Page MenuHomeFreeBSD

devel/upp: update to 11873
ClosedPublic

Authored by fernape on Jun 26 2018, 6:14 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 1, 3:30 PM
Unknown Object (File)
Wed, Nov 27, 3:55 PM
Unknown Object (File)
Wed, Nov 27, 4:30 AM
Unknown Object (File)
Sat, Nov 23, 1:04 PM
Unknown Object (File)
Fri, Nov 22, 5:43 AM
Unknown Object (File)
Nov 10 2024, 3:39 PM
Unknown Object (File)
Nov 10 2024, 12:28 PM
Unknown Object (File)
Nov 10 2024, 9:02 AM
Subscribers

Details

Summary

Sent via PR 227414
Maintainer already timed out

I had to add -msse2 to make it compile in i386

Test Plan
  • portlint -AC OK
  • poudriere builds for {10.4,11.1}{amd64,i386}, 12i386 OK
  • run test in 11.1 amd64 OK

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 17643
Build 17448: arc lint + arc unit

Event Timeline

You should first commit an entry to vuln.xml: https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html (you can prepare the change in this review here so that it is all together)

There is a shorthand for the Makefile logic: CXXFLAGS_i386= -msse2

  • Simplify usage of architecture specific CXXFLAGS
  • Add vuxml entry. There was already an entry for the SQLite sec. advisory. I based mine on that one.
devel/upp/Makefile
132

or add -o -name '*.orig' to the find(1) speficications just above.

Improve handling of .orig files.

security/vuxml/vuln.xml
67

^ this would affect the new version too

security/vuxml/vuln.xml
67

The new version has it fixed with files/patch-uppsrc_plugin_sqlite3_lib_sqlite3.c

you misunderstood; i mean this

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

1 problem(s) in the installed packages found.

you misunderstood; i mean this

:O yes, I did! :-)

I fixed the vuxml entry.

> pkg audit -f security/vuxml/vuln.xml `make -VPKGNAME -C devel/upp`
upp-11873 is vulnerable:
SQLite -- Corrupt DB can cause a NULL pointer dereference
CVE: CVE-2018-8740
WWW: https://vuxml.FreeBSD.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

1 problem(s) in the installed packages found.
This revision is now accepted and ready to land.Jul 15 2018, 8:44 AM
This revision was automatically updated to reflect the committed changes.