From nobody Tue Jan 14 20:52:41 2025
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YXhCf1hmdz5kQ0J;
	Tue, 14 Jan 2025 20:52:46 +0000 (UTC)
	(envelope-from garga@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YXhCf13l5z4Lfr;
	Tue, 14 Jan 2025 20:52:46 +0000 (UTC)
	(envelope-from garga@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1736887966;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:autocrypt:autocrypt;
	bh=/cuU+1Pwf/wUX7kSl4e0LTvLJF2Q0kiyHmuxDGgNMhc=;
	b=I0oaHtWRUA1fNgCvbhvO6tYaOea3pQWtLghFHJ78MOnL7WTviIbduRMEj74lzJvuEwlYQk
	VV46TreqsC/b3O3VXOTlkdcwhLr8LGstHDoT9r3FkL1ycUo0R4rd/29UJ0K/Q7qi9yYm9I
	BpkEaPXSE7Cw1kXuFLQA8QHqjIV5oVUnbdVPTgtXMnrLiusD2/baYB9ZoCnVWxYBhp5wxC
	t5bFgTF9crOOdT4qBVnd9mBeTuzx2ziUQAmvjQJYtPUYtVhLN+J1s1IVtouJ2g9YdHweS4
	MVyrVHQn+3GUjgpYe2xGqkR35KeNHQ1HxlFQFBa0aFhByTBPaDJeRuXH+r6/cA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1736887966;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:autocrypt:autocrypt;
	bh=/cuU+1Pwf/wUX7kSl4e0LTvLJF2Q0kiyHmuxDGgNMhc=;
	b=R5W+SHGzSylGelXAy+Po6lPNXDk48VdJ6HdrNNMl7se/RP+IxP045wwTDGnPnLy0vaQdJ9
	va/sMu4nROJ+XyV5cc3IQYiVDuueQw4ys2VrdURYTl7WobT9JZf9cWFU5Z4CY8pss1tT5S
	31JeVBG9NvopS9yhJ5mUa20cDN6GaI/CjP7T1iXWyAtB8YAu0LNXl2bL72kV0PRKUcxKZo
	HWmsu2LJKU52Yy8GJFfucuc9mHaQ+CgngauNL0WSe3nhZ85ohrh8o13uX7cozd7CVmx+zq
	miY65ZVkelK/TAVgmwtt7eTVFPBebzxPVQcdIi1M43ibXyR5/GoLkVeCJSTvWg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736887966; a=rsa-sha256; cv=none;
	b=dvuRo+667aK+OOUkGqazCChr4Uu829jrO/7TjV/3yaStv5yVR4umJwQ1dS6a9g8VAO7bF9
	4ejr0kujJ4sU3wcd0wY4QQhSXrZgxjjVS/yvVbTGfasqMKW2D7ACYwJjg5FRsv8ie5Eq5c
	3znsu8AH3XJhhm4jC875PLS0CbC195ZZdOuCTsrlW7qGn+P3gY1Tth4S2tDYONrFgCdEyY
	quzhJAqKHyWqPCeGiM20OQsPKimuYP4ZMrFTB5ZWa/8ldTOmcXxywwKZ+T1YhYmm3Pgvz8
	z6Cyv/lIOQ16chIapEnqlbGoFPslqeyS84mcPArPqUEy7ui6qFxP0yNkP8hrkQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from [IPV6:2804:f1c:8d5:8400:c5aa:5f32:a4c0:40] (unknown [IPv6:2804:f1c:8d5:8400:c5aa:5f32:a4c0:40])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: garga)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4YXhCd1S1xzt0Q;
	Tue, 14 Jan 2025 20:52:45 +0000 (UTC)
	(envelope-from garga@FreeBSD.org)
Message-ID: <c3b5d57b-8104-4bff-b0f2-2d1c6535545d@FreeBSD.org>
Date: Tue, 14 Jan 2025 17:52:41 -0300
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird Beta
Subject: Re: git: 05933df68ac7 - main - security/vuxml: Add record for
 net/keycloak
To: Vladimir Druzenko <vvd@FreeBSD.org>, ports-committers@FreeBSD.org,
 dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
References: <202501141611.50EGBclU081162@gitrepo.freebsd.org>
Content-Language: en-US
From: Renato Botelho <garga@FreeBSD.org>
Autocrypt: addr=garga@FreeBSD.org; keydata=
 xsBNBGStavwBCACjNlp/9+Y+VFe9ieR2h/WWbdvjz4Mb2z/f22bGoaskzCfvVNbo/v3i34I9
 H6OdgZkGqheQEAD2jNfRbmPr4z40xDMUpYGLds+1Mvg7G3Hms3j5Ef8KaLSWUNWIfwKdfSVR
 Qs35ccSJxAdRW5YdI6J3xZgika+3Bc4eJ05YE/nWW+PNTYevt5rqD50N3zybVYIcLoqVPpBi
 AZE/sf5SLiLACIJb1t/s4x+pi8vgWevxVVT9u8V1f8zYErmHSLSqjxii0B3eRZphX9NCJOv9
 +tfFZhnENInhn9gT7H4e2YumUltEy3jacONHJF3CC1pvvWEa6lEyypclMOkHQwNON7DLABEB
