From owner-cvs-ports@FreeBSD.ORG  Mon Sep  5 10:35:45 2011
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A41C7106564A;
	Mon,  5 Sep 2011 10:35:45 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from emx.nitro.dk (emx.nitro.dk [IPv6:2a01:4f8:120:7384::102])
	by mx1.freebsd.org (Postfix) with ESMTP id 4A3CC8FC08;
	Mon,  5 Sep 2011 10:35:45 +0000 (UTC)
Received: from mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4])
	by emx.nitro.dk (Postfix) with ESMTP id 97EEEDB99A;
	Mon,  5 Sep 2011 10:35:44 +0000 (UTC)
Received: from emx.nitro.dk ([127.0.1.2])
	by mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4])
	(amavisd-new, port 10024)
	with LMTP id Gn+n5v2z-Dm6; Mon,  5 Sep 2011 10:35:42 +0000 (UTC)
Received: from [192.168.4.21] (4304ds2-vlb.1.fullrate.dk [90.184.171.166])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by emx.nitro.dk (Postfix) with ESMTPSA id 7A166DB995;
	Mon,  5 Sep 2011 10:35:42 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: text/plain; charset=iso-8859-1
From: "Simon L. B. Nielsen" <simon@FreeBSD.org>
In-Reply-To: <CADLo83_poDk0J2Sfk3dE8WvU8e3J47fewVhTtzLp2DznqEYxeA@mail.gmail.com>
Date: Mon, 5 Sep 2011 12:35:41 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <BBC6000B-0D51-4AD9-BB4C-7D6B3A894696@FreeBSD.org>
References: <201109042015.p84KFqOR005039@repoman.freebsd.org>
	<CADLo83_poDk0J2Sfk3dE8WvU8e3J47fewVhTtzLp2DznqEYxeA@mail.gmail.com>
To: Chris Rees <crees@freebsd.org>
X-Mailer: Apple Mail (2.1244.3)
Cc: cvs-ports@freebsd.org, secteam@freebsd.org, cvs-all@freebsd.org,
	ports-committers@freebsd.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2011 10:35:45 -0000


On 4 Sep 2011, at 22:44, Chris Rees wrote:

> On 4 September 2011 21:15, Chris Rees <crees@freebsd.org> wrote:
>> crees       2011-09-04 20:15:52 UTC
>>=20
>>  FreeBSD ports repository
>>=20
>>  Modified files:
>>    security/vuxml       vuln.xml
>>  Log:
>>  - Document cfs buffer overflow vulnerability.
>>  - While here, unbreak packaudit -- it doesn't like newlines in the
>>    middle of tags.  Perhaps a comment should say something?
>=20
> Actually, that's a bad long-term solution. The real solution would be
> to fix portaudit's XML parser.
>=20
> secteam, would you like me to have a go at it, or shall I let you
> investigate since you know the code?

I would happily accept patches (if they work and don't break things! :-) =
). It's so long ago that I looked at the build code (packaudit) so I =
can't recall how ugly that is.  I just remember portaudit's embedded awk =
in sh makes me want to run away :-).

Portaudit and packaudit haven't really been touched in any significant =
way since eik@ left the project.

-=20
Simon L. B. Nielsen
Hat: FreeBSD Deputy Security Officer