4.0 -PORTREVISION= 1 +PORTREVISION= 2 DISTVERSIONPREFIX= v CATEGORIES= security @@ -50,8 +50,7 @@ post-patch: ${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' ${WRKSRC}/src/manage_sql.c ${REINPLACE_CMD} -e 's|+660|660|g' ${WRKSRC}/tools/greenbone-feed-sync.in ${REINPLACE_CMD} -e 's|#include <bsd/unistd.h>||g' ${WRKSRC}/src/manage.c \ - ${WRKSRC}/src/gvmd.c ${WRKSRC}/src/manage_sql_secinfo.c \ - ${WRKSRC}/src/manage_sql.c ${WRKSRC}/src/manage_sql_report_formats.c + ${WRKSRC}/src/gvmd.c ${WRKSRC}/src/manage_sql_secinfo.c post-install: @${MKDIR} ${STAGEDIR}/var/lib/gvm/gvmd/gnupg diff --git a/security/gvmd/files/patch-src_manage.c b/security/gvmd/files/patch-src_manage.c index 85f58ef903cf..32cfdbfb5264 100644 --- a/security/gvmd/files/patch-src_manage.c +++ b/security/gvmd/files/patch-src_manage.c @@ -1,6 +1,6 @@ ---- src/manage.c 2020-12-31 17:01:32.913198000 -0500 -+++ src/manage.c 2020-12-31 17:01:47.001860000 -0500 -@@ -75,6 +75,7 @@ +--- src/manage.c 2022-07-21 02:20:24.000000000 -0500 ++++ src/manage.c 2022-10-30 17:41:24.914386000 -0500 +@@ -76,6 +76,7 @@ #include <sys/file.h> #include <sys/stat.h> #include <sys/types.h> @@ -8,3 +8,12 @@ #include <sys/wait.h> #include <time.h> #include <unistd.h> +@@ -5952,7 +5953,7 @@ + int + validate_username (const gchar * name) + { +- if (g_regex_match_simple ("^[[:alnum:]-_.]+$", name, 0, 0)) ++ if (g_regex_match_simple ("^[[:alnum:]_.-]+$", name, 0, 0)) + return 0; + else + return 1; diff --git a/security/gvmd/files/patch-src_manage_configs.c b/security/gvmd/files/patch-src_manage_configs.c new file mode 100644 index 000000000000..f60828fbdff3 --- /dev/null +++ b/security/gvmd/files/patch-src_manage_configs.c @@ -0,0 +1,11 @@ +--- src/manage_configs.c 2022-10-30 17:15:56.559846000 -0500 ++++ src/manage_configs.c 2022-10-30 17:17:03.298223000 -0500 +@@ -316,7 +316,7 @@ + + split = g_regex_split_simple + (/* Full-and-Fast--daba56c8-73ec-11df-a475-002264764cea.xml */ +- "^.*([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12}).xml$", ++ "^.*([0-9a-f]{8})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{12}).xml$", + path, 0, 0); + + if (split == NULL || g_strv_length (split) != 7) diff --git a/security/gvmd/files/patch-src_manage_port_lists.c b/security/gvmd/files/patch-src_manage_port_lists.c new file mode 100644 index 000000000000..574d008a842d --- /dev/null +++ b/security/gvmd/files/patch-src_manage_port_lists.c @@ -0,0 +1,11 @@ +--- src/manage_port_lists.c 2022-10-30 17:18:04.068398000 -0500 ++++ src/manage_port_lists.c 2022-10-30 17:18:35.850793000 -0500 +@@ -252,7 +252,7 @@ + + split = g_regex_split_simple + (/* Full-and-Fast--daba56c8-73ec-11df-a475-002264764cea.xml */ +- "^.*([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12}).xml$", ++ "^.*([0-9a-f]{8})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{12}).xml$", + path, 0, 0); + + if (split == NULL || g_strv_length (split) != 7) diff --git a/security/gvmd/files/patch-src_manage_report_formats.c b/security/gvmd/files/patch-src_manage_report_formats.c new file mode 100644 index 000000000000..9e8fb0af0756 --- /dev/null +++ b/security/gvmd/files/patch-src_manage_report_formats.c @@ -0,0 +1,11 @@ +--- src/manage_report_formats.c 2022-10-30 17:19:27.476854000 -0500 ++++ src/manage_report_formats.c 2022-10-30 17:19:55.531658000 -0500 +@@ -612,7 +612,7 @@ + + split = g_regex_split_simple + (/* Full-and-Fast--daba56c8-73ec-11df-a475-002264764cea.xml */ +- "^.*([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12}).xml$", ++ "^.