Created attachment 173724 [details] v1 patch # Changes - [build] build mruby library handler support by default in FreeBSD port - [fastcgi] setenv should displace HTTP headers #996 (Kazuho Oku) - [http2] fix buffer overrun #972 (Frederik Deweerdt) - [misc] fix build error when libuv is not found #1008 (nextgenthemes) - [misc] fix assertion failure when YAML alias and merge is used in certain way #1011 (Kazuho Oku) # QA - portlint OK (DATADIR & /var/log/${PORTNAME} as usual) - poudriere OK on 11.0-BETA4 # Committers Please include in quarterly (wrt possible buffer overrun in hpack parser)
Thank you Dave. Please: * Separate patches into two: one for the update so it (the security/bugfixes) can be merged, and the other for the feature/options additions * Please QA against all supported versions 9/10/11 and at least each of i386/amd64
Created attachment 173953 [details] v2 patch -- merge to quarterly # v2 patch - revised per koobs@ request to drop option knob - includes only version bump & patch for potential buffer overrun - ready for quarterly merge # QA - portlint as before - poudriere OK on 10_amd64 10.3-RELEASE-p7 10_i386 10.3-RELEASE-p7 11_amd64 11.0-BETA4 9_amd64 9.3-RELEASE-p45 9_i386 9.3-RELEASE-p45
Created attachment 174745 [details] v3 patch solely including upgrade
Created attachment 174753 [details] v4 patch including vuxml.xml entry https://github.com/skunkwerks/ports/commit/da6a5ece75bba819115f540cb28d2b8e4e860fa0.patch # QA - portlint OK - poudriere OK 9_i386 9_amd64 10_i386 10_amd64 11_amd64 includes vuxml entry for 2016-09-14 public release
A commit references this bug: Author: brnrd Date: Wed Sep 14 09:27:14 UTC 2016 New revision: 422122 URL: https://svnweb.freebsd.org/changeset/ports/422122 Log: www/h2o: Update to 2.0.4 (Fixes vulnerability) - Update to version 2.0.4 PR: 211892 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) Reviewed by: brnrd MFH: 2016Q3 Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5 Changes: head/www/h2o/Makefile head/www/h2o/distinfo
A commit references this bug: Author: brnrd Date: Wed Sep 14 09:31:35 UTC 2016 New revision: 422123 URL: https://svnweb.freebsd.org/changeset/ports/422123 Log: security/vuxml: Document www/h2o vulnerability PR: 211892 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) Reviewed by: brnrd MFH: 2016Q3 Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: brnrd Date: Wed Sep 14 14:54:41 UTC 2016 New revision: 422136 URL: https://svnweb.freebsd.org/changeset/ports/422136 Log: MFH: r422122 www/h2o: Update to 2.0.4 (Fixes vulnerability) - Update to version 2.0.4 PR: 211892 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) Reviewed by: brnrd Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5 Approved by: ports-secteam (feld) Changes: _U branches/2016Q3/ branches/2016Q3/www/h2o/Makefile branches/2016Q3/www/h2o/distinfo
thanks all. koobs@ I'll submit a new patch that adds the mruby support.