Details

Reviewers

tcberner
tz

Commits

rP474699: devel/upp: update to 11873
rP474697: security/vuxml: add entry for devel/upp

Summary

Sent via PR 227414
Maintainer already timed out

I had to add -msse2 to make it compile in i386

Test Plan

portlint -AC OK
poudriere builds for {10.4,11.1}{amd64,i386}, 12i386 OK
run test in 11.1 amd64 OK

Diff Detail

Repository

rP FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 17630
Build 17435: arc lint + arc unit

Event Timeline

fernape created this revision.Jun 26 2018, 6:14 PM

Herald added a subscriber: mat. · View Herald TranscriptJun 26 2018, 6:14 PM

Harbormaster completed remote builds in B17630: Diff 44471.Jun 26 2018, 6:14 PM

You should first commit an entry to vuln.xml: https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html (you can prepare the change in this review here so that it is all together)

There is a shorthand for the Makefile logic: CXXFLAGS_i386= -msse2

Simplify usage of architecture specific CXXFLAGS
Add vuxml entry. There was already an entry for the SQLite sec. advisory. I based mine on that one.

Harbormaster completed remote builds in B17643: Diff 44490.Jun 26 2018, 8:55 PM

mat added inline comments.Jun 27 2018, 11:13 AM

devel/upp/Makefile
134	or add `-o -name '*.orig'` to the find(1) speficications just above.

Improve handling of .orig files.

Harbormaster completed remote builds in B17668: Diff 44532.Jun 27 2018, 4:24 PM

fernape marked an inline comment as done.Jun 27 2018, 4:24 PM

tcberner added inline comments.Jun 30 2018, 7:08 AM

security/vuxml/vuln.xml
67 ↗	(On Diff #44532)	^ this would affect the new version too

fernape added inline comments.Jun 30 2018, 9:02 AM

security/vuxml/vuln.xml
67 ↗	(On Diff #44532)	The new version has it fixed with files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

you misunderstood; i mean this

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

1 problem(s) in the installed packages found.

Fix vuxml entry.

Harbormaster completed remote builds in B17767: Diff 44727.Jul 1 2018, 6:32 PM

In D16017#340633, @tcberner wrote:

you misunderstood; i mean this

:O yes, I did! :-)

I fixed the vuxml entry.

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

1 problem(s) in the installed packages found.

Looks good to me.

This revision is now accepted and ready to land.Jul 15 2018, 8:44 AM

Closed by commit rP474699: devel/upp: update to 11873 (authored by fernape). · Explain WhyJul 15 2018, 3:20 PM

This revision was automatically updated to reflect the committed changes.

devel/upp: update to 11873
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 44471

devel/upp/Makefile

devel/upp/distinfo

devel/upp/files/

devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

devel/upp: update to 11873ClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 44471

devel/upp/Makefile

devel/upp/distinfo

devel/upp/files/

devel/upp/files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

devel/upp: update to 11873
ClosedPublic
Actions

Revision Contents
Changeset List