From owner-svn-ports-head@freebsd.org  Mon Mar  4 10:48:48 2019
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 33F0A150C1C2;
 Mon,  4 Mar 2019 10:48:48 +0000 (UTC)
 (envelope-from joneum@FreeBSD.org)
Received: from toco-domains.de (mail.toco-domains.de
 [IPv6:2a01:4f8:150:50a5::6])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C52D8932E5;
 Mon,  4 Mar 2019 10:48:47 +0000 (UTC)
 (envelope-from joneum@FreeBSD.org)
Received: from phantomias.home.jochen-neumeister.de
 (p5B0FDD1D.dip0.t-ipconnect.de [91.15.221.29])
 by toco-domains.de (Postfix) with ESMTPA id CB5DE13514DA;
 Mon,  4 Mar 2019 11:48:46 +0100 (CET)
Subject: Re: svn commit: r494571 - head/www/mybb
To: Tobias Kortkamp <tobik@freebsd.org>
Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
References: <201903041002.x24A2c3F085833@repo.freebsd.org>
 <20190304104300.GA61251@urd.tobik.me>
 <93163fa6-4dd2-d8fe-6a41-9d7b8f7e04ed@FreeBSD.org>
 <20190304104744.GA15419@urd.tobik.me>
From: Jochen Neumeister <joneum@FreeBSD.org>
Message-ID: <c11b6d30-200f-c7b9-893c-a09647d3f624@FreeBSD.org>
Date: Mon, 4 Mar 2019 11:48:46 +0100
MIME-Version: 1.0
In-Reply-To: <20190304104744.GA15419@urd.tobik.me>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: de-DE
X-Rspamd-Queue-Id: C52D8932E5
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.99 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[];
 NEURAL_HAM_SHORT(-0.99)[-0.995,0]
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 10:48:48 -0000


On 04.03.19 11:47, Tobias Kortkamp wrote:
> On Mon, Mar 04, 2019 at 11:45:24AM +0100, Jochen Neumeister wrote:
>> On 04.03.19 11:43, Tobias Kortkamp wrote:
>>> On Mon, Mar 04, 2019 at 10:02:38AM +0000, Jochen Neumeister wrote:
>>>> Author: joneum
>>>> Date: Mon Mar  4 10:02:38 2019
>>>> New Revision: 494571
>>>> URL: https://svnweb.freebsd.org/changeset/ports/494571
>>>>
>>>> Log:
>>>>     in r494382, et to update GH_TAGNAME. This fixes it
>>>>     
>>>>     MFH:		2019Q1
>>>>     Security:	395ed9d5-3cca-11e9-9ba0-4c72b94353b5
>>>>     Sponsored by:	Netzkommune GmbH
>>>>
>>>> Modified:
>>>>     head/www/mybb/Makefile
>>>>     head/www/mybb/distinfo
>>>>     head/www/mybb/pkg-plist
>>>>
>>>> Modified: head/www/mybb/Makefile
>>>> ==============================================================================
>>>> --- head/www/mybb/Makefile	Mon Mar  4 09:45:56 2019	(r494570)
>>>> +++ head/www/mybb/Makefile	Mon Mar  4 10:02:38 2019	(r494571)
>>>> @@ -11,7 +11,7 @@ COMMENT=	PHP-based bulletin board / discussion forum s
>>>>    LICENSE=	GPLv3
>>>>    
>>>>    USE_GITHUB=	yes
>>>> -GH_TAGNAME=	${PORTNAME}_1819
>>>> +GH_TAGNAME=	${PORTNAME}_1820
>>> Do you plan to update vuxml too?  Our mybb-1.8.20 is mybb-1.8.19
>>> in reality which is still vulnerable, but is not marked as such by
>>> pkg audit.
>>>
>>> $ pkg audit mybb-1.8.19
>>> mybb-1.8.19 is vulnerable:
>>> mybb -- vulnerabilities
>>> WWW: https://vuxml.FreeBSD.org/freebsd/395ed9d5-3cca-11e9-9ba0-4c72b94353b5.html
>>>
>>> 1 problem(s) in the installed packages found.
>>>
>>> $ pkg audit mybb-1.8.20
>>> 0 problem(s) in the installed packages found.
>>>
>> 1.8.20 is in vuxml:
>>
>> +	<range><lt>1.8.20</lt></range>
> Yeah, but this entry does not match 1.8.20.  It should be 1.8.20_1
> now (the one with PORTREVISION=1 after the GH_TAGNAME fix), not
> 1.8.20 which is the same as 1.8.19.


args ... you're right. Thanks .... i need more coffee.