Created attachment 250116 [details] Patch for sdl2_sound * Use upstream release archive * Backport all upstream commits as of 2024-04-21 except following: 147090c0f029cbc0fed568a6d77d81ef12adc48b 253b00caa6105eb8bc90ce65e750d435c6904244 Fixes a bunch of CVEs and other things Instead of pulling in a bunch of patch files add a bundled version instead Changelog: https://github.com/icculus/SDL_sound/compare/v2.0.2...main
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e81005b3efa4f70e0819a3391597069340aec9de commit e81005b3efa4f70e0819a3391597069340aec9de Author: Dmitry Marakasov <amdmi3@FreeBSD.org> AuthorDate: 2024-04-22 16:09:13 +0000 Commit: Dmitry Marakasov <amdmi3@FreeBSD.org> CommitDate: 2024-04-22 18:20:02 +0000 audio/sdl2_sound: switch to latest upstream commit to include security fixes PR: 278491 Submitted by: diizzy Security: CVE-2023-45676, CVE-2023-45677, CVE-2023-45680, CVE-2023-45681, CVE-2023-45682 Security: 304d92c3-00c5-11ef-bd52-080027bff743 audio/sdl2_sound/Makefile | 3 +++ audio/sdl2_sound/distinfo | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a8b170fac8cbc8afc03645ea2a4a3de1f24e5699 commit a8b170fac8cbc8afc03645ea2a4a3de1f24e5699 Author: Dmitry Marakasov <amdmi3@FreeBSD.org> AuthorDate: 2024-04-22 16:39:15 +0000 Commit: Dmitry Marakasov <amdmi3@FreeBSD.org> CommitDate: 2024-04-22 18:20:02 +0000 security/vuxml: document sdl2_sound vulns PR: 278491 security/vuxml/vuln/2024.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)
Missing USES= pathfix and it's not the latest commit but too late to change that now. -- Installing: /usr/ports/audio/sdl2_sound/work/stage/usr/local/lib/pkgconfig/SDL2_sound.pc ===> File(s) found in lib/pkgconfig while correct path is libdata/pkgconfig Applying fix but consider using USES= pathfix or adjust install path
(In reply to Daniel Engberg from comment #3) > Missing USES= pathfix and it's not the latest commit but too late to change that now. > -- Installing: /usr/ports/audio/sdl2_sound/work/stage/usr/local/lib/pkgconfig/> SDL2_sound.pc > ===> File(s) found in lib/pkgconfig while correct path is libdata/pkgconfig > Applying fix but consider using USES= pathfix or adjust install path That is exactly why I don't add it - framework handles moving pkgconfig files into right location just fine, with no need for extra knobs. Someone should remove this useless and misleading message.
It was added for the exact opposite reason, fix port(s) rather than expecting the framework to silently fix broken ones.
(In reply to Daniel Engberg from comment #5) > It was added for the exact opposite reason, fix port(s) rather than expecting the framework to silently fix broken ones. - You may not call any software which installs pkgconfig files into standard location for pkgconfig files `broken'. - "Fixing" each of these ports is counter-productive and purposeless. If FreeBSD is going to invent its own standards and use custom paths, it should silently adapt port software for these in a centralized way (especially when it's already doing this), for any other way is unreliable and a waste of precious maintainers time. The right solution would obviously instead be to switch to standard paths - we've already done this for info and manpage locations (see https://github.com/freebsd/freebsd-ports/commit/003a571d1d6585196545295efc181514f171c4c4 and related discussion, which also mentions pkgconfig btw) and I don't see why pkgconfig path is any different (apart from that it does not involve base system in any way and thus nothing prevents it to be fixed right away).
It's actually in place in CMake however there's no variable that corresponds for installation of pc files https://gitlab.kitware.com/cmake/cmake/-/blob/master/Modules/FindPkgConfig.cmake?ref_type=heads#L420 Meson for examples handles this just fine