wordpress -- multiple issues
ClosedPublic
Actions

Authored by joneum on Nov 1 2017, 6:40 PM.

Details

Reviewers

tcberner
tz
rene
joneum

Commits

rP453317: Document wordpress issues

Summary

Document wordpress issues

Approved by: xxx (mentor)
#Differential Revision: https://reviews.freebsd.org/Dxxxxx

Diff Detail

Repository

rP FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 12384
Build 12661: arc lint + arc unit

Event Timeline

joneum created this revision.Nov 1 2017, 6:40 PM

Herald added a subscriber: mat. · View Herald TranscriptNov 1 2017, 6:40 PM

tcberner added inline comments.Nov 1 2017, 6:48 PM

security/vuxml/vuln.xml
61	indentation?

joneum added inline comments.Nov 1 2017, 6:49 PM

security/vuxml/vuln.xml
61	???

tcberner added inline comments.Nov 1 2017, 6:55 PM

security/vuxml/vuln.xml
61

update

Harbormaster completed remote builds in B12379: Diff 34630.Nov 1 2017, 8:29 PM

tcberner added inline comments.Nov 1 2017, 8:32 PM

security/vuxml/vuln.xml
72	^ it puts the url in the basket

.......

tcberner added inline comments.Nov 1 2017, 8:49 PM

security/vuxml/vuln.xml
66	^ you have to respect PORTEPOCH 5 PORTVERSION= 4.8.2 6 PORTEPOCH= 1 https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html: `The version ranges have to allow for PORTEPOCH and PORTREVISION if applicable. Please remember that according to the collation rules, a version with a non-zero PORTEPOCH is greater than any version without PORTEPOCH, for example, 3.0,1 is greater than 3.1 or even than 8.9.`

You need the ",1" in the <lt>

#  pkg audit -f security/vuxml/vuln.xml wordpress-4.8.2,1
wordpress-4.8.2,1 is vulnerable:
wordpress -- multiple issues
WWW: https://vuxml.FreeBSD.org/freebsd/cee3d12f-bf41-11e7-bced-00e04c1ea73d.html

1 problem(s) in the installed packages found.

 #  pkg audit -f security/vuxml/vuln.xml wordpress-4.8.3,1
0 problem(s) in the installed packages found.

otherwise you'll still have

#  pkg audit -f security/vuxml/vuln.xml wordpress-4.8.2,1
0 problem(s) in the installed packages found.

joneum added inline comments.Nov 1 2017, 8:54 PM

security/vuxml/vuln.xml
66	https://svnweb.freebsd.org/changeset/ports/450900

......

Macro shipit:

This revision is now accepted and ready to land.Nov 1 2017, 9:13 PM

joneum closed this revision.Nov 1 2017, 9:28 PM

Looking at your commit for the wordpresses, I noticed, that this needs some more wokr, as not all the wordpress ports have PORTEPOCH. This will be fun :)

tcberner reopened this revision.Nov 1 2017, 9:39 PM

This revision is now accepted and ready to land.Nov 1 2017, 9:39 PM

Can you look into ports r435685 how it was done there?
To handle the different worpdress ports properly -- sorry, I did not catch that earlier.

Looking at the pkgnames

zh-wordpress-zh_CN-4.8.1
zh-wordpress-zh_TW-4.8.2
fr-wordpress-4.8.3,1
de-wordpress-4.8.3
ja-wordpress-4.8.3
ru-wordpress-4.8.3
wordpress-4.8.3,1

you could probably do something like

63     <affects>
64       <package>
65         <name>wordpress</name>
66         <name>fr-wordpress</name>
67         <range><lt>4.8.3,1</lt></range>
68       </package>
69       <package>
70         <name>de-wordpress</name>
71         <name>ja-wordpress</name>
72         <name>ru-wordpress</name>
73         <range><lt>4.8.3</lt></range>
74       </package>
75     </affects>

This revision now requires changes to proceed.Nov 1 2017, 10:30 PM

tz added inline comments.Nov 2 2017, 9:29 AM