vuxml

vuxml processing broken – files have grown too much

On November 19 2024, these errors appeared on every FreshPorts node: That’s my clue to go look closer as to why the processing failed. This processing is related to the security/vuxml port which documents known vulnerabilities within the FreeBSD ports tree and operating system. This tool helps system administrators identify and patch known problems. The […]

vuxml processing broken – files have grown too much Read More »

Tracking down Wide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232

I noticed this today: root 58697 0.0 0.0 10680 2180 – IJ 12May20 0:00.00 /usr/local/bin/readproctitle service errors: …/site_perl/FreshPorts/vuxml_parsing.pm line 232, chunk 1.\nWide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232, chunk 1.\nWide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232, chunk 1.\nUndefined subroutine &FreshPorts::CommitterOptIn::RecordErrorDetails called at ./process_vuxml.pl line 124, chunk 1.\n I should monitor that process better.

Tracking down Wide character in print at /usr/local/lib/perl5/site_perl/FreshPorts/vuxml_parsing.pm line 232 Read More »

Details of the vuxml processing problem

For several weeks, FreshPorts had a vuxml processing problem. In this blog post, I will share what I found. Introduction Incoming events for FreshPorts are handled by a small Python script which checks for flags and incoming commits. This ensures that work is carried out serially because parallel work can have unintended consequences. After each

Details of the vuxml processing problem Read More »

Updates to vuxml ranges fails

If a vuxml entry is updated, and the ranges change, those changes are not recorded in FreshPorts. This came to my attention from the FreeBSD Security team. They noticed that for the recent Oracla Java vuln FreshPorts had all versions for > 7. It boiled down to this: http://www.freshports.org/vuxml.php?vid=16846d1e-f1de-11e1-8bd8-0022156e8794 [1] differs from this: http://www.vuxml.org/freebsd/16846d1e-f1de-11e1-8bd8-0022156e8794.html [2]

Updates to vuxml ranges fails Read More »

vuxml issue – vulnx.txt did not contain UTF-8

A few days ago, I noticed portaudit telling me about a few things that needed to be updated: # portaudit Affected package: rubygem-rails-1.2.3 Type of problem: rubygem-rails — session-fixation vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/30acb8ae-9d46-11dc-9114-001c2514716c.html> Affected package: rubygem-rails-1.2.3 Type of problem: rubygem-rails — JSON XSS vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/44fb0302-9d38-11dc-9114-001c2514716c.html> Affected package: rubygem-activesupport-1.4.2 Type of problem: rubygem-rails — JSON XSS

vuxml issue – vulnx.txt did not contain UTF-8 Read More »

Vulnerabilities – finding them easily (vuxml)

This isn’t about detecting vulnerabilities. It is about finding vulnerabilities that others have already reported. Background reading: FreeBSD Porter’s Handbook: Keeping the community informed FreeBSD VuXML Here are the various vuxml pages provided by FreshPorts: The latest vulnerabilities are listed on the home page A complete list of all vulnerabilities by date A complete list

Vulnerabilities – finding them easily (vuxml) Read More »

vuxml – fix

This isn’t so much a fix for the vuxml problem mentioned previously as it is a fix for properly detecting and reporting fetch errors. The patch is pretty simple: $ cvs di -u utilities.pm Index: utilities.pm =================================================================== RCS file: /home/repositories/freshports-1/scripts/utilities.pm,v retrieving revision 1.16 diff -u -r1.16 utilities.pm — utilities.pm 13 Sep 2007 13:01:41 -0000 1.16

vuxml – fix Read More »

vuxml configuration still not right

This morning portaudit told me I needed to upgrade PHP5 on a few servers. Again, I checked FreshPorts to see if a fix was in. Apparently it was. Unfortunately, it was wrong. Checking the version of vuln.xml in the ports tree, I found: $ grep ‘$FreeBSD’ ports/security/vuxml/vuln.xml $FreeBSD: ports/security/vuxml/vuln.xml,v 1.1416 2007/09/11 19:40:02 remko Exp $

vuxml configuration still not right Read More »

Scroll to Top