Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Apr 2020 19:55:05 +0000
From:      Glen Barber <gjb@freebsd.org>
To:        Craig Leres <leres@freebsd.org>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r532463 - head/security/vuxml
Message-ID:  <20200422195505.GX9584@FreeBSD.org>
In-Reply-To: <f0bca725-9dff-be68-780a-d2da56e1d51e@freebsd.org>
References:  <202004221044.03MAixGc069557@repo.freebsd.org> <f0bca725-9dff-be68-780a-d2da56e1d51e@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--tz827eEgdc+99pmc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 22, 2020 at 11:02:07AM -0700, Craig Leres wrote:
> On 2020-04-22 03:44, Glen Barber wrote:
> > Author: gjb
> > Date: Wed Apr 22 10:44:59 2020
> > New Revision: 532463
> > URL: https://svnweb.freebsd.org/changeset/ports/532463
> >=20
> > Log:
> >    Attempt number 2 to fix the vuxml build.
> >    Sponsored by:	Rubicon Communications, LLC (netgate.com)
> >=20
> > Modified:
> >    head/security/vuxml/vuln.xml
> >=20
> > Modified: head/security/vuxml/vuln.xml
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> > --- head/security/vuxml/vuln.xml	Wed Apr 22 10:36:57 2020	(r532462)
> > +++ head/security/vuxml/vuln.xml	Wed Apr 22 10:44:59 2020	(r532463)
> > @@ -96,7 +96,6 @@ Notes:
> >   	<name>FreeBSD</name>
> >   	<range><ge>12.1</ge><lt>12.1_4</lt></range>
> >   	<range><ge>11.3</ge><lt>11.3_8</lt></range>
> > -      </package>
> >   	<name>openssl</name>
> >   	<range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range>
> >         </package>
>=20
> I think the right fix here would have been to change </package> to <packa=
ge>
> (instead of removing it). r532468 removes the openssl versions block
> completely.
>=20
> What I saw this morning is that my systems were briefly reporting
> openssl-1.1.1f,1 as vulnerable (1:46am PDT) and then later not vulnerable
> (4:46am).
>=20
> I believe the attached patch fixes this.
>=20
> 		Craig

> Index: security/vuxml/vuln.xml
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- security/vuxml/vuln.xml	(revision 532491)
> +++ security/vuxml/vuln.xml	(working copy)
> @@ -97,6 +97,10 @@
>  	<range><ge>12.1</ge><lt>12.1_4</lt></range>
>  	<range><ge>11.3</ge><lt>11.3_8</lt></range>
>        </package>
> +      <package>
> +	<name>openssl</name>
> +	<range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range>
> +      </package>
>      </affects>
>      <description>
>        <body xmlns=3D"http://www.w3.org/1999/xhtml">;

Please feel free to go ahead and commit your patch, assuming it does not
break the vuxml build.

Glen


--tz827eEgdc+99pmc
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl6goRQACgkQAxRYpUeP
4pM/Nw//dACXzUlZfFtYxzs/GSg1d0rnI0jLnLTn9LbD0fuQcNHpWDXaMMVoeHwe
KcXKC2uIahrFhDlq9//8Lh5dS73IkG2xKwr2bl4uwbAghVx0HKn50Gv/L9IY15L2
i4mHNyLSB/dumX6B+9YAt01BJK5hElpbdeiv6zXyGhM1PSbNEJ1uUFHp4YDM8mTU
4aie/P5UHG1ahMHGiMftdYgmEZhQTdb9kiu7M9QCiZ7w8OHjTtZ6gtB7J8T4seP8
SiHk+pE42YXcB480Mhf6xSy2NXuRZXy18lXnTjrf/gasJL4OGM5cZW4BSmaRih3k
8H1Ny9ZKCofGWFipjemwVfcA/To+HZ2Teoxw+TQ9FNujyfiM6g0OeEG+2ojVPYDu
DYcNlCCbUb2qU/lmK60HKkAvKGboe/sqG7ESFijRY4tAk9fopzUKilnhHROg+9W+
htP4o6Qa7UiAsE7mAYLRnx8RPGnHoRICVsoA+2e/0ZDHzLqARCDpoCNmP+EqxLU6
3GFhkURAYxh8wcTDo3A28QxxKgVHfE+FDQpqP492Lg95a/ZWNoMK65UPSylMLV96
ytxR91cmYs42dWa329f+J0GPGSk0FlaaI8zpYuG918TNyCknU5F19XFMJrq5dpjQ
Fhs3hp3VXfwii3zSMK3ZeVAJMtCbYzcHR4LDVosCeqNAYvBedTU=
=6vea
-----END PGP SIGNATURE-----

--tz827eEgdc+99pmc--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200422195505.GX9584>