Created attachment 237924 [details] Update to 3.11.14 Update to 3.11.14 Git patch attached. Updated maven repo must be manually copied to distfiles for patch testing and uploaded to LOCAL as part of the commit process. It is available at the following link: https://drive.google.com/file/d/1q05NS2qLsD58CzN6QMaZ0-TOEp3tSHxL
^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval. -- Attachment -> Details -> maintainer-approval [+] ^Triage: Maintainer-feedback flag (+) not required unless requested (?) first. Thanks!
This update fixes the following. CVE-2022-42003 CVE-2022-4200 CVE-2022-25857 CVE-2019-2684 CVE-2020-7238 CVE-2022-2482 CVE-2021-44521 CVE-2015-0886 Note: pending VuXML entry.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0c267ac14349fb0250f5a2fd8fd79e093b3626f6 commit 0c267ac14349fb0250f5a2fd8fd79e093b3626f6 Author: Angelo Polo <language.devel@gmail.com> AuthorDate: 2023-01-10 07:10:09 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-11 17:36:02 +0000 databases/cassandra3: Update to 3.11.14 ChangeLog: https://gitbox.apache.org/repos/asf?p=cassandra.git;a=blob_plain;f=CHANGES.txt;hb=refs/tags/cassandra-3.11.14 PR: 267624 Reported by: language.devel@gmail.com MFH: 2023Q1 (security fixes) Relnotes: Security: CVE-2022-42003 CVE-2022-4200 CVE-2022-25857 CVE-2019-2684 CVE-2020-7238 CVE-2022-2482 CVE-2021-44521 CVE-2015-0886 databases/cassandra3/Makefile | 12 ++++---- databases/cassandra3/distinfo | 10 +++---- databases/cassandra3/files/patch-build.xml | 35 ++++++---------------- .../cassandra3/files/patch-conf_cassandra.yaml | 6 ++-- .../cassandra3/files/patch-doc_Makefile (gone) | 11 ------- databases/cassandra3/pkg-plist | 21 +++++++------ 6 files changed, 32 insertions(+), 63 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b1016706b690003545ecf21abdd50a8d764bd287 commit b1016706b690003545ecf21abdd50a8d764bd287 Author: Angelo Polo <language.devel@gmail.com> AuthorDate: 2023-01-10 07:10:09 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-11 17:37:33 +0000 databases/cassandra3: Update to 3.11.14 ChangeLog: https://gitbox.apache.org/repos/asf?p=cassandra.git;a=blob_plain;f=CHANGES.txt;hb=refs/tags/cassandra-3.11.14 PR: 267624 Reported by: language.devel@gmail.com MFH: 2023Q1 (security fixes) Relnotes: Security: CVE-2022-42003 CVE-2022-4200 CVE-2022-25857 CVE-2019-2684 CVE-2020-7238 CVE-2022-2482 CVE-2021-44521 CVE-2015-0886 (cherry picked from commit 0c267ac14349fb0250f5a2fd8fd79e093b3626f6) databases/cassandra3/Makefile | 12 ++++---- databases/cassandra3/distinfo | 10 +++---- databases/cassandra3/files/patch-build.xml | 35 ++++++---------------- .../cassandra3/files/patch-conf_cassandra.yaml | 6 ++-- .../cassandra3/files/patch-doc_Makefile (gone) | 11 ------- databases/cassandra3/pkg-plist | 21 +++++++------ 6 files changed, 32 insertions(+), 63 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2d493d4ae39ea985c47ca03c63551e53b639069b commit 2d493d4ae39ea985c47ca03c63551e53b639069b Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2023-01-11 07:20:37 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-11 17:48:22 +0000 security/vuxml: cