From nobody Thu Dec 07 01:10:31 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Slx6Q2WtCz53JK8; Thu, 7 Dec 2023 01:10:54 +0000 (UTC) (envelope-from dan@langille.org) Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Slx6Q1tn5z4TcN; Thu, 7 Dec 2023 01:10:54 +0000 (UTC) (envelope-from dan@langille.org) Authentication-Results: mx1.freebsd.org; none Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailout.west.internal (Postfix) with ESMTP id F324A3200A8B; Wed, 6 Dec 2023 20:10:52 -0500 (EST) Received: from imap42 ([10.202.2.92]) by compute7.internal (MEProxy); Wed, 06 Dec 2023 20:10:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1701911452; x=1701997852; bh=FS VLolw9oyUitrYrzX2RfXUCDJiDOu5xN8nXazxJWXs=; b=Idck/9J1YoMbX7C+sL +h8cPyjj1vrnPHQOnpo8OOGkVvreEUPupr7iQeO+B8VKbbz3/EUl4/kKcAQBpCoq hYibycuEe/iQJBlYOYW4PLGQjrEawkU9/hWvIbcVw22JzxLACjKto89y8XTycKxR OJUSQ4THJr488oMfnpk8iAXMvIh5xgulKYRtLKQolBAHIvBpA5ALyocvqeuyUnVJ IoVQPl4+LbNHl/oZjwhOQj5n1fJ0jNE9JBF19SWASRKIz7TBTLnsRdTOUOHRjDIP EUQZsn0cH85cXpKWZrWFRLOWr/dQTpIj/aS4NgiP8DzuYsL6q3uhCHAkROg7suQm Nb/w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1701911452; x=1701997852; bh=FSVLolw9oyUit rYrzX2RfXUCDJiDOu5xN8nXazxJWXs=; b=2W90/UVgU4+QmqVyv1F58rPDqcQL+ MFzBi/VV64y+ldxKcwmlplKMKq9aXy3vDAdnvyeE6DvpFR5/nlpnI3JtPOsiML5K 2OKqku3MYVNEmKyEfnKwdGNRpZDpj21T1nFttzGs4rB7iI9BoCdCWuAhGpZRg8/Z obVYvKdMYEIp4HpjJTtaxP6XK6D+Sk5XV+mtGb33kMOy/DcWZYJzKC1t2DtCotEh qxCKPV2IlT9+AJDIb0YPj8jmGymGva7LuVlwUu2Yh5hgqpl5BYywwMmTH+rce+zl d03cWIxEVshK//fsJZMIeY1sLXQF91EHPqfg/dwUlIT9ntuf/w/JL+nOg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudekuddgfeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvvefutgesth dtredtreertdenucfhrhhomhepfdffrghnucfnrghnghhilhhlvgdfuceouggrnheslhgr nhhgihhllhgvrdhorhhgqeenucggtffrrghtthgvrhhnpedvtedvgeeghfeuheetgeehje dtuddtjeettdfgfeeltdegjeefiedtgfegffelveenucevlhhushhtvghrufhiiigvpedt necurfgrrhgrmhepmhgrihhlfhhrohhmpegurghnsehlrghnghhilhhlvgdrohhrgh X-ME-Proxy: Feedback-ID: ifbf9424e:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3A4A6BC007C; Wed, 6 Dec 2023 20:10:52 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-1178-geeaf0069a7-fm-20231114.001-geeaf0069 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Message-Id: <01372e6b-0e2d-4249-9f36-fdb24b380c71@app.fastmail.com> In-Reply-To: References: <202312052304.3B5N4IOf078862@gitrepo.freebsd.org> <4c967ca4-bfa1-4e30-b330-feb94d6c765b@app.fastmail.com> <38DAC2D1-58B0-43C5-9F1E-97281068AFD5@freebsd.org> Date: Wed, 06 Dec 2023 20:10:31 -0500 From: "Dan Langille" To: "Philip Paeps" Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05 Content-Type: text/plain X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4Slx6Q1tn5z4TcN On Wed, Dec 6, 2023, at 7:52 PM, Philip Paeps wrote: > On 2023-12-07 08:43:21 (+0800), Dan Langille wrote: >> On Wed, Dec 6, 2023, at 7:34 PM, Philip Paeps wrote: >>> On 2023-12-07 01:37:01 (+0800), Dan Langille wrote: >>>> On Tue, Dec 5, 2023, at 6:04 PM, Philip Paeps wrote: >>>>> The branch main has been updated by philip: >>>>> >>>>> [...] >>>>> >>>>> + >>>>> + FreeBSD-kernel >>>>> + 14.014.0_2 >>>>> + 13.213.2_7 >>>> >>>> [...] >>>> >>>> I hope to avoid a situation where false positives continue until the >>>> user land and kernel are on the patch levels. >>> >>> This is the same problem we've had before, isn't it? >> >> Yes. > > Phew. I was worried I typo-ed something. ;-) > >>> Did we find an >>> actual solution to that, or do we have to wait until the next SA >>> brings >>> the freebsd-version numbers back in line? >> >> The world waited. ;) >> >>> In other words: is there anything I can do, right now, to make this >>> better for you? :-) >> >> It seems there kernel vulns and userland vulns. >> >> Why don't we check them and record them separately? > > I already record them separately in vuxml. If a vulnerability only > affects userland, I record FreeBSD[...]. > If the kernel is affected I record > FreeBSD-kernel[...]. > > Hmm ... is that the problem? Should I set the versions to the *kernel* > patch level for FreeBSD-kernel vulnerabilities? First, let's test if that fixes it. This fixes it for me: 13.213.2_4 given: [1:08 r730-03 dvl ~] % freebsd-version -ukr 13.2-RELEASE-p4 13.2-RELEASE-p4 13.2-RELEASE-p7 [sorry previous message went out too soon] > Is something going to > get upset if I change the most recent entry to 12.2_4? That I don't know. VUXML entries have AMENDED values don't they? -- Dan Langille dan@langille.org