From owner-freebsd-ports@freebsd.org Sun May 24 13:16:50 2020 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2A15932DE06 for ; Sun, 24 May 2020 13:16:50 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from mail.bithabitat.de (mail.bithabitat.de [84.200.61.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49VLNK12NNz41tn for ; Sun, 24 May 2020 13:16:48 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: (qmail 86784 invoked from network); 24 May 2020 13:16:47 -0000 Received: from mail.bithabitat.de (HELO mail.bithabitat.de) (erdgeist@erdgeist.org) by mail.bithabitat.de with ESMTPS (ECDHE-RSA-AES128-GCM-SHA256 encrypted); 24 May 2020 13:16:47 -0000 Subject: Re: looking for committer, fixing qmail RCE To: Kurt Jaeger Cc: freebsd-ports References: <31f3ecf4-0dc5-def9-e240-6661e319a533@erdgeist.org> <20200524130055.GC39563@home.opsec.eu> From: Dirk Engling Autocrypt: addr=erdgeist@erdgeist.org; keydata= mQINBFjRKwsBEAC/F5QZPccZbcCuGmMG5TvjNSeaAZcRJSxKEC4hz8OPYyaPdxnFyq8qoeAB 9ou6oqmdBoNfkZHuByC9fZ2aa7OB1RKIKcwGanb1yp86Re4BZWtGXbXODGCR1I98E7z9klNM ZP8OQrPhi8GijpsWMOr6LDNEg/nWpnhMaGBvyrDTLzzm0u5w8cNWv/A+khQWIJPwR1sS+Jy/ 3aqiNTlkpweR/v6ElXcipKz4Ki/SYwmEfiYkicm63JRRetXu5s8+HTNMwJvfb+rb3e0TaHPL J1Wu68PFf8vogGBIOJIDRJBgmYOX7P4dTPJS7Xe99JUbUWEs0wlEWuv/5GU/QPfTBoBgCGG5 EGEc8SDEBMjef5O2RUubBxYgMSvw1ermYuonoNrBCqQh7Lj7aWEk0CwDj31hul52uGZneAEO TG1fg85S3h5vIRgwwBHbPkH+3HFLeCplmFeyR+wPNU6OulAOHvXLH1U+7yESMY4uN7Y95u+l MgVfIpLbGwfgOdmlVssqF5aSL0ScvMm0eoLToTYBroNwQ94M6as18ltQPIVsMMUlbwzzf8eo mBe56imYwtrqjKtAsqgwWNz42FqLq3mZC29zIdjGdwf8yPFnyvKK7CLyKT+Uir05YVc8Gw2P 0cuQ3WLlbQ6J8i1HpHFHPB0HaZx1YcaV65M9U+DgJDam+0JJzQARAQABtCREaXJrIEVuZ2xp bmcgPGVyZGdlaXN0QGVyZGdlaXN0Lm9yZz6JAkIEEwEIACwCGwMFCQeGH4AHCwkIBwMCAQYV CAIJCgsEFgIDAQIeAQIXgAUCWNErXAIZAQAKCRDy9hMrwy+yn2OYD/4kcNTqYd55y9axC3gD XQYNEttdWzC+OaTn5VeW82KKd3IGeO0oRjxi4FxfTyYH9qhk6rOnG0OdH/mYywEp1cNwOKAA hlumuQKFoKPxaQxIP+VTmp06BWLov46fWE+5hZNdoDawii6LRJ+sKK84nx9Y8v6Jb5IWeGcu PWhRIdqew6j9WJgWKa5cuVgj+h7/n0/4P3CcjhH2sXUs1Fw80xXfsTGNA4emAHf1xelplj+8 LUgK9VOftuuWsmSZtg7PzsgWcEAwVwxJQCUj7pwKGitBq4rOLMXV39aC7Spmz8oif/HBOmI2 BbM527xI36D6r6/S0Y1RqWqBZAOP7qslkG/wYcjd1wt+qKrRZUeeuO86U5/6vuKtO2a3Gyaj RbGQoxFiHNjZY18svcPqloT5geqCTfZDpZIz5zUj7mcBKPmbA1pO0nvg2ly7JaqdIeyZCdX2 +iYxuwbMesKQfB5GSF7oOOuWKOBDB9WH+8F+fKXJf++86eUqfcrHpNK6kXXVnrAh7QE7yWYq 5oONAH4iazX/7PSsOcOJuKyQCHmtEBgo83rb6H7hVMu6U+7SeVVslXv6aZQ0fF1YQ3dqAqoB 1QQIa4YLN0l60T4fHQqQmruzo4HtLvPEfq8rfL10fvEs45A/DsfMIsiRCzJTOoMTZ/hDYytr TzwR+KgcpM/8z4pMHbkCDQRY0SsLARAA0EG3+5KajPEkZr+YwTpuHKlC/9zwsrFlslep2Wr+ uQYvN5FH878aft0al25Arhx66Ac30hCTTqwA3ixa8AiwkF8sPhPhFKcEIDkWQvfNE5CA+Ljg h2Baeo6YizYRk6uoeHW8onYFvewIba4rsjpGClU6mzV9sP0VqJ2SZI/gUf+sL4vMHeEcnsX2 ipmKvtR5hsBWTS2ttobxLgNZBlQUuMaZHGUw9drG7AILjFrPnPp3nFIvYhT4zHqjqRhuyfcr 