*sigh*Ber nard
@brnrd@bsd.network
(Free)BSD, security, Libre-/OpenSSL, tinkering by night.
Bored-out Security Architect by day.
Running, swimming, cycling, hiking when I have the time and energy.
Posts
Latest notes
@distrowatch @grahamperrin @kaidenshi that's not supposed to happen. Any security fix is expected to be merged into quarterly.
If it's not, or if the vuln is disclosed after the port is updated, a PR should fix that.
The vuln should be registered in vuxml, also possibly prompting quarterly merge.
@dch @distrowatch @grahamperrin @kaidenshi
Well aware of that...
I do my best for the ports I maintain, and for ports I'm using I will create vuxml entries.
The vuxml entry creation is right pain, we could do with a more streamlined solution (only ref. to external vulnerability db?) to make things easier.
If you can create something that parses https://www.oracle.com/security-alerts/cpuapr2026.html, filters all MySQL Server and Client related vulns and populates the vuxml entry, that'd be something the port maintainer (@joneum) could use.
What I really meant is something to replace the vuxml process. Wasn't there something going on in the project about this exact issue?
I would be looking for something that pulls the info from an external resource, allows the port maintainer to filter out entries that don't apply on FreeBSD, and push it to something that's easy to query. The whole blockquote part in vuxml is duplication of effort, unnecessary in my view, unless the vuln is FreeBSD specific and not available in an external registry.
CVE? -> Look up in CVE databases
GHSA? -> Look up in Github
...?
@dch @joneum and myself have a tough job maintaining the MySQL and MariaDB ports. There are multiple versions to maintain, they're big, have loads of options and dependencies, take long to build, ...
Having a cumbersome vuln registration process just isn't helping. The vuln registration must happen prior to updating (actually committing) the port so you have the vulnid from vuxml.
@feld blogpost?
Pretty-please 
@feld look for messages on freebsd-stable@ and chime in!
@feld Really hope rge(4) makes it into 15.1 so I can sunset the realtek-rge-kmod port soon... So far, not in stable/15 
https://github.com/freebsd/freebsd-src/tree/stable/15/sys/dev
@feld Any luck with if_rge?
@feld Mine is a GMKTec M5 Plus https://www.gmktec.com/products/amd-ryzen-7-5825u-mini-pc-nucbox-m5-plus
if_rge(4) hopefully works for you too!
@feld if it's anything like the one I have, it most definitely will!
@feld net/realtek-rge-kmod ?
I have a GMKtec M5+ with AMD 5825U and 2 Realtek NICs, the port is of the rge(4) in base. Hopefully lands in 15-stable in time for releng/15.1