svn commit: r494571 - head/www/mybb

[Jochen Neumeister]

On 04.03.19 11:47, Tobias Kortkamp wrote:
> On Mon, Mar 04, 2019 at 11:45:24AM +0100, Jochen Neumeister wrote:
>> On 04.03.19 11:43, Tobias Kortkamp wrote:
>>> On Mon, Mar 04, 2019 at 10:02:38AM +0000, Jochen Neumeister wrote:
>>>> Author: joneum
>>>> Date: Mon Mar  4 10:02:38 2019
>>>> New Revision: 494571
>>>> URL: https://svnweb.freebsd.org/changeset/ports/494571
>>>>
>>>> Log:
>>>>     in r494382, et to update GH_TAGNAME. This fixes it
>>>>     
>>>>     MFH:		2019Q1
>>>>     Security:	395ed9d5-3cca-11e9-9ba0-4c72b94353b5
>>>>     Sponsored by:	Netzkommune GmbH
>>>>
>>>> Modified:
>>>>     head/www/mybb/Makefile
>>>>     head/www/mybb/distinfo
>>>>     head/www/mybb/pkg-plist
>>>>
>>>> Modified: head/www/mybb/Makefile
>>>> ==============================================================================
>>>> --- head/www/mybb/Makefile	Mon Mar  4 09:45:56 2019	(r494570)
>>>> +++ head/www/mybb/Makefile	Mon Mar  4 10:02:38 2019	(r494571)
>>>> @@ -11,7 +11,7 @@ COMMENT=	PHP-based bulletin board / discussion forum s
>>>>    LICENSE=	GPLv3
>>>>    
>>>>    USE_GITHUB=	yes
>>>> -GH_TAGNAME=	${PORTNAME}_1819
>>>> +GH_TAGNAME=	${PORTNAME}_1820
>>> Do you plan to update vuxml too?  Our mybb-1.8.20 is mybb-1.8.19
>>> in reality which is still vulnerable, but is not marked as such by
>>> pkg audit.
>>>
>>> $ pkg audit mybb-1.8.19
>>> mybb-1.8.19 is vulnerable:
>>> mybb -- vulnerabilities
>>> WWW: https://vuxml.FreeBSD.org/freebsd/395ed9d5-3cca-11e9-9ba0-4c72b94353b5.html
>>>
>>> 1 problem(s) in the installed packages found.
>>>
>>> $ pkg audit mybb-1.8.20
>>> 0 problem(s) in the installed packages found.
>>>
>> 1.8.20 is in vuxml:
>>
>> +	<range><lt>1.8.20</lt></range>
> Yeah, but this entry does not match 1.8.20.  It should be 1.8.20_1
> now (the one with PORTREVISION=1 after the GH_TAGNAME fix), not
> 1.8.20 which is the same as 1.8.19.


args ... you're right. Thanks .... i need more coffee.