6SBO7bBPJJs82szrOa6pz8Bi4n6L6WhXRahnZsIfMYIXoczW4OvmCWdrX3oy8NqlD/SkxbwG 1jrIsdQQD5ecwsF94PvNpY53pXWIcZUCGzTzHVnZbAPvfNZgTpXLTf6Z6XvTxT/6fqbs7HjY KieZSsedg4fVHCGDADiRONHMnmqlkgyQ8PD0tIIT21GQaX6yrqnLlny/A2GpfygwkLz1LSCR 857633U6kMOYEqwE0SisTa6viugHfeA/9UEzU413KbEvIQA/UKPT1QWcN5Bln8iDFjlovE2g WKMwf93oOP0+uNcPIVdWcybWVyLh2qkCMpi/4gTq/+C8SrbMU5OKRrVuPBkjRwtukuOdVazA trB39wzQszsbEkFKuLXcroe+BAUIuJCIh+HK7UJcKeyYDJxSdnWucbHU7JUorkYEhq0AEQEA AYkCJQQYAQgADwUCWNErCwIbDAUJB4YfgAAKCRDy9hMrwy+yn8e+EACOc04tHvoO2piSmi0M bE3t7WadMseeP2LyVpZmttAauSmi00gLNXS6YSQsnNWsQ+JcEJfUdZOvrDREwqkCxKyhrU/9 hCJVruQzb8YHJsDHQPAc+BTvbVR8dlc/vUQyHuA8x2CjTGjybspyGTnDOY10f49Yc2MPeTeF x7Tsc4mnPQVHKWuBmfAVdM8OlDMCS5Q0C6dsb3nPrCJjYTwcsrT94gd6ra9xHF9bLQQO52VZ Vze7PZ10SJxoy7ry09au8mW0Q4PBtEvcra02TipeiaIzdMmt+X8l5HL3Vba60l9zHnr+I4Jx TpP/8i8Bm95W+7sNWUcIjRJGl1iif/CiaGp8PVyprTjrqYFzjSHkDdbm/tOekTQU6h0f+Clp t96h4qu8fLNdw/HLp+BCYnYwF37sgWY95Qw1cqmL21R9RDBArFJrlm2N1l8YZdw6jk35Bcbu H84H7Rwm7a5vmHIa9bH2WNz1ml34pPITuMMG85abF/dVEf81+zaW12VDzs43hZiaYieWrAQe A2/JSgdDGIPZx68Ysw5kojw53TC9/w3tMyIx82JgbvbbgY7gqsfPW0bv5B79mJeE3tUpDDPO Nl7VAtqnOWvPbbQFdOTMZz36Y/WBolx/bOqglPIGHHRt6t0i9LupLluhuIDSCQk7hOaQorSf YmbwUxzknuL+GhEDnw== Message-ID: <45c17003-42bc-a8fd-6707-815215ff67d5@erdgeist.org> Date: Sun, 24 May 2020 15:16:46 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <20200524130055.GC39563@home.opsec.eu> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 49VLNK12NNz41tn X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of erdgeist@erdgeist.org has no SPF policy when checking 84.200.61.29) smtp.mailfrom=erdgeist@erdgeist.org X-Spamd-Result: default: False [0.80 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.25)[0.254]; NEURAL_HAM_LONG(-0.38)[-0.381]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[erdgeist.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.03)[0.026]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:31400, ipnet:84.200.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 May 2020 13:16:50 -0000 On 24.05.20 15:00, Kurt Jaeger wrote: >> This PR was two months old, before recently an RCE was discovered that >> would very much like to see fixed in ports. Sure, was already at it, then I stumbled about the syntax for how to report what combination of version and PORTREVISION to report for slave ports, as they don't follow the same numbering scheme. These are the port versions / revision not affected anymore qmail-1.06_5 qmail-tls-1.06_3 qmail-mysql-1.06_2 Am I supposed to bump all PORTREVISION to the same number or do I have to add entries for each slaveport? The section doesn't seem to have a concept of different version for slave ports. Best erdgeist