From nobody Thu Dec 07 15:28:05 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SmJ7Y3GKcz538hr; Thu, 7 Dec 2023 15:28:09 +0000 (UTC) (envelope-from felix@palmen-it.de) Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SmJ7Y2VdYz4N89; Thu, 7 Dec 2023 15:28:09 +0000 (UTC) (envelope-from felix@palmen-it.de) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=sfXae+Tjdm9knG48RY7udWvdwUcHhnMEHYp+oIezfKU=; b=EnNkS7S8tVFvM/SeCZIN6csZVM TOLd9r5AvvF49LNf88qk7EsgKJladGlOy04LvwF0NvksOgo+ru1Gx7pXBf0q8nc9uQOMPWCbgC0lt 8Mu0TrGnluPp4wvBZNVkBSXGVWU6u7sIxr1X/J0wUr9VVIVY944hSbO5bM23Lxb/AypAyAVhzMHFW P7dSApR1moWIer331o2WFH9CCuP7ft7wS/tsMcY5FxrcdfDo8509ShJpU30sLDXQJT4jLW4woO5vA PgudW/OwCZKHqRGhlvwL84PWnL1Glm2gpLUUleYKeLts/QCIneR7mth9lrItbeatDVHYmsmNrAHsI KTDO5EBw==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rBGIJ-005MHE-2Z; Thu, 07 Dec 2023 16:28:07 +0100 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.97 (FreeBSD)) (envelope-from ) id 1rBGIJ-000000002vU-0SVI; Thu, 07 Dec 2023 15:28:07 +0000 Date: Thu, 7 Dec 2023 16:28:05 +0100 From: Felix Palmen To: Philip Paeps Cc: Dan Langille , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05 Message-ID: Mail-Followup-To: Philip Paeps , Dan Langille , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: FreeBSD.org References: <202312052304.3B5N4IOf078862@gitrepo.freebsd.org> <4c967ca4-bfa1-4e30-b330-feb94d6c765b@app.fastmail.com> <38DAC2D1-58B0-43C5-9F1E-97281068AFD5@freebsd.org> <01372e6b-0e2d-4249-9f36-fdb24b380c71@app.fastmail.com> <1A46BB39-EBBA-4E02-97A4-860DD9608000@freebsd.org> List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rpksmkljaxt54z36" Content-Disposition: inline In-Reply-To: <1A46BB39-EBBA-4E02-97A4-860DD9608000@freebsd.org> User-Agent: NeoMutt/20231103 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4SmJ7Y2VdYz4N89 --rpksmkljaxt54z36 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Philip Paeps [20231207 12:55]: > On 2023-12-07 09:10:31 (+0800), Dan Langille wrote: > > On Wed, Dec 6, 2023, at 7:52 PM, Philip Paeps wrote: > > > On 2023-12-07 08:43:21 (+0800), Dan Langille wrote: > > > > Why don't we check them and record them separately? > > >=20 > > > I already record them separately in vuxml. If a vulnerability only > > > affects userland, I record > > > FreeBSD[...]. > > > If the kernel is affected I record > > > FreeBSD-kernel[...]. > > >=20 > > > Hmm ... is that the problem? Should I set the versions to the > > > *kernel* > > > patch level for FreeBSD-kernel vulnerabilities? > >=20 > > First, let's test if that fixes it. > >=20 > > This fixes it for me: > >=20 > > 13.213.2_4 > >=20 > > [...] > >=20 > > > Is something going to get upset if I change the most recent entry to > > > 12.2_4? > >=20 > > That I don't know. > >=20 > > VUXML entries have AMENDED values don't they? >=20 > Thanks for testing this out. I've pushed a vuxml entry in > 4826396e5d15. This can't be correct, -p4 appeared in October, it can't possibly fix a vuln discovered in December :o I'm still on -p6 here, upgrading from source and just always building the kernel as well (so my kernel version also shows -p6). With this change, it won't show me the vuln that's certainly present. I strongly assume the full freebsd-upgrade procedure will also upgrade the kernel to -p7. If it doesn't, there's a more troubling issue somewhere... Cheers, Felix --=20 Felix Palmen {private} felix@palmen-it.de -- ports committer -- {web} http://palmen-it.de {pgp public key} http://palmen-it.de/pub.txt {pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231 --rpksmkljaxt54z36 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZXHkhV8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny MXBTAQDYlzCYJWlQOaPQynf4n/KJsPp7ADBX2oLMKBrOppnz4wD/TN+TvNbnhgs9 LypmuzPIe6JWL5vQOCN69HZxtn8I2wk= =DP/C -----END PGP SIGNATURE----- --rpksmkljaxt54z36--