svn commit: r532463 - head/security/vuxml

Glen Barber gjb at freebsd.org
Wed Apr 22 19:55:09 UTC 2020 

On Wed, Apr 22, 2020 at 11:02:07AM -0700, Craig Leres wrote:
> On 2020-04-22 03:44, Glen Barber wrote:
> > Author: gjb
> > Date: Wed Apr 22 10:44:59 2020
> > New Revision: 532463
> > URL: https://svnweb.freebsd.org/changeset/ports/532463
> > 
> > Log:
> >    Attempt number 2 to fix the vuxml build.
> >    Sponsored by:	Rubicon Communications, LLC (netgate.com)
> > 
> > Modified:
> >    head/security/vuxml/vuln.xml
> > 
> > Modified: head/security/vuxml/vuln.xml
> > ==============================================================================
> > --- head/security/vuxml/vuln.xml	Wed Apr 22 10:36:57 2020	(r532462)
> > +++ head/security/vuxml/vuln.xml	Wed Apr 22 10:44:59 2020	(r532463)
> > @@ -96,7 +96,6 @@ Notes:
> >   	<name>FreeBSD</name>
> >   	<range><ge>12.1</ge><lt>12.1_4</lt></range>
> >   	<range><ge>11.3</ge><lt>11.3_8</lt></range>
> > -      </package>
> >   	<name>openssl</name>
> >   	<range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range>
> >         </package>
> 
> I think the right fix here would have been to change </package> to <package>
> (instead of removing it). r532468 removes the openssl versions block
> completely.
> 
> What I saw this morning is that my systems were briefly reporting
> openssl-1.1.1f,1 as vulnerable (1:46am PDT) and then later not vulnerable
> (4:46am).
> 
> I believe the attached patch fixes this.
> 
> 		Craig

> Index: security/vuxml/vuln.xml
> ===================================================================
> --- security/vuxml/vuln.xml	(revision 532491)
> +++ security/vuxml/vuln.xml	(working copy)
> @@ -97,6 +97,10 @@
>  	<range><ge>12.1</ge><lt>12.1_4</lt></range>
>  	<range><ge>11.3</ge><lt>11.3_8</lt></range>
>        </package>
> +      <package>
> +	<name>openssl</name>
> +	<range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range>
> +      </package>
>      </affects>
>      <description>
>        <body xmlns="http://www.w3.org/1999/xhtml">

Please feel free to go ahead and commit your patch, assuming it does not
break the vuxml build.

Glen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20200422/70f48fdd/attachment.sig>

More information about the svn-ports-all mailing list