From nobody Fri Aug 01 09:43:47 2025 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4btgxv5Bv9z63hXW; Fri, 01 Aug 2025 09:43:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4btgxv314fz44Yb; Fri, 01 Aug 2025 09:43:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754041427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3Vc/dKCnEksOM371k4sIEAlmGE4AN19OlRbNF8DdTQk=; b=t7avboNXH2zOOLvfD5aJxAFbv+LlemExf54p51+Aaoly/PDj3PegEhd/i5tRwJ4caocLo9 F+7Rwo+814xzdtmSvr4iXJm+mCmiOiHa2/OjmHIYkfhgCmKFIWyDyrCvNsAHkPAkvgngGF EjOOXE3u4At84ZoOh+ucwQlnipe6Aub5ZqGiHPWBFMy70Grcyh2gLrHEDcsENgl7650qvO pJKvvIJ87U4/+ryZDv4pZ1iRSmmSvwFexLpGSKqWJnxt3qxZYqeV3fgEmz9hD9o6H+A54n MqxTckqdKD478I+EQKllXWvb5x6cTNVU4EoRb/naHHHKNoqOe3JTfgKOaTEP+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754041427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3Vc/dKCnEksOM371k4sIEAlmGE4AN19OlRbNF8DdTQk=; b=W3AujeKXeqUBailwd7myiDJ702CxVPdSesVDV/3ZSMfbo3SmMCah/cLKvYuf9IjeBxWl8V dOKa1JQsjh+XtEh4KKqeRbC39oMsK5+4CSkcmzt2WZ5mFo1+TK1bBsJUTjD14aBWKILpyW P7Ab8b2MDhfVQrnoYUf/Vn0tPp+f1LQqI9r7o+mYs00QjB3vE7/4EvSsgcq+ST2apwCHF9 cqLszJpDDLVqxj8H1gUoxFhzr6QmCqjLKjF0hn2r4zmzb8bHRdJyqamka1QIFM49+p9Y7v 8R5g9yrL27Ib6ov+6jma1FkmzZjxYBURkGoWmCEyMB9ueXL0+S7wGuLTfnjxRg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754041427; a=rsa-sha256; cv=none; b=jPzhYGYqsz9BpCLigRWN3Oln7RqOeaVUj3t30Hwxz5gua7+tIWRMlOiO2Q24hyW8tFAc0Q spEV0oIqR9Xq4jZkXlvMZjn/U7geCsTsCktWMN5Spgz8WEmJJlaGS2n7gSF/pq2XwlSIDD jYBa5lGBl6UWE5IIwWzHiltBJP64nX6EGv7tarv5npC28oqGBNSsjlSEtN+3zol7tqtLZB bBujmLJHADhhPY+3Zvn3l1aA14AZx6IGiaMwID7Am6cg80czFzEKTZoxIINYUNwHxs8Tt/ ZiJv+1EX1Lt+MSFK7z+6r8IHb5KR2X/posMoB5JLq2OFQ6xlDn6tE/CB40wE5w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4btgxv2c8hzk0K; Fri, 01 Aug 2025 09:43:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5719hlIW034115; Fri, 1 Aug 2025 09:43:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5719hl5L034112; Fri, 1 Aug 2025 09:43:47 GMT (envelope-from git) Date: Fri, 1 Aug 2025 09:43:47 GMT Message-Id: <202508010943.5719hl5L034112@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Andree Subject: git: 7296fd2fe2b0 - main - security/vuxml: clean up sqlite3 version range mess List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7296fd2fe2b0415f31fe4b843f05b942ae8f9819 Auto-Submitted: auto-generated The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=7296fd2fe2b0415f31fe4b843f05b942ae8f9819 commit 7296fd2fe2b0415f31fe4b843f05b942ae8f9819 Author: Matthias Andree AuthorDate: 2025-08-01 09:41:36 +0000 Commit: Matthias Andree CommitDate: 2025-08-01 09:41:36 +0000 security/vuxml: clean up sqlite3 version range mess Several sqlite3 entries mentioned wrong version ranges with respect to PORTEPOCH and/or forgot the linux-*-sqlite or, more recently, linux_base port. While auditing this, I saw several implausible tags that used (greater-than) in ranges where I believe that (greater-or-equal) would be more adequate. Add relevant reminders to vuxml's Makefile. Fix up sqlite3's 2025 entries. linux_base-rl9 currently ships 3.34.1-7.el9_3, see emulators/linux_base-rl9/Makefile.version - I don't know if that's vulnerable or was patched inside Rocky Linux, but let's err on the safe side. I'll leave it up to emulation@ to clean up this particular entry. --- security/vuxml/Makefile | 12 ++++++++++++ security/vuxml/vuln/2024.xml | 7 ++++--- security/vuxml/vuln/2025.xml | 14 +++++++++++++- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/security/vuxml/Makefile b/security/vuxml/Makefile index 56af61aba418..9a3ef8b7a291 100644 --- a/security/vuxml/Makefile +++ b/security/vuxml/Makefile @@ -83,6 +83,10 @@ validate: tidy return 1; \ fi ${PYTHON_CMD} ${FILESDIR}/extra-validation.py ${VUXML_FLAT_FILE} + @${ECHO_CMD} + @${ECHO_CMD} 'Be sure to get versioning right for PORTEPOCH and remember possible linux-* ports!' + @${ECHO_CMD} 'Also, tags are usually wrong in ranges. Use where adequate.' + @${ECHO_CMD} tidy: ${VUXML_FLAT_NAME} @if [ ! -e ${LOCALBASE}/share/xml/dtd/vuxml/catalog.xml ]; \ @@ -93,7 +97,15 @@ tidy: ${VUXML_FLAT_NAME} ${SH} ${FILESDIR}/tidy.sh "${FILESDIR}/tidy.xsl" "${VUXML_FLAT_FILE}" > "${VUXML_FILE}.tidy" newentry: + @${ECHO_CMD} + @${ECHO_CMD} 'Be sure to get versioning right for PORTEPOCH and remember possible linux-* ports!' + @${ECHO_CMD} 'Also, tags are usually wrong in ranges. Use where adequate.' + @${ECHO_CMD} @${SH} ${FILESDIR}/newentry.sh "${VUXML_CURRENT_FILE}" "CVE_ID=${CVE_ID}" "SA_ID=${SA_ID}" + @${ECHO_CMD} + @${ECHO_CMD} 'Be sure to get versioning right for PORTEPOCH and remember possible linux-* ports!' + @${ECHO_CMD} 'Also, tags are usually wrong in ranges. Use where adequate.' + @${ECHO_CMD} .if defined(VID) && !empty(VID) html: work/${VID}.html diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index c824f0b19868..64f19bfb38aa 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -3668,15 +3668,15 @@ sqlite3 - 3.43.03.43.2,1 + 3.43.0,13.43.2,1 linux-rl9-sqlite - 3.43.03.43.2 + 3.43.0,13.43.2,1 linux-c7-sqlite - 3.43.03.43.2 + 3.43.0,13.43.2,1 @@ -3698,6 +3698,7 @@ 2024-01-16 2024-09-29 + 2025-08-01 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index b8d669821d8b..8f68010d3ba5 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -3,8 +3,10 @@ sqlite3 - 3.39.23.41.1 + 3.39.2,13.41.2,1 + @@ -26,6 +28,7 @@ 2025-07-29 2025-07-31 + 2025-08-01 @@ -959,8 +962,16 @@ sqlite3 + 3.50.2,1 + + + linux-c7-sqlite 3.50.2 + + linux_base + 0 + @@ -980,6 +991,7 @@ 2025-07-15 2025-07-23 + 2025-08-01