From dan at langille.org Thu Nov 11 04:00:00 2004 From: dan at langille.org (Dan Langille) Date: Thu Nov 11 04:00:02 2004 Subject: wrong package on 282dfea0-3378-11d9-b404-000c6e8f12e Message-ID: <41930DF0.4080.216A293C@localhost> I think vuln 282dfea0-3378-11d9-b404-000c6e8f12ef is spread too wide as it affects only Apache2, but is set to affect apache <=2.0.52_2 But that will mark apache 1 as affected, which it is not. I think that should be apache2 <=2.0.52_2 cheers -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From simon at FreeBSD.org Thu Nov 11 05:37:25 2004 From: simon at FreeBSD.org (Simon L. Nielsen) Date: Thu Nov 11 05:37:28 2004 Subject: wrong package on 282dfea0-3378-11d9-b404-000c6e8f12e In-Reply-To: <41930DF0.4080.216A293C@localhost> References: <41930DF0.4080.216A293C@localhost> Message-ID: <20041111133723.GA3522@zaphod.nitro.dk> On 2004.11.11 07:00:00 -0500, Dan Langille wrote: > I think vuln 282dfea0-3378-11d9-b404-000c6e8f12ef is spread too wide > as it affects only Apache2, but is set to affect apache <=2.0.52_2 > But that will mark apache 1 as affected, which it is not. Indeed it is too broad, and I have just fixed it to only match Apache 2. > I think that should be apache2 <=2.0.52_2 Since the package name of apache2 is "apache" it has to be 2.* < apache <= 2.0.52_2 (or something like that). Thanks for reporting. -- Simon L. Nielsen FreeBSD Security Team -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-vuxml/attachments/20041111/452a6a26/attachment.bin From dan at langille.org Sat Nov 13 06:11:43 2004 From: dan at langille.org (Dan Langille) Date: Sat Nov 13 06:11:46 2004 Subject: wrong package on 282dfea0-3378-11d9-b404-000c6e8f12e In-Reply-To: <20041111133723.GA3522@zaphod.nitro.dk> References: <41930DF0.4080.216A293C@localhost> Message-ID: <4195CFCE.4117.2C2F79CB@localhost> On 11 Nov 2004 at 14:37, Simon L. Nielsen wrote: > > I think that should be apache2 <=2.0.52_2 > > Since the package name of apache2 is "apache" it has to be > 2.* < apache <= 2.0.52_2 (or something like that). The package name is indeed apache. The latest link is apache2. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From dan at langille.org Wed Nov 17 05:19:29 2004 From: dan at langille.org (Dan Langille) Date: Wed Nov 17 05:49:08 2004 Subject: FreshPorts and linking URLs by package name Message-ID: <419B0990.577.4099175C@localhost> Hi folks, beta FreshPorts has a special linking mechanism... http://beta.freshports.org/?package=ABC will show you the package ABC. However, I just noticed that this code uses LATEST_LINK, not PKGNAME. I think the code is wrong. I'm asking for comments here because this linking mechanism was designed with VuXML in mind. I found the issue when looking up ruby. Here is what the database says: freshports.org=# select id, name, category, latest_link, package_name from ports_active where package_name = 'ruby' or latest_link = 'ruby'; id | name | category | latest_link | package_name -------+--------+----------+-------------+-------------- 10419 | ruby18 | lang | ruby-devel | ruby 10838 | ruby16 | lang | ruby | ruby (2 rows) As you can see, latest_link differs for each port, but the package name is the same. Therefore, I think that when you browse to http://beta.freshports.org/?package=ruby, you should be asked which ruby you want. I have made that change in FreshPorts beta (this feature is not yet available in production). Any suggestions/comments, thanks. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From dan at langille.org Wed Nov 17 14:39:56 2004 From: dan at langille.org (Dan Langille) Date: Wed Nov 17 14:39:57 2004 Subject: FreshPorts and linking URLs by package name In-Reply-To: <419B0990.577.4099175C@localhost> Message-ID: <419B8CEB.13115.429A34C8@localhost> On 17 Nov 2004 at 8:19, Dan Langille wrote: > Hi folks, > > beta FreshPorts has a special linking mechanism... > http://beta.freshports.org/?package=ABC will show you the package ABC. > However, I just noticed that this code uses LATEST_LINK, not PKGNAME. > I think the code is wrong. > > I'm asking for comments here because this linking mechanism was > designed with VuXML in mind. > > I found the issue when looking up ruby. Here is what the database > says: > > freshports.org=# select id, name, category, latest_link, package_name > from ports_active where package_name = 'ruby' or latest_link = 'ruby'; > id | name | category | latest_link | package_name > -------+--------+----------+-------------+-------------- > 10419 | ruby18 | lang | ruby-devel | ruby > 10838 | ruby16 | lang | ruby | ruby > (2 rows) > > As you can see, latest_link differs for each port, but the package > name is the same. Therefore, I think that when you browse to > http://beta.freshports.org/?package=ruby, you should be asked which > ruby you want. Given that there are two ports with a package name of 'ruby', I may a change to how this situation is handled. Now when you browse to http://beta.freshports.org/?package=ruby, you will be redirected to http://beta.freshports.org/search.php where the list of ports that have a package name of ruby will be displayed. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From dan at langille.org Thu Nov 18 18:41:08 2004 From: dan at langille.org (Dan Langille) Date: Thu Nov 18 18:41:10 2004 Subject: FreshPorts - VuXML dry run Message-ID: <419D16F3.4430.489D657F@localhost> Hi folks, This weekend I plan to move the VuXML work from beta into production on http://www.freshports.org/. I have done a test run of the migration/update process and the results are available at http://dan.freshports.org/. If you have time, please have a look and see if you notice any problems or issues. Please note: this dry run will not update itself with new commits. Thank you. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From dan at langille.org Sat Nov 20 14:53:15 2004 From: dan at langille.org (Dan Langille) Date: Sat Nov 20 14:53:16 2004 Subject: FreshPorts - VuXML now in production Message-ID: <419F848A.9802.52197E26@localhost> Hi folks, The FreshPorts - VuXML is now in production. My thanks to those that help me with the project. cheers. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/