Details

Reviewers

tcberner
tz

Commits

rP474699: devel/upp: update to 11873
rP474697: security/vuxml: add entry for devel/upp

Summary

Sent via PR 227414
Maintainer already timed out

I had to add -msse2 to make it compile in i386

Test Plan

portlint -AC OK
poudriere builds for {10.4,11.1}{amd64,i386}, 12i386 OK
run test in 11.1 amd64 OK

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

fernape created this revision.Jun 26 2018, 6:14 PM

Herald added a subscriber: mat. · View Herald TranscriptJun 26 2018, 6:14 PM

Harbormaster completed remote builds in B17630: Diff 44471.Jun 26 2018, 6:14 PM

You should first commit an entry to vuln.xml: https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html (you can prepare the change in this review here so that it is all together)

There is a shorthand for the Makefile logic: CXXFLAGS_i386= -msse2

Simplify usage of architecture specific CXXFLAGS
Add vuxml entry. There was already an entry for the SQLite sec. advisory. I based mine on that one.

Harbormaster completed remote builds in B17643: Diff 44490.Jun 26 2018, 8:55 PM

mat added inline comments.Jun 27 2018, 11:13 AM

devel/upp/Makefile
132 ↗	(On Diff #44490)	or add `-o -name '*.orig'` to the find(1) speficications just above.

Improve handling of .orig files.

Harbormaster completed remote builds in B17668: Diff 44532.Jun 27 2018, 4:24 PM

fernape marked an inline comment as done.Jun 27 2018, 4:24 PM

tcberner added inline comments.Jun 30 2018, 7:08 AM

security/vuxml/vuln.xml
67 ↗	(On Diff #44532)	^ this would affect the new version too

fernape added inline comments.Jun 30 2018, 9:02 AM

security/vuxml/vuln.xml
67 ↗	(On Diff #44532)	The new version has it fixed with files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

you misunderstood; i mean this

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

1 problem(s) in the installed packages found.

Fix vuxml entry.

Harbormaster completed remote builds in B17767: Diff 44727.Jul 1 2018, 6:32 PM

In D16017#340633, @tcberner wrote:

you misunderstood; i mean this

:O yes, I did! :-)

I fixed the vuxml entry.

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

1 problem(s) in the installed packages found.

Looks good to me.

This revision is now accepted and ready to land.Jul 15 2018, 8:44 AM

Closed by commit rP474699: devel/upp: update to 11873 (authored by fernape). · Explain WhyJul 15 2018, 3:20 PM

This revision was automatically updated to reflect the committed changes.

devel/upp: update to 11873
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 45316

head/devel/upp/Makefile

head/devel/upp/distinfo

head/devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

devel/upp: update to 11873ClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 45316

head/devel/upp/Makefile

head/devel/upp/distinfo

head/devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

devel/upp: update to 11873
ClosedPublic
Actions

Revision Contents
Changeset List