*([0-9a-f]{8})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{4})\\-([0-9a-f]{12}).xml$", + path, 0, 0); + + if (split == NULL || g_strv_length (split) != 7) diff --git a/security/gvmd/files/patch-src_manage_sql.c b/security/gvmd/files/patch-src_manage_sql.c index fe750e08bd2b..343c997fa208 100644 --- a/security/gvmd/files/patch-src_manage_sql.c +++ b/security/gvmd/files/patch-src_manage_sql.c @@ -1,6 +1,6 @@ ---- src/manage_sql.c 2021-04-16 02:27:18.000000000 -0500 -+++ src/manage_sql.c 2021-06-14 19:33:56.599632000 -0500 -@@ -52,7 +52,6 @@ +--- src/manage_sql.c 2022-07-21 02:20:24.000000000 -0500 ++++ src/manage_sql.c 2022-10-30 17:32:08.342879000 -0500 +@@ -54,7 +54,6 @@ #include <errno.h> #include <glib/gstdio.h> #include <gnutls/x509.h> @@ -8,7 +8,24 @@ #include <pwd.h> #include <stdlib.h> #include <sys/socket.h> -@@ -9075,7 +9074,7 @@ +@@ -71,7 +70,6 @@ + #include <gvm/base/hosts.h> + #include <gvm/base/pwpolicy.h> + #include <gvm/base/logging.h> +-#include <bsd/unistd.h> + #include <gvm/util/fileutils.h> + #include <gvm/util/gpgmeutils.h> + #include <gvm/util/serverutils.h> +@@ -6997,7 +6995,7 @@ + + if (strcmp (name, "tp_sms_hostname") == 0) + { +- if (g_regex_match_simple ("^[0-9A-Za-z][0-9A-Za-z.-]*$", ++ if (g_regex_match_simple ("^[0-9A-Za-z][0-9A-Za-z.\\-]*$", + *data, 0, 0) + == FALSE) + { +@@ -9122,7 +9120,7 @@ g_debug (" HTTP_GET %s", url); cmd = (gchar **) g_malloc (5 * sizeof (gchar *)); @@ -17,7 +34,7 @@ cmd[1] = g_strdup ("-O"); cmd[2] = g_strdup ("-"); cmd[3] = g_strdup (url); -@@ -15262,8 +15261,6 @@ +@@ -15349,8 +15347,6 @@ } cleanup_iterator (&nvts); @@ -26,3 +43,23 @@ } /** +@@ -49740,8 +49736,8 @@ + */ + languages_regex + = g_regex_new ("^(Browser Language|" +- "([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_-]+)?" +- "(:([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_-]+)?)*)$", ++ "([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_\\-]+)?" ++ "(:([a-z]{2,3})(_[A-Z]{2})?(@[[:alnum:]_\\-]+)?)*)$", + 0, 0, NULL); + match = g_regex_match (languages_regex, value, 0, NULL); + g_regex_unref (languages_regex); +@@ -50309,7 +50305,7 @@ + if (strcmp (uuid, SETTING_UUID_LSC_DEB_MAINTAINER) == 0) + { + if (g_regex_match_simple +- ("^([[:alnum:]-_]*@[[:alnum:]-_][[:alnum:]-_.]*)?$", ++ ("^([[:alnum:]\\-_]*@[[:alnum:]\\-_][[:alnum:]\\-_.]*)?$", + value, 0, 0) == FALSE) + return 1; + } diff --git a/security/gvmd/files/patch-src_manage_sql_report_formats.c b/security/gvmd/files/patch-src_manage_sql_report_formats.c new file mode 100644 index 000000000000..fe1784255a13 --- /dev/null +++ b/security/gvmd/files/patch-src_manage_sql_report_formats.c @@ -0,0 +1,19 @@ +--- src/manage_sql_report_formats.c 2022-07-21 02:20:24.000000000 -0500 ++++ src/manage_sql_report_formats.c 2022-10-30 17:34:50.896890000 -0500 +@@ -45,7 +45,6 @@ + #include <unistd.h> + + #include <gvm/base/gvm_sentry.h> +-#include <bsd/unistd.h> + #include <gvm/util/uuidutils.h> + #include <gvm/util/fileutils.h> + +@@ -2472,7 +2471,7 @@ + case REPORT_FORMAT_PARAM_TYPE_REPORT_FORMAT_LIST: + { + if (g_regex_match_simple +- ("^(?:[[:alnum:]-_]+)?(?:,(?:[[:alnum:]-_])+)*$", value, 0, 0) ++ ("^(?:[[:alnum:]\\-_]+)?(?:,(?:[[:alnum:]\\-_])+)*$", value, 0, 0) + == FALSE) + return 1; + else diff --git a/security/gvmd/files/patch-src_utils.c b/security/gvmd/files/patch-src_utils.c index 00bcbffaace2..f70964cbd5ce 100644 --- a/security/gvmd/files/patch-src_utils.c +++ b/security/gvmd/files/patch-src_utils.c @@ -1,5 +1,5 @@ ---- src/utils.c 2020-12-31 16:52:50.534962000 -0500 -+++ src/utils.c 2020-12-31 16:52:59.759527000 -0500 +--- src/utils.c 2022-07-21 02:20:24.000000000 -0500 ++++ src/utils.c 2022-10-30 17:36:49.935808000 -0500 @@ -34,7 +34,7 @@ /** * @brief Needed for nanosleep. @@ -9,3 +9,12 @@ #include "utils.h" +@@ -339,7 +339,7 @@ + epoch_time = 0; + + if (regex == NULL) +- regex = g_regex_new ("^([0-9]{4}-[0-9]{2}-[0-9]{2})" ++ regex = g_regex_new ("^([0-9]{4}\\-[0-9]{2}\\-[0-9]{2})" + "[T ]([0-9]{2}:[0-9]{2})" + "(:[0-9]{2})?(?:\\.[0-9]+)?" + "(Z|[+-][0-9]{2}:?[0-9]{2})?$",
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210302305.29UN5QDq065466>