Created attachment 234206 [details] Update 6.4.2 -> 6.7.0 Update 6.4.2 -> 6.7.0
Created attachment 234207 [details] mattermost-webapp
Created attachment 235302 [details] Update 6.4.2 -> 7.1.1 After no success with modules2tuple on v7 series I've tried what Dmitri Goutnik did with prometheus2: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264316 It builds and its running here.
Created attachment 235401 [details] Update 6.4.2 -> 7.1.2
v7.1.2 patch works well, thank you. Please merge this.
Created attachment 235962 [details] Update 6.4.2 -> 7.2.0
Created attachment 236578 [details] Update 6.4.2 -> 7.3.0
^Triage: Maintainer timeout (> 4 months), open to take
Comment on attachment 234206 [details] Update 6.4.2 -> 6.7.0 Old patch version
Comment on attachment 234207 [details] mattermost-webapp Old patch version
6.4.3 is affected by at least the following security vulnerabilities[1]: MMSA-2022-00112 MMSA-2022-00110 MMSA-2022-00109 MMSA-2022-00108 MMSA-2022-00104 (fixed in 6.4.3) MMSA-2022-00102 MMSA-2022-00101 6.3.x (LTS) received fixes for the above, but 6.4.x (non-LTS release) has not (except MMSA-2022-00104) There are additional vulnerabilities for 6.5, 6.6, 6.7 [1] that were only fixed in 7.0, 7.1, 7.2 branches. There are upgrade compatibility considerations for every major.minor upstream release [2], including schema and configuration changes that are required post upgrade: 6.4 -> 6.6 comprises configuration only changes 6.7 has schema changes 7.1 has schema changes 7.2 has schema changes Current mattermost release branches [3] are: v7.3 - Feature Release v7.2 - Feature Release v7.1 - Extended Support Release v7.0 - Major Release v6.3 - Extended Support Release Options for upgrade paths given the above are: 1) Upgrade port to latest (supported) LTS, currently 7.1, OR 2) Upgrade port to latest version, currently 7.3, OR 3) Create new mattermost7 port(s), at the current LTS, allowing people upgrade at their own pace. Since Option 1 requires schema changes, Option 2 isn't much more of an issue. However, Option 2 puts the port in a position (at a non-LTS version) where it could end up in the same situation as today, without support and not receiving bug or security fixes. Also, quarterly port/package versions are vulnerable, so any option must satisfy resolving in quarterly. Quarterly is not supposed to receive functional / feature changes (all else equal), particularly those that may break service/services on upgrade without user intervention. This leaves Option 3 as the most viable option, with the addition of: 3.1) Mark current mattermost ports DEPRECATED and vulnerable (VuXML), with messaging to upgrade/move to the latest port version, with clear UPDATING upgrade instructions. 3.2) Merge the new mattermost7 port(s), allowing users in quarterly to upgrade with notice. A decent mattermost port/package target state would appear to be a mattermostX port for each major (X) version LTS (minor) version. In order to progress this issue, the following is necessary, in order: 1) VuXML patch adding each vulnerability including all vulnerable/fixed versions correctly. 2) Patch creating new mattermost7 port(s) for 7.1 LTS version 3) Patch marking current mattermost port as DEPRECATED with EXPIRATION_DATE (fairly immediately) and clear messaging of what to do. 4) Patch to UPDATING adding clear information for what users need to do for a 6.4.2 to 7.1 (new port) upgrade. 5) Remove current mattermost port in HEAD at some point, potentially with MOVED (to mattermost7) entry (needs-qa). [1] https://mattermost.com/security-updates/ [2] https://docs.mattermost.com/upgrade/important-upgrade-notes.html [3] https://docs.mattermost.com/install/self-managed-changelog.html
(In reply to Kubilay Kocak from comment #10) "6.4.3 is affected by" should have read "6.4.2 (current port version) is affected by"
Created attachment 237326 [details] Update 6.4.2 -> 7.4.0
any plans commit this?
Created attachment 238133 [details] Update 6.4.2 -> 7.5.1
*** Bug 267992 has been marked as a duplicate of this bug. ***
Created attachment 239115 [details] Update 6.4.2 -> 7.5.2
(In reply to Raúl from comment #16) I've used this patch for the last few days on my servers and it's working all right. I'm for commiting it so that everyone else can smoothly upgrade their instances and stop getting a warning message every time they start their clients saying that the server is out of date and unsupported.
Created attachment 239545 [details] Update 6.4.2 -> 7.7.0
Created attachment 239615 [details] Update 6.4.2 -> 7.7.1
Created attachment 240229 [details] Update 6.4.2 -> 7.8.0 https://docs.mattermost.com/install/self-managed-changelog.html#release-v7-8-extended-support-release [....] Before upgrading, we recommend checking for duplicate data in the focalboard_category_boards table, and deleting all but one copy of duplicate data. This is to ensure that the new plugin version startup doesn’t lock the table, and prevent users from using Boards. We recommend de-duplicating the data at a time of low user activity. [....] Maybe not applicable on all use cases, that table doesn't exist here but just in case as always, look for upgrade notes. This is an ESR, I can follow that extended support releases to help make this port a better fit for our quarterly branch, but even ESR pace is a bit fast. Database upgrades happen on new version first launch, are not always reversible and I only have one mattermost instance with 'real' load to test.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=45d430073c2330ca0c173c5bdc007317d50e7e6d commit 45d430073c2330ca0c173c5bdc007317d50e7e6d Author: Raúl <raul.munoz@custos.es> AuthorDate: 2023-02-23 11:56:38 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2023-02-23 12:05:25 +0000 www/mattermost-webapp: Update version 6.4.2=>7.8.0 Changelog: https://github.com/mattermost/mattermost-webapp/releases/tag/v7.8.0 PR: 264232 Approved by: swills (maintainer-timeout) Sponsored by: Bounce Experts www/mattermost-webapp/Makefile | 7 +- www/mattermost-webapp/distinfo | 6 +- www/mattermost-webapp/pkg-plist | 617 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 623 insertions(+), 7 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=71f3946479fcac2dca1249bc03cab8fb1bde11cd commit 71f3946479fcac2dca1249bc03cab8fb1bde11cd Author: Raúl <raul.munoz@custos.es> AuthorDate: 2023-02-23 12:02:31 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2023-02-23 12:05:25 +0000 www/mattermost-server: Update version 6.4.2=>7.8.0 Changelog: https://github.com/mattermost/mattermost-server/releases/tag/v7.8.0 PR: 264232 Reported by: yaruta.arkadiy@gmail.com Approved by: swills (maintainer-timeout) Sponsored by: Bounce Experts www/mattermost-server/Makefile | 14 +++++++------- www/mattermost-server/distinfo | 8 +++++--- www/mattermost-server/pkg-plist | 16 ++++++++-------- 3 files changed, 20 insertions(+), 18 deletions(-)