Date: Wed, 22 Apr 2020 19:55:05 +0000 From: Glen Barber <gjb@freebsd.org> To: Craig Leres <leres@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r532463 - head/security/vuxml Message-ID: <20200422195505.GX9584@FreeBSD.org> In-Reply-To: <f0bca725-9dff-be68-780a-d2da56e1d51e@freebsd.org> References: <202004221044.03MAixGc069557@repo.freebsd.org> <f0bca725-9dff-be68-780a-d2da56e1d51e@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--tz827eEgdc+99pmc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 22, 2020 at 11:02:07AM -0700, Craig Leres wrote: > On 2020-04-22 03:44, Glen Barber wrote: > > Author: gjb > > Date: Wed Apr 22 10:44:59 2020 > > New Revision: 532463 > > URL: https://svnweb.freebsd.org/changeset/ports/532463 > >=20 > > Log: > > Attempt number 2 to fix the vuxml build. > > Sponsored by: Rubicon Communications, LLC (netgate.com) > >=20 > > Modified: > > head/security/vuxml/vuln.xml > >=20 > > Modified: head/security/vuxml/vuln.xml > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > --- head/security/vuxml/vuln.xml Wed Apr 22 10:36:57 2020 (r532462) > > +++ head/security/vuxml/vuln.xml Wed Apr 22 10:44:59 2020 (r532463) > > @@ -96,7 +96,6 @@ Notes: > > <name>FreeBSD</name> > > <range><ge>12.1</ge><lt>12.1_4</lt></range> > > <range><ge>11.3</ge><lt>11.3_8</lt></range> > > - </package> > > <name>openssl</name> > > <range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range> > > </package> >=20 > I think the right fix here would have been to change </package> to <packa= ge> > (instead of removing it). r532468 removes the openssl versions block > completely. >=20 > What I saw this morning is that my systems were briefly reporting > openssl-1.1.1f,1 as vulnerable (1:46am PDT) and then later not vulnerable > (4:46am). >=20 > I believe the attached patch fixes this. >=20 > Craig > Index: security/vuxml/vuln.xml > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- security/vuxml/vuln.xml (revision 532491) > +++ security/vuxml/vuln.xml (working copy) > @@ -97,6 +97,10 @@ > <range><ge>12.1</ge><lt>12.1_4</lt></range> > <range><ge>11.3</ge><lt>11.3_8</lt></range> > </package> > + <package> > + <name>openssl</name> > + <range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range> > + </package> > </affects> > <description> > <body xmlns=3D"http://www.w3.org/1999/xhtml">; Please feel free to go ahead and commit your patch, assuming it does not break the vuxml build. Glen --tz827eEgdc+99pmc Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl6goRQACgkQAxRYpUeP 4pM/Nw//dACXzUlZfFtYxzs/GSg1d0rnI0jLnLTn9LbD0fuQcNHpWDXaMMVoeHwe KcXKC2uIahrFhDlq9//8Lh5dS73IkG2xKwr2bl4uwbAghVx0HKn50Gv/L9IY15L2 i4mHNyLSB/dumX6B+9YAt01BJK5hElpbdeiv6zXyGhM1PSbNEJ1uUFHp4YDM8mTU 4aie/P5UHG1ahMHGiMftdYgmEZhQTdb9kiu7M9QCiZ7w8OHjTtZ6gtB7J8T4seP8 SiHk+pE42YXcB480Mhf6xSy2NXuRZXy18lXnTjrf/gasJL4OGM5cZW4BSmaRih3k 8H1Ny9ZKCofGWFipjemwVfcA/To+HZ2Teoxw+TQ9FNujyfiM6g0OeEG+2ojVPYDu DYcNlCCbUb2qU/lmK60HKkAvKGboe/sqG7ESFijRY4tAk9fopzUKilnhHROg+9W+ htP4o6Qa7UiAsE7mAYLRnx8RPGnHoRICVsoA+2e/0ZDHzLqARCDpoCNmP+EqxLU6 3GFhkURAYxh8wcTDo3A28QxxKgVHfE+FDQpqP492Lg95a/ZWNoMK65UPSylMLV96 ytxR91cmYs42dWa329f+J0GPGSk0FlaaI8zpYuG918TNyCknU5F19XFMJrq5dpjQ Fhs3hp3VXfwii3zSMK3ZeVAJMtCbYzcHR4LDVosCeqNAYvBedTU= =6vea -----END PGP SIGNATURE----- --tz827eEgdc+99pmc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200422195505.GX9584>