From owner-cvs-ports@FreeBSD.ORG Tue May 24 23:59:59 2011 Return-Path: Delivered-To: cvs-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 517A8106566C; Tue, 24 May 2011 23:59:59 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from u18-124.dslaccess.de (unknown [194.231.39.124]) by mx1.freebsd.org (Postfix) with ESMTP id EB0F48FC1A; Tue, 24 May 2011 23:59:58 +0000 (UTC) Received: from [172.20.1.100] (cde1100.uni.vrs [172.20.1.100]) (Authenticated sender: ohauer) by u18-124.dslaccess.de (Postfix) with ESMTPSA id 0B0A32042C; Wed, 25 May 2011 01:59:55 +0200 (CEST) Message-ID: <4DDC467B.7030305@FreeBSD.org> Date: Wed, 25 May 2011 01:59:55 +0200 From: Olli Hauer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: Wesley Shields References: <201105242259.p4OMxqYO099440@repoman.freebsd.org> <20110524232400.GA77710@atarininja.org> <4DDC3EAE.6030802@gmx.de> <20110524233622.GB77710@atarininja.org> In-Reply-To: <20110524233622.GB77710@atarininja.org> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Olli Hauer , cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ohauer@FreeBSD.org List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2011 23:59:59 -0000 On 2011-05-25 01:36, Wesley Shields wrote: > On Wed, May 25, 2011 at 01:26:38AM +0200, olli hauer wrote: >> On 2011-05-25 01:24, Wesley Shields wrote: >>> On Tue, May 24, 2011 at 10:59:52PM +0000, Olli Hauer wrote: >>>> ohauer 2011-05-24 22:59:52 UTC >>>> >>>> FreeBSD ports repository >>>> >>>> Modified files: >>>> security/vuxml vuln.xml >>>> Log: >>>> - use apr-* and add entries for all apr0/apr1 issues >>>> ( .. is needed else the parser cannot make a difference >>>> between apr0 and apr1) >>>> >>>> - lowercase ViewVC -> viewvc >>>> >>>> Thanks Jun Kuriyama ( kuriyama@ ) for the notice and the patch >>>> for the apr entries. >>> >>> The apr-* stuff broke the build. >>> >>> -- WXS >>> >> >> grrrr, I see the same but only on my 8.2 machines no issues on 7.4. >> >> Do you have a change to verify this (7.4/8.x)? > > I'm not sure what you mean, and it is probably because I was not clear. > The vuxml build is broken. I can't speak for the build of the ports > themselves. > > Sorry for the confusion. > > -- WXS Hm, now I need some one help. I just notice issue with vxquery portaudit parser. If a vuln.xml entry does not match the exact portname it will not detected. For example the entry apr-* 1.4.0.1.3.01.4.5.1.3.12 will be detected by portaudit but vxquery expects in my case apr-ipv6-devrandom-gdbm-db47 1.4.5.1.3.12 Unfortunately the package name for apr reflects the build options and we can end up with a view hundred different package names. (5 options * possible (bdb|mysql|pgsql|ldap|sqlite) versions) So what's the best way to document the apr issue? This entry is not recognized by portaudit and vxquery. apr1 1.4.5.1.3.12