Created attachment 233574 [details] databases/hiredis: Update to 1.0.2 The current version of databases/hiredis in ports is both ancient and vulnerable (see [1]). The attached patch should update our port to the most recent release. I've also added and enabled an openssl option by default and added a test target (which requires a running redis server to pass completely). The port builds and passes testing here, but I'd be grateful for any feedback. I also think that we might need some additional QA for ports depending on this one, as it's a big jump with at least a few breaking changes (see the upgrading notes in [2]). At least databases/py-hiredis will also require updating to still build with this new version and I'll submit an update for this in as an independent issue. I'll also submit a vuxml entry as a seperate issue. Cheers, Sascha [1] https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 [2] https://github.com/redis/hiredis/blob/master/README.md
For quick reference: I've filed the vuxml entry as bug 263648. :)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=ea22326bc83adc9044979bdb6887270ecc57e718 commit ea22326bc83adc9044979bdb6887270ecc57e718 Author: Jimmy Olgeni <olgeni@FreeBSD.org> AuthorDate: 2022-04-29 13:59:14 +0000 Commit: Jimmy Olgeni <olgeni@FreeBSD.org> CommitDate: 2022-04-29 19:35:58 +0000 databases/hiredis: update to version 1.0.2 PR: 263647 Reported by: Sascha Biberhofer Security: CVE-2021-32765 databases/hiredis/Makefile | 10 ++++++++-- databases/hiredis/distinfo | 5 +++-- databases/hiredis/pkg-plist | 8 +++++++- 3 files changed, 18 insertions(+), 5 deletions(-)
Good to go :)