 AAHNLFJlbmF0byBCb3RlbGhvIChGcmVlQlNEKSA8Z2FyZ2FARnJlZUJTRC5vcmc+wsCXBBMB
 CgBBAhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4FAheAFiEERL7Dxegbnh7xTiQ5Ob6P
 xxJcZXoFAmSta78CGQEACgkQOb6PxxJcZXrYlggAgaZmr6c1yIWzN8VksHrHpwt/uxONEP+h
 ljy3yfrMsgfS5wx5Uzgfih1xYZUFC6jiI63CetqBqJpp3g1klRS1UWYKx2NeXphDMYZEdPm/
 a6sXh4bKZbk6IE8Yn0/YiRT57d9DtbvswC7Gn7Igj/MSbhl49TvTGyvuB6juaffVoYZViomx
 5zMoee8Ml2o2qj3MrCJ+/K8GU54RlpOGqGRsqdwVdr9XEWub6fF2YFwR46cjmbiU3P5urFHH
 nkJlBGPIwKxHimTW0lZsdx9aCKRDd/D80/WOEzXmk3k8B9lv/GsvOluHmveLhJG1R1tIJ31I
 f2q8dfTvqsQXnu8CcWRcgc7ATQRkrWr8AQgA1DufoxScA+CWQbUR6zExIu8wXQKrhuRt4DG2
 BgynT7EMUvEBadcbQRZXsBpemNfncc9Axyut/+rWiyKJf9BLQuo/9QYmSRvW1U6+0LJUYmdg
 kMyBeYaPk+vnssv/u9jLuvV7FVgyE0yk1iaWIKOVDD+XrQCOvGw9uSceBrQyCyo3A/eRM/+p
 vnDCaywR63PKE+3axk6lfNdGK3TnaWmS30/ZDCZlNsXuqprqR4JdT5wXids5o36dsuJ5EZ20
 s5hNMD34s4Yr1Y1R9elH6qBsFCpozs0+jwrArxq+UJJCR6hH5W8ZEwJtRC8tzR8mRE1WywzX
 BXYj0YhfGztQIxZckQARAQABwsB8BBgBCgAmFiEERL7Dxegbnh7xTiQ5Ob6PxxJcZXoFAmSt
 avwCGwwFCQWjmoAACgkQOb6PxxJcZXr1vgf/SKXhoZcUU5I7TqcbHg0lJz9tICTupCGHWr/s
 SQgjh9oEM5j1wqW7FlCGP90Tl9K0g3ow9YdbhU7VK470o6pymX9V9eLHzGgkZO/KMEtGBeK1
 u+5ePjCJ/MK5B21KODLSU7WrIL1VN5ceXfQPLYt02LMLtPri+oduHD6RNBeA7US1DUzleq5F
 9NHGbvV2U7BdDUezpiO8NaFjFZVB11I5d99FxUM5XGVstI3VhsRKZxjY0KnqJzaQgTFsPGmv
 AUfZVIN1pXgXiedhPXpr8+Y64jP+pHVwpVmh1zYWL6+q3kqFOUVP6c5iiMeoEXZvgJz7x/AC
 ek3X5gvu8Hpcv+MZIg==
In-Reply-To: <202501141611.50EGBclU081162@gitrepo.freebsd.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 14/01/25 13:11, Vladimir Druzenko wrote:
> The branch main has been updated by vvd:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=05933df68ac7ae7752a8675eba10a0e0e16cfacb
> 
> commit 05933df68ac7ae7752a8675eba10a0e0e16cfacb
> Author:     Matthias Wolf <freebsd@rheinwolf.de>
> AuthorDate: 2025-01-14 16:05:52 +0000
> Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
> CommitDate: 2025-01-14 16:11:09 +0000
> 
>      security/vuxml: Add record for net/keycloak
>      
>      CVE-2024-11736 Unrestricted admin use of system and environment variables
>      CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers
>      
>      Security:       CVE-2024-11734
>      Security:       CVE-2024-11736
>      PR:             284058
> ---
>   security/vuxml/vuln/2025.xml | 30 ++++++++++++++++++++++++++++++
>   1 file changed, 30 insertions(+)
> 
> diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
> index e2bd8727d1c4..f202dc01a5e7 100644
> --- a/security/vuxml/vuln/2025.xml
> +++ b/security/vuxml/vuln/2025.xml
> @@ -1,3 +1,33 @@
> +  <vuln vid="7d7a28cd-7f5a-450a-852f-c49aaab3fa7e">
> +    <topic>keycloak -- Multiple security fixes</topic>
> +    <affects>
> +      <package>
> +        <name>keycloak</name>
> +        <range><lt>26.0.8</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">
> +        <p>Keycloak reports:</p>
> +        <blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
> +          <p>This update includes 2 security fixes:</p>
> +          <ul>
> +            <li>CVE-2024-11734: Unrestricted admin use of system and environment variables</li>
