Bug 233455 - devel/patch affected by multiple vulnerabilities
Summary: devel/patch affected by multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Alexey Dokuchaev
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2018-11-23 21:51 UTC by Brent Busby
Modified: 2020-01-26 08:15 UTC (History)
6 users (show)

See Also:
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Busby 2018-11-23 21:51:02 UTC
Please bump to 2.7.7 (see https://vuxml.freebsd.org/freebsd/791841a3-d484-4878-8909-92ef9ce424f4.html).
Comment 1 Peter Putzer 2019-07-13 09:45:56 UTC
What's going on that a port with several vulnerabilities is not being updated?
Comment 2 serpent7776 2019-07-26 11:47:08 UTC
Is anybody doing any work to bump patch to 2.7.7? It's already more than half a year passed.
Comment 3 Rene Ladan freebsd_committer freebsd_triage 2019-11-04 21:23:26 UTC
Maintainer reset.
Comment 4 commit-hook freebsd_committer freebsd_triage 2019-11-07 11:36:10 UTC
A commit references this bug:

Author: danfe
Date: Thu Nov  7 11:35:36 UTC 2019
New revision: 516964
URL: https://svnweb.freebsd.org/changeset/ports/516964

Log:
  - Pull in security patches from Debian while upstream still CBA
    to release a new version after almost a year since those bugs
    and vulnerabilities had been reported
  - Hook the test suite, which unfortunately requires bash(1), to
    our framework
  - Chase redirection in the WWW line of the port description

  Security:	791841a3-d484-4878-8909-92ef9ce424f4
  PR:		233455

Changes:
  head/devel/patch/Makefile
  head/devel/patch/distinfo
  head/devel/patch/files/patch-lib__Makefile.in
  head/devel/patch/files/patch-lib__localcharset.c
  head/devel/patch/pkg-descr
Comment 5 Alexey Dokuchaev freebsd_committer freebsd_triage 2019-11-07 11:39:09 UTC
Version 2.7.7 had not been released yet, I've pulled security patches from Debian for the moment: ports r516964.
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2019-11-08 04:00:06 UTC
^Triage:

 - Assign to committer that resolved
 - VuXML entry added in ports r516965 adjusted in ports r516965
 - Re-open pending MFH request (security fix)
Comment 7 Alexey Dokuchaev freebsd_committer freebsd_triage 2020-01-26 08:15:09 UTC
2020Q1 was branched in r521721, so MFC happened automatically.