Date: Mon, 4 Mar 2019 11:47:45 +0100 From: Tobias Kortkamp <tobik@freebsd.org> To: Jochen Neumeister <joneum@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r494571 - head/www/mybb Message-ID: <20190304104744.GA15419@urd.tobik.me> In-Reply-To: <93163fa6-4dd2-d8fe-6a41-9d7b8f7e04ed@FreeBSD.org> References: <201903041002.x24A2c3F085833@repo.freebsd.org> <20190304104300.GA61251@urd.tobik.me> <93163fa6-4dd2-d8fe-6a41-9d7b8f7e04ed@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 04, 2019 at 11:45:24AM +0100, Jochen Neumeister wrote: >=20 > On 04.03.19 11:43, Tobias Kortkamp wrote: > > On Mon, Mar 04, 2019 at 10:02:38AM +0000, Jochen Neumeister wrote: > >> Author: joneum > >> Date: Mon Mar 4 10:02:38 2019 > >> New Revision: 494571 > >> URL: https://svnweb.freebsd.org/changeset/ports/494571 > >> > >> Log: > >> in r494382, et to update GH_TAGNAME. This fixes it > >> =20 > >> MFH: 2019Q1 > >> Security: 395ed9d5-3cca-11e9-9ba0-4c72b94353b5 > >> Sponsored by: Netzkommune GmbH > >> > >> Modified: > >> head/www/mybb/Makefile > >> head/www/mybb/distinfo > >> head/www/mybb/pkg-plist > >> > >> Modified: head/www/mybb/Makefile > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > >> --- head/www/mybb/Makefile Mon Mar 4 09:45:56 2019 (r494570) > >> +++ head/www/mybb/Makefile Mon Mar 4 10:02:38 2019 (r494571) > >> @@ -11,7 +11,7 @@ COMMENT=3D PHP-based bulletin board / discussion for= um s > >> LICENSE=3D GPLv3 > >> =20 > >> USE_GITHUB=3D yes > >> -GH_TAGNAME=3D ${PORTNAME}_1819 > >> +GH_TAGNAME=3D ${PORTNAME}_1820 > > Do you plan to update vuxml too? Our mybb-1.8.20 is mybb-1.8.19 > > in reality which is still vulnerable, but is not marked as such by > > pkg audit. > > > > $ pkg audit mybb-1.8.19 > > mybb-1.8.19 is vulnerable: > > mybb -- vulnerabilities > > WWW: https://vuxml.FreeBSD.org/freebsd/395ed9d5-3cca-11e9-9ba0-4c72b943= 53b5.html > > > > 1 problem(s) in the installed packages found. > > > > $ pkg audit mybb-1.8.20 > > 0 problem(s) in the installed packages found. > > >=20 > 1.8.20 is in vuxml: >=20 > + <range><lt>1.8.20</lt></range> Yeah, but this entry does not match 1.8.20. It should be 1.8.20_1 now (the one with PORTREVISION=3D1 after the GH_TAGNAME fix), not 1.8.20 which is the same as 1.8.19. --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEElXvTEJc6ePgdQuobpPCftzzFH2EFAlx9AlBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk1 N0JEMzEwOTczQTc4RjgxRDQyRUExQkE0RjA5RkI3M0NDNTFGNjEACgkQpPCftzzF H2FVjgf/RFocxUTFWf3pwb3zAon7NjdJIV60UARuQYtmkY/EwId///aF6WKD39h7 eWm130kS6h2bsT85G++OF7/K9gY6JpZ2N8P+eXB/qUuuWqpA7P6zHS5H50FHRcE4 7/xl4uZ2KedKjJolnMfBGvcwc1HjBcNGjFMCw7Nq25IRECjEcwOjBsOcvvmFs7Th 5JMCpfyqu9ZCpEgX+AnSpLHJFwdC/559ctbDT0K8vv3S6qpa/2HfeN6aQXwnMSPP rO5p0XZFVu0gtmZoaqbYeUeJrbdmf3hL/dsPtNP46HzYy+Yh1W+WGSVXB4ykhltm N1rXqTRP2dTHQwDIhr6OiwPEg8Oicw== =gRov -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190304104744.GA15419>