vuxml – FreshPorts News

Tracking down Wide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232

Leave a Comment / Bug fixes, vuxml / By Dan Langille

I noticed this today: root 58697 0.0 0.0 10680 2180 – IJ 12May20 0:00.00 /usr/local/bin/readproctitle service errors: …/site_perl/FreshPorts/vuxml_parsing.pm line 232, chunk 1.\nWide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232, chunk 1.\nWide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232, chunk 1.\nUndefined subroutine &FreshPorts::CommitterOptIn::RecordErrorDetails called at ./process_vuxml.pl line 124, chunk 1.\n I should monitor that process better. …

Tracking down Wide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232 Read More »

Details of the vuxml processing problem

Leave a Comment / Bug fixes, Development, vuxml / By Dan Langille

For several weeks, FreshPorts had a vuxml processing problem. In this blog post, I will share what I found. Introduction Incoming events for FreshPorts are handled by a small Python script which checks for flags and incoming commits. This ensures that work is carried out serially because parallel work can have unintended consequences. After each …

Details of the vuxml processing problem Read More »

Updates to vuxml ranges fails

1 Comment / Bug fixes, Development, PostgreSQL, vuxml / By Dan Langille

If a vuxml entry is updated, and the ranges change, those changes are not recorded in FreshPorts. This came to my attention from the FreeBSD Security team. They noticed that for the recent Oracla Java vuln FreshPorts had all versions for > 7. It boiled down to this: http://www.freshports.org/vuxml.php?vid=16846d1e-f1de-11e1-8bd8-0022156e8794 [1] differs from this: http://www.vuxml.org/freebsd/16846d1e-f1de-11e1-8bd8-0022156e8794.html [2] …

Updates to vuxml ranges fails Read More »

mail/horde4-imp vulnerability

Leave a Comment / Bug fixes, Development, PostgreSQL, vuxml / By Dan Langille

Mr Thomas wrote me regarding mail/horde4-imp and a particular vulnerability. Specifically, he figured that a recent commit (link to mail archives) fixed a bad entry in vuxml. Let’s look into that now. I first compared dev, beta, and production. All three had the port flagged as vulnerable. This situation is indicated by a skull at …

mail/horde4-imp vulnerability Read More »

vuxml issue – vulnx.txt did not contain UTF-8

Leave a Comment / Bug fixes, Sanity Tests, vuxml / By Dan Langille

A few days ago, I noticed portaudit telling me about a few things that needed to be updated: # portaudit Affected package: rubygem-rails-1.2.3 Type of problem: rubygem-rails — session-fixation vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/30acb8ae-9d46-11dc-9114-001c2514716c.html> Affected package: rubygem-rails-1.2.3 Type of problem: rubygem-rails — JSON XSS vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/44fb0302-9d38-11dc-9114-001c2514716c.html> Affected package: rubygem-activesupport-1.4.2 Type of problem: rubygem-rails — JSON XSS …

vuxml issue – vulnx.txt did not contain UTF-8 Read More »

List the vulnerabilities for this port

Leave a Comment / Announcements, vuxml / By Dan Langille

The previous post was based on a question from Martin Wilke, who was looking for a vuxml entry against phpMyAdmin. We eventually found it. It had the wrong dates but it was found. Martin corrected the problem with a followup commit. This incident prompted me to make a couple of changes to FreshPorts with respect …

List the vulnerabilities for this port Read More »

Vulnerabilities – finding them easily (vuxml)

Leave a Comment / vuxml / By Dan Langille

This isn’t about detecting vulnerabilities. It is about finding vulnerabilities that others have already reported. Background reading: FreeBSD Porter’s Handbook: Keeping the community informed FreeBSD VuXML Here are the various vuxml pages provided by FreshPorts: The latest vulnerabilities are listed on the home page A complete list of all vulnerabilities by date A complete list …

Vulnerabilities – finding them easily (vuxml) Read More »

vuxml – fix

Leave a Comment / Bug fixes, vuxml / By Dan Langille

This isn’t so much a fix for the vuxml problem mentioned previously as it is a fix for properly detecting and reporting fetch errors. The patch is pretty simple: $ cvs di -u utilities.pm Index: utilities.pm =================================================================== RCS file: /home/repositories/freshports-1/scripts/utilities.pm,v retrieving revision 1.16 diff -u -r1.16 utilities.pm — utilities.pm 13 Sep 2007 13:01:41 -0000 1.16 …

vuxml – fix Read More »

vuxml configuration still not right

Leave a Comment / Bug fixes, vuxml / By Dan Langille

This morning portaudit told me I needed to upgrade PHP5 on a few servers. Again, I checked FreshPorts to see if a fix was in. Apparently it was. Unfortunately, it was wrong. Checking the version of vuln.xml in the ports tree, I found: $ grep ‘$FreeBSD’ ports/security/vuxml/vuln.xml $FreeBSD: ports/security/vuxml/vuln.xml,v 1.1416 2007/09/11 19:40:02 remko Exp $ …

vuxml configuration still not right Read More »

vuxml – missing configuration items

Leave a Comment / Bug fixes, vuxml / By Dan Langille

After my overnight security report audit came in, I noticed that Apache needed to be upgraded. I went to FreshPorts to see if a fix had been committed. While there, I noticed a lack of vuxml skulls against the latest versions of Apache. Checking the BETA website, I saw it was correctly marked. More digging …

vuxml – missing configuration items Read More »