From nobody Thu Dec  7 17:48:12 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SmMFJ2y8Nz53M6N;
	Thu,  7 Dec 2023 17:48:20 +0000 (UTC)
	(envelope-from felix@palmen-it.de)
Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SmMFJ146bz4cFj;
	Thu,  7 Dec 2023 17:48:20 +0000 (UTC)
	(envelope-from felix@palmen-it.de)
Authentication-Results: mx1.freebsd.org;
	none
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
	List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=0EgYEE0iRkabze4jNLubT6Cm6vPb2hRN47UcDJvxBBg=; b=duEWk6yPb81w6bPuhia38isOnf
	GBaLzCiWtiPtCS0/XpBo264EjASD7ZcqcmMZ8qB7tAXLeViKuKOXICSrZM37DBba5v8xauB7xjG6T
	+BAj8DNeolBGx3O1farMy+/AjTO9StqNqV8ooyT8eAzskm/f/WJbBxV9mEjaWs/vCAjKmX9qYqliD
	zkIlRCtVJUGj9OB4jgjKiYkntxnVQkUvz+BlD96e6vbBv0aL5Rf4eAKaZaVF7O3SpTBSxSC9z8UVq
	i1eoFw1Wj74gZ99gQqqXD7dLhhilbz7D1pbiMwOhQf/hFJiCZsUCmihhtBb2OlifvdeZC+gEY8WL1
	tk8Bl84w==;
Received: from [192.168.71.101] (helo=mail.home.palmen-it.de)
	by stef.palmen-it.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <felix@palmen-it.de>)
	id 1rBITu-005MZf-2u;
	Thu, 07 Dec 2023 18:48:14 +0100
Received: from nexus.home.palmen-it.de ([192.168.99.2])
	by mail.home.palmen-it.de with esmtpsa  (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256
	(Exim 4.97 (FreeBSD))
	(envelope-from <felix@palmen-it.de>)
	id 1rBITt-00000000Fqt-41oE;
	Thu, 07 Dec 2023 17:48:14 +0000
Date: Thu, 7 Dec 2023 18:48:12 +0100
From: Felix Palmen <zirias@freebsd.org>
To: Philip Paeps <philip@freebsd.org>
Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, 
	dev-commits-ports-main@freebsd.org
Subject: Re: git: 4826396e5d15 - main - security/vuxml: correct last SA's
 affected range
Message-ID: <4aoxukh3ddhkq3qmo4qi7vpeqo3wpxc6nivrlve67hr7oszr2m@3wydgx5pc7be>
Mail-Followup-To: Philip Paeps <philip@freebsd.org>, 
	ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, 
	dev-commits-ports-main@freebsd.org
X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJ<!xiU\\+>Ca'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M
 i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5
 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R(
Organization: FreeBSD.org
References: <202312070452.3B74qCJr077470@gitrepo.freebsd.org>
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="6ca3oa7k6ql2pj7c"
Content-Disposition: inline
In-Reply-To: <202312070452.3B74qCJr077470@gitrepo.freebsd.org>
User-Agent: NeoMutt/20231103
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]
X-Spamd-Bar: ----
X-Rspamd-Queue-Id: 4SmMFJ146bz4cFj


--6ca3oa7k6ql2pj7c
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Philip Paeps <philip@FreeBSD.org> [20231207 04:52]:
> The branch main has been updated by philip:
>=20
> URL: https://cgit.FreeBSD.org/ports/commit/?id=3D4826396e5d1555b9eebf58ca=
c290490b24bf1243
>=20
> commit 4826396e5d1555b9eebf58cac290490b24bf1243
> Author:     Philip Paeps <philip@FreeBSD.org>
> AuthorDate: 2023-12-07 04:49:28 +0000
> Commit:     Philip Paeps <philip@FreeBSD.org>
> CommitDate: 2023-12-07 04:49:28 +0000
>=20
>     security/vuxml: correct last SA's affected range
>    =20
>     FreeBSD-SA-23:17.pf only affects the kernel, not userland.  The first
>     patch level of the kernel without the vulnerability is 13.2_4, not
>     13.2_7.

Please revert this commit. The first sentence of the message is correct,
the second one is wrong. The fixed kernel has version 13.2-RELEASE-p7.

If this isn't reverted, only people who didn't upgrade since October '23
will ever get the warning. This most likely isn't the audience looking
at these warnings in the first place.

I'm well aware updates for freebsd-update skip building the kernel when
there are no changes, so the kernel version can have a lower patch level
than the userland version. But still, there's a single source of truth
for the version information, sys/conf/newvers.sh. When a new kernel is
built, it takes the version information from there. So a (fixed) kernel
built after src commit e8439726cfa5bd0059a65117447d8c4160bfed43 will
have a version of 13.2-RELEASE-p7.

Therefore, please revert. Or beat me to whatever I missed analyzing
that.

Thanks, Felix

>    =20
>     Reported by:    dvl
> ---
>  security/vuxml/vuln/2023.xml | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>=20
> diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
> index 6516a6a58f8a..952882829c6c 100644
> --- a/security/vuxml/vuln/2023.xml
> +++ b/security/vuxml/vuln/2023.xml
> @@ -4,7 +4,7 @@
>        <package>
>  	<name>FreeBSD-kernel</name>
>  	<range><ge>14.0</ge><lt>14.0_2</lt></range>
> -	<range><ge>13.2</ge><lt>13.2_7</lt></range>
> +	<range><ge>13.2</ge><lt>13.2_4</lt></range>
>  	<range><ge>12.4</ge><lt>12.4_9</lt></range>
>        </package>
>      </affects>
> @@ -36,6 +36,7 @@
>      <dates>
>        <discovery>2023-12-05</discovery>
>        <entry>2023-12-05</entry>
> +      <modified>2023-12-07</modified>
>      </dates>
>    </vuln>
> =20

--=20
 Felix Palmen <zirias@FreeBSD.org>     {private}   felix@palmen-it.de
 -- ports committer --                     {web}  http://palmen-it.de
 {pgp public key}  http://palmen-it.de/pub.txt
 {pgp fingerprint} 6936 13D5 5BBF 4837 B212  3ACC 54AD E006 9879 F231

--6ca3oa7k6ql2pj7c
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZXIFU18UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz
NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny
MSPcAQDm4rNJQyGZEc1zG6OK1L7EzF6RDO2h31eZEKG3EX8cmgD/QAypjg6nxRzQ
uCzuu60Xix7hOVQeL6pwoyM1dzESHQI=
=1uNj
-----END PGP SIGNATURE-----

--6ca3oa7k6ql2pj7c--