From nobody Tue Apr 11 15:06:58 2023 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pwq1v2VK9z451MG for ; Tue, 11 Apr 2023 15:06:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pwq1v0jYLz3kLp; Tue, 11 Apr 2023 15:06:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681225619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zw2WJuEEXaikvD6r2rlF1a8f1A86wCjGVZIzuuUrrPU=; b=Evfd4tUqYDqW0S0Dh1te1OAi7YX/9/5Qg5pJ6SdJTOoSz+XnC/74BrQvQolyIPB2Dmho/u NjI7TMdX5rGHHrfDkPgfAsFWPHtfwlVnD91mBXyVPgaiWaIzcfPPQV5YLZRg29lU+B2UF3 mysn9RQNvvV3p6vExMDEJ0BPHHLCA43Gu5N/sdq9Wt84quxZdSYrV/Tx9WoJGr95g+KKt0 q8AcvbzF7sNemBZTyOMAXqEaj0jOFArV5GJOwWgpEM4jUtnsNZAui8WG4aCnjQR4FHODPc HGBuzbodWhzuMzxaDyNV7ej5tKX5TMDHruQ5ZJLNiMdODtvhU76No/3qSU3X8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681225619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zw2WJuEEXaikvD6r2rlF1a8f1A86wCjGVZIzuuUrrPU=; b=QMvkt9MJ8XrCm+Q2BG8LDN9rQMCwufVJ5b3LqI7NFbO3aC5NFnHDkhiGGxgjhmgdvrwwZL vO+mdFCDM420AFQv//xBq+ekV7bIgDJobXu3vjxaHpBGG0odLfaPbubVFPQfBMQ81wms9P E3HF/8EiHvza+dcfIkdS+716cZvs1NkHn9f9Ao9MwVkevZuafguXIOs9DHsSsPIbWpdldT 4lmz7yBoyPleIQVuwqxP8FNgFlyXOVZBlGeGqaI5BfWSZg6NSttq8SII15g7tfMhmGWTou j/ClraTPLju3VLeJq6TRdt9OE1qo0DSMLdjtoO5nLwEGxiOVgeKH4AONQrkKVg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681225619; a=rsa-sha256; cv=none; b=NCJmO+51/ZHQbpEP7kv4b8xlPpQ0jnTZZqbbvHkZv3BRoYHngtaV47eZCw9rvKdYUqLx3G 8jAINx726U6w6qAn8qkJtlmP9JnFkc352d8URGi9x5A2pUmImFbJhMniKPXOxBCLs3I23v 2ihcvl2qxTTyiR9AQQeDsTEjlW7ikN03/3Jykt2OPxYXVwCvNE8Pd6qwPWZ/5PpAksraMB 6CY53OFPmSDMWbqFDizA9b2NqMDdCfSYcIQJAvIyAlhDsVangNs3b+4gnFYj1/xwbG3XhI yTU6M6HAdbpNmUcXslB7PxgRFbqFKZbIavqpOGcgTn2HQLWiMQxHigHVJh38vg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Pwq1t6VyQzMdl; Tue, 11 Apr 2023 15:06:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33BF6wYP080575; Tue, 11 Apr 2023 15:06:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33BF6wFJ080574; Tue, 11 Apr 2023 15:06:58 GMT (envelope-from git) Date: Tue, 11 Apr 2023 15:06:58 GMT Message-Id: <202304111506.33BF6wFJ080574@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Lorenzo Salvadore Subject: git: b88d607c23 - main - Status/2023Q1/freshports.adoc: Add report List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: salvadore X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b88d607c2379254ffccc2922576831e20e8dc61b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=b88d607c2379254ffccc2922576831e20e8dc61b commit b88d607c2379254ffccc2922576831e20e8dc61b Author: Dan Langille AuthorDate: 2023-04-07 18:33:41 +0000 Commit: Lorenzo Salvadore CommitDate: 2023-04-11 15:06:15 +0000 Status/2023Q1/freshports.adoc: Add report Approved by: carlavilla (mentor) Pull Request: https://github.com/freebsd/freebsd-doc/pull/159 --- .../status/report-2023-01-2023-03/freshports.adoc | 48 ++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/website/content/en/status/report-2023-01-2023-03/freshports.adoc b/website/content/en/status/report-2023-01-2023-03/freshports.adoc new file mode 100644 index 0000000000..1ffc32e770 --- /dev/null +++ b/website/content/en/status/report-2023-01-2023-03/freshports.adoc @@ -0,0 +1,48 @@ +=== Freshports: SQL Injection Attack and Help Request + +Links: + +link:https://freshports..org[FreshPorts] URL: link:freshports.org[] + +link:https://news.freshports.org/[FreshPorts blog] URL: link:https://news.freshports.org/[] + +Contact: Dan Langille + +FreshPorts and FreshSource have reported upon FreeBSD commits for 20 years. They cover all commits, not just ports. + +FreshPorts tracks the commits and extracts data from the port Makefiles to create a database of information useful to both port maintainers and port users. + +For example, link:https://www.freshports.org/security/acme.sh/[] shows the history of the package:security/acme.sh[] port, back to its creation in May 2017. +Also available are dependencies, flavors, configuration options, and available packages. +All of this is useful for both users and developers of ports. + +==== SQL Injection Attack + +In March, an SQL injection attack was noticed and the website was patched. +Notices were sent out via our Twitter account, our status page, and a notice on the top of each page of the website. +The immediate attack vector was shutdown and soon patched. +Additional preventative patches were added across the website. +Everything we know about has been fixed. +Users were notified and advised to change their passwords. + +Details at: + +* link:https://news.freshports.org/2023/03/24/sql-inejection-issues-fixed/[] +* link:https://news.freshports.org/2023/03/24/freshsource-code-fixes/[] + +==== Help Needed + +It has been over 22 years since FreshPorts started. +Others must take over eventually. +I’d like to start that process now. +There are several aspects to FreshPorts: + +* FreeBSD admin (updating the OS and packages) +* front end code (website - mostly PHP) +* back end code (commit processing - Perl, Python, shell) +* database design (PostgreSQL). + +The database does not change very often and requires little maintenance compared to the applications and OS. +The website pretty much runs itself. +From time to time, a change to the FreeBSD ports infrastructure breaks something or requires a modification, but there is rarely any urgency to fix that. +This is not a huge time commitment. +There is a lot of learning. +While not a complex application, FreshPorts is also not trivial.