Created attachment 239702 [details] net-mgmt/prometheus2: Update to 2.41.0 This patch updates net-mgmt/prometheus2 to v2.41.0. The changes from v2.39.1 until this version include multiple bugfixes and security fixes. A full changelog is available at: https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md Apologies for the time between updates. My build machine was unwell for a while and I was unable to test newer ports builds. -David
^Triage: Security release, merge to quarterly branch. Thanks! Note to self: VuXML entry for CVE-2022-46146
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=04ccf344372409a68d9293e5b02d3d5804b8591d commit 04ccf344372409a68d9293e5b02d3d5804b8591d Author: David O'Rourke <dor.bsd@xm0.uk> AuthorDate: 2023-01-29 18:43:29 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-30 10:20:13 +0000 net-mgmt/prometheus2: update to 2.41.0 ChangeLog: https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md PR: 269153 Reported by: dor.bsd@xm0.uk (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-46146 net-mgmt/prometheus2/Makefile | 3 +-- net-mgmt/prometheus2/distinfo | 14 +++++++------- 2 files changed, 8 insertions(+), 9 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d93d536bebdd86f952c38a2d68023215fdb43e8a commit d93d536bebdd86f952c38a2d68023215fdb43e8a Author: David O'Rourke <dor.bsd@xm0.uk> AuthorDate: 2023-01-29 18:43:29 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-30 10:23:01 +0000 net-mgmt/prometheus2: update to 2.41.0 ChangeLog: https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md PR: 269153 Reported by: dor.bsd@xm0.uk (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2022-46146 (cherry picked from commit 04ccf344372409a68d9293e5b02d3d5804b8591d) net-mgmt/prometheus2/Makefile | 3 +-- net-mgmt/prometheus2/distinfo | 14 +++++++------- 2 files changed, 8 insertions(+), 9 deletions(-)
Committed and merged to 2023Q1, Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e4bc259a13130d5c9440ee6913b69baab43f48ff commit e4bc259a13130d5c9440ee6913b69baab43f48ff Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2023-01-30 10:16:35 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-30 10:26:13 +0000 security/vuxml: add net-mgmt/prometheus basic authentication bypass CVE-2022-46146 PR: 269153 Reported by: dor.bsd@xm0.uk (maintainer) security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)