Bug 262327 - [PATCH] security/meek: update 0.35.0 to 0.37.0
Summary: [PATCH] security/meek: update 0.35.0 to 0.37.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Vinícius Zavam
URL:
Keywords: buildisok, patch, security
Depends on:
Blocks:
 
Reported: 2022-03-03 20:26 UTC by Vinícius Zavam
Modified: 2022-08-07 15:13 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (cs)


Attachments
[PATCH] security/meek: update 0.35.0 to 0.37.0 (4.76 KB, patch)
2022-03-03 20:26 UTC, Vinícius Zavam
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Vinícius Zavam freebsd_committer freebsd_triage 2022-03-03 20:26:32 UTC
Created attachment 232232 [details]
[PATCH] security/meek: update 0.35.0 to 0.37.0

while here,

  - USE_GITHUB=yes [0];
  - update base Golan dependencies;
  - apply backport fix for CVE-2021-34558 on 'utls' [1]
  - goptlib goes from 0.7 to 1.2.0 [2];
  - fix `test` target run [3].

do-test: OK

  # cd /usr/ports
  # make -s -C security/meek clean all stage-qa check-plist test install deinstall reinstall

bulk/testpost OK: 12, 13, main (CURRENT/HEAD)

PS: I would like to adopt the port, should the MAINTAINER approves it :)

---
[0] https://github.com/torbsd/meek/releases/tag/v0.37.0
[1] https://github.com/refraction-networking/utls/commit/0b2885c8c0d4467cfe98136748a9d011d0b8fff0
[2] https://github.com/torbsd/goptlib/tree/v1.2.0
[3] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/40002
Comment 1 Vinícius Zavam freebsd_committer freebsd_triage 2022-03-13 11:56:35 UTC
ping?
Comment 2 Carlo Strub freebsd_committer freebsd_triage 2022-03-19 16:15:23 UTC
Hi,
Thanks a lot for your patch and reminding us of upgrading to 0.37.0. I am happy, if you can help here. However, there is no reason not to get the sources directly from upstream. So, would you mind updating your patch with upstream sources? Otherwise, I am happy to do it myself.
Comment 3 Vinícius Zavam freebsd_committer freebsd_triage 2022-03-20 12:07:26 UTC
hello there :)

sure, if you can make it work getting directly from Tor Project's cgit/gitweb that would be great!

we decided to mirror that under @torbsd on GitHub based on the fact I'm part of the project myself and am able to manage the repository there. nothing special.

thanks for the feedback!
Comment 4 Vinícius Zavam freebsd_committer freebsd_triage 2022-04-24 13:34:11 UTC
no success on the wished outcomes; please consider using this current patch instead -- upstream did not move its repository to either GitHub or GitLab (it also did not properly tagged recent releases on current MASTER_SITE, which is cgit/gitweb).
Comment 5 Vinícius Zavam freebsd_committer freebsd_triage 2022-08-04 11:57:46 UTC
ping?
Comment 6 Philip Paeps freebsd_committer freebsd_triage 2022-08-07 03:29:40 UTC
security@ is an alias for security-officer@.  The security-officer is not responsible for this port.  You don't need our maintainer-feedback.

Having said that, the diff looks sensible.
Comment 7 commit-hook freebsd_committer freebsd_triage 2022-08-07 15:13:25 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9273a07f860ab1959d23216a84a836b6a2a9ee2e

commit 9273a07f860ab1959d23216a84a836b6a2a9ee2e
Author:     Vinícius Zavam <egypcio@FreeBSD.org>
AuthorDate: 2022-08-07 15:06:57 +0000
Commit:     Vinícius Zavam <egypcio@FreeBSD.org>
CommitDate: 2022-08-07 15:06:57 +0000

    security/meek: update 0.35.0 to 0.37.0

      bulk/testpost OK: 12, 13, main (CURRENT/HEAD)

      while here,

      - USE_GITHUB=yes (follows upstream);
      - update base Golan dependencies;
      - apply backport fix for CVE-2021-34558 on 'utls';
      - goptlib goes from 0.7 to 1.2.0;
      - fix `test` target run;
      - maintainer reset, after long time hiatus in Bugzilla (6months+).

    PR:             262327
    Reported by:    egypcio@
    Security:       CVE-2021-34558
    Approved by:    philip@

 security/meek/Makefile | 47 ++++++++++++++++++++++-------------------------
 security/meek/distinfo | 30 +++++++++++++++---------------
 2 files changed, 37 insertions(+), 40 deletions(-)