Created attachment 232232 [details] [PATCH] security/meek: update 0.35.0 to 0.37.0 while here, - USE_GITHUB=yes [0]; - update base Golan dependencies; - apply backport fix for CVE-2021-34558 on 'utls' [1] - goptlib goes from 0.7 to 1.2.0 [2]; - fix `test` target run [3]. do-test: OK # cd /usr/ports # make -s -C security/meek clean all stage-qa check-plist test install deinstall reinstall bulk/testpost OK: 12, 13, main (CURRENT/HEAD) PS: I would like to adopt the port, should the MAINTAINER approves it :) --- [0] https://github.com/torbsd/meek/releases/tag/v0.37.0 [1] https://github.com/refraction-networking/utls/commit/0b2885c8c0d4467cfe98136748a9d011d0b8fff0 [2] https://github.com/torbsd/goptlib/tree/v1.2.0 [3] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/40002
ping?
Hi, Thanks a lot for your patch and reminding us of upgrading to 0.37.0. I am happy, if you can help here. However, there is no reason not to get the sources directly from upstream. So, would you mind updating your patch with upstream sources? Otherwise, I am happy to do it myself.
hello there :) sure, if you can make it work getting directly from Tor Project's cgit/gitweb that would be great! we decided to mirror that under @torbsd on GitHub based on the fact I'm part of the project myself and am able to manage the repository there. nothing special. thanks for the feedback!
no success on the wished outcomes; please consider using this current patch instead -- upstream did not move its repository to either GitHub or GitLab (it also did not properly tagged recent releases on current MASTER_SITE, which is cgit/gitweb).
security@ is an alias for security-officer@. The security-officer is not responsible for this port. You don't need our maintainer-feedback. Having said that, the diff looks sensible.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9273a07f860ab1959d23216a84a836b6a2a9ee2e commit 9273a07f860ab1959d23216a84a836b6a2a9ee2e Author: Vinícius Zavam <egypcio@FreeBSD.org> AuthorDate: 2022-08-07 15:06:57 +0000 Commit: Vinícius Zavam <egypcio@FreeBSD.org> CommitDate: 2022-08-07 15:06:57 +0000 security/meek: update 0.35.0 to 0.37.0 bulk/testpost OK: 12, 13, main (CURRENT/HEAD) while here, - USE_GITHUB=yes (follows upstream); - update base Golan dependencies; - apply backport fix for CVE-2021-34558 on 'utls'; - goptlib goes from 0.7 to 1.2.0; - fix `test` target run; - maintainer reset, after long time hiatus in Bugzilla (6months+). PR: 262327 Reported by: egypcio@ Security: CVE-2021-34558 Approved by: philip@ security/meek/Makefile | 47 ++++++++++++++++++++++------------------------- security/meek/distinfo | 30 +++++++++++++++--------------- 2 files changed, 37 insertions(+), 40 deletions(-)