222219 – multimedia/mythtv: PORTVERSION is for fixed version 0.28.7, installs vulnerable version 0.27.5

Bug 222219 - multimedia/mythtv: PORTVERSION is for fixed version 0.28.7, installs vulnerable version 0.27.5

Summary: multimedia/mythtv: PORTVERSION is for fixed version 0.28.7, installs vulnerab...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Tobias Kortkamp

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-09-11 08:51 UTC by robbak
Modified:	2017-12-20 23:31 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description robbak 2017-09-11 08:51:41 UTC

The last update to this port was messed up badly. Somehow the patches applied didn't update the all important github hash, meaning that the port still pulls in the sources for the old, vulnerable version.

This also applies to the multimedia/mythtv-frontend port.

Comment 1 commit-hook freebsd_committer

2017-12-20 23:29:58 UTC

A commit references this bug:

Author: tobik
Date: Wed Dec 20 23:29:03 UTC 2017
New revision: 456874
URL: https://svnweb.freebsd.org/changeset/ports/456874

Log:
  multimedia/mythtv{,-frontend}: Revert placebo version updates

  In r440321 and r440322 PORTVERSION was bumped to 0.28.7/0.28.1, but
  GH_TAGNAME was not updated.  Commit ad97d24 is tagged as v0.27.5 [1].

  Reset version back to 0.27.5 and bump PORTEPOCH.

  [1] https://github.com/MythTV/mythtv/releases/tag/v0.27.5

  PR:		222219
  Reported by:	robbak@gmail.com
  Pointy hat:	miwi

Changes:
  head/multimedia/mythtv/Makefile
  head/multimedia/mythtv/distinfo
  head/multimedia/mythtv-frontend/Makefile
  head/multimedia/mythtv-frontend/distinfo