Date: Mon, 28 Apr 2008 20:23:47 GMT From: bf <bf2006a@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/123178: [PATCH]security/vuxml: gnupg-1.4.9 incorrectly marked as insecure Message-ID: <200804282023.m3SKNlaN087834@www.freebsd.org> Resent-Message-ID: <200804282030.m3SKU3cq005607@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 123178
>Category: ports
>Synopsis: [PATCH]security/vuxml: gnupg-1.4.9 incorrectly marked as insecure
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 28 20:30:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: bf
>Release: 7-STABLE i386
>Organization:
-
>Environment:
>Description:
gnupg-1.4.9 is thought to be secure, but a problem with revision 1.1611 of vuln.xml breaks the build in the "check-vulnerable" target. The problem is that the entry uses "gnupg1" in the name entry, but this is a MASTERDIR, and is neither the PORTNAME nor the PKGNAME of gnupg-1.4.9, the two identifying variables used in "check-vulnerable" target. Patch vuln.xml so that the proper version ranges of gnupg-* are checked.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN vuxml.orig/vuln.xml vuxml/vuln.xml
--- vuxml.orig/vuln.xml 2008-04-28 14:12:51.515508829 -0400
+++ vuxml/vuln.xml 2008-04-28 15:58:16.597772078 -0400
@@ -39,11 +39,8 @@
<affects>
<package>
<name>gnupg</name>
- <range><lt>2.0.9</lt></range>
- </package>
- <package>
- <name>gnupg1</name>
- <range><lt>1.4.9</lt></range>
+ <range><ge>1.*</ge><lt>1.4.9</lt></range>
+ <range><ge>2.*</ge><lt>2.0.9</lt></range>
</package>
</affects>
<description>
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804282023.m3SKNlaN087834>