Bug 215800 - irc/irssi: Update to 0.8.21 (Security fixes)
Summary: irc/irssi: Update to 0.8.21 (Security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Vanilla I. Shu
URL: https://irssi.org/security/irssi_sa_2...
Keywords: patch, security
Depends on: 215801
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-05 17:19 UTC by VK
Modified: 2017-01-08 15:01 UTC (History)
3 users (show)

See Also:
vlad-fbsd: maintainer-feedback+
vanilla: merge-quarterly+


Attachments
bump irssi to 0.8.21 (886 bytes, patch)
2017-01-05 17:19 UTC, VK
vlad-fbsd: maintainer-approval? (vanilla)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2017-01-05 17:19:55 UTC
Created attachment 178547 [details]
bump irssi to 0.8.21

Multiple vulnerabilities have been found in Irssi and fixed with upstream version 0.8.21. The patch here bumps to that version.

* Irssi SA:
  https://irssi.org/security/irssi_sa_2017_01.txt

* Upstream release:
  https://github.com/irssi/irssi/commit/7cac354161a8914712264408347a9a2882aab22f

The changes are security fixes only and are OK to be MFH'd.

* Poudriere build test 11.0, amd64: OK
* Poudriere build test 10.3, amd64: OK

Tested also the builds of chinese/irssi port.
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-01-06 03:46:18 UTC
A commit references this bug:

Author: vanilla
Date: Fri Jan  6 03:45:12 UTC 2017
New revision: 430686
URL: https://svnweb.freebsd.org/changeset/ports/430686

Log:
  Update to 1.0.0, also remove deprecated configure options.

  PR:		215800
  Submitted by:	vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com>
  MFH:		2017Q1

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
  head/irc/irssi/files/patch-configure
  head/irc/irssi/files/patch-configure.ac
  head/irc/irssi/pkg-plist
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-01-06 04:01:31 UTC
A commit references this bug:

Author: vanilla
Date: Fri Jan  6 04:00:50 UTC 2017
New revision: 430688
URL: https://svnweb.freebsd.org/changeset/ports/430688

Log:
  MFH: r430686

  Update to 1.0.0, also remove deprecated configure options.

  PR:		215800
  Submitted by:	vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com>

  Approved by:	ports-secteam@ (junovitch@)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/irc/irssi/Makefile
  branches/2017Q1/irc/irssi/distinfo
  branches/2017Q1/irc/irssi/files/patch-configure
  branches/2017Q1/irc/irssi/files/patch-configure.ac
  branches/2017Q1/irc/irssi/pkg-plist
Comment 3 VK freebsd_triage 2017-01-06 15:33:57 UTC
Please note: my submission was to update to 0.8.21 so that could be merged to quarterly as it's only a security fix. Upgrade to 1.0.0 was NOT requested nor submitted by me, and has broken Quarterly's promise of bugfix/security fix only.

In addition, it appears some irssi plugins are now broken: please see bug #215829.

I'm reopening for further consideration to revert the change in 2017Q1, to minimize damage before more people start installing it.

(also, with my triage hat on, please don't forget to mark merge-quarterly and maintainer-feedback flags as done)
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-01-07 23:07:59 UTC
A commit references this bug:

Author: junovitch
Date: Sat Jan  7 23:07:47 UTC 2017
New revision: 430844
URL: https://svnweb.freebsd.org/changeset/ports/430844

Log:
  Tag irssi entry with assigned CVEs, while here wrap at 80 and reference PR

  PR:		215800
  Security:	CVE-2017-5193
  Security:	CVE-2017-5194
  Security:	CVE-2017-5195
  Security:	CVE-2017-5196
  Security:	https://vuxml.FreeBSD.org/freebsd/3d6be69b-d365-11e6-a071-001e67f15f5a.html

Changes:
  head/security/vuxml/vuln.xml
Comment 5 commit-hook freebsd_committer freebsd_triage 2017-01-08 01:37:59 UTC
A commit references this bug:

Author: vanilla
Date: Sun Jan  8 01:37:34 UTC 2017
New revision: 430851
URL: https://svnweb.freebsd.org/changeset/ports/430851

Log:
  Downgrade to 0.8.21.

  PR:		215800
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
  head/irc/irssi/files/patch-Makefile.in
  head/irc/irssi/files/patch-configure
  head/irc/irssi/files/patch-perl-Makefile
  head/irc/irssi/files/patch-src_core_network-openssl.c
  head/irc/irssi/pkg-plist
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-01-08 01:40:03 UTC
A commit references this bug:

Author: vanilla
Date: Sun Jan  8 01:39:30 UTC 2017
New revision: 430852
URL: https://svnweb.freebsd.org/changeset/ports/430852

Log:
  MFH: r430851

  Downgrade to 0.8.21.

  PR:		215800
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/irc/irssi/Makefile
  branches/2017Q1/irc/irssi/distinfo
  branches/2017Q1/irc/irssi/files/patch-Makefile.in
  branches/2017Q1/irc/irssi/files/patch-configure
  branches/2017Q1/irc/irssi/files/patch-perl-Makefile
  branches/2017Q1/irc/irssi/files/patch-src_core_network-openssl.c
  branches/2017Q1/irc/irssi/pkg-plist
Comment 7 VK freebsd_triage 2017-01-08 14:26:21 UTC
Thanks. Please set merge-quarterly(+) flag, I don't have permission to.