> +            <li>CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers</li>
> +          </ul>
> +        </blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2024-11734</cvename>
> +      <cvename>CVE-2024-11736</cvename>
> +    </references>
> +    <dates>
> +      <discovery>2025-01-13</discovery>
> +      <entry>2025-01-13</entry>
> +     </dates>
> +  </vuln>
> +
>     <vuln vid="7624c151-d116-11ef-b232-b42e991fc52e">
>       <topic>asterisk - path traversal</topic>
>       <affects>
> 
> 

`make validate` failed when I created new entry for git after this commit:

xmllint -noent 
/usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln.xml > 
/usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln-flat.xml
/bin/sh 
/usr/home/garga/work/freebsd/ports/main/security/vuxml/files/tidy.sh 
"/usr/home/garga/work/freebsd/ports/main/security/vuxml/files/tidy.xsl" 
"/usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln-flat.xml" > 
"/usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln.xml.tidy"
 >>> Validating...
/usr/local/bin/xmllint --valid --noout 
/usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln-flat.xml
warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt'
warning : xmlAddEntity: invalid redeclaration of predefined entity 'amp'
 >>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
--- /usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln-flat.xml 
        2025-01-14 17:51:29.516064000 -0300
+++ 
/usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln.xml.unexpanded 
  2025-01-14 17:51:32.615493000 -0300
@@ -124,20 +124,20 @@
      <topic>keycloak -- Multiple security fixes</topic>
      <affects>
        <package>
-        <name>keycloak</name>
-        <range><lt>26.0.8</lt></range>
+       <name>keycloak</name>
+       <range><lt>26.0.8</lt></range>
        </package>
      </affects>
      <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Keycloak reports:</p>
-        <blockquote 
cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
-          <p>This update includes 2 security fixes:</p>
-          <ul>
-            <li>CVE-2024-11734: Unrestricted admin use of system and 
environment variables</li>
-            <li>CVE-2024-11736: Denial of Service in Keycloak Server 
via Security Headers</li>
-          </ul>
-        </blockquote>
+       <p>Keycloak reports:</p>
+       <blockquote 
cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
+         <p>This update includes 2 security fixes:</p>
+         <ul>
+           <li>CVE-2024-11734: Unrestricted admin use of system and 
environment variables</li>
+           <li>CVE-2024-11736: Denial of Service in Keycloak Server via 
Security Headers</li>
+         </ul>
+       </blockquote>
        </body>
      </description>
      <references>
... see above
Consider using 
/usr/home/garga/work/freebsd/ports/main/security/vuxml/vuln.xml.unexpanded 
for final commit
*** Error code 1

Stop.
make: stopped making "validate" in 
/usr/home/garga/work/freebsd/ports/main/security/vuxml

-- 
Renato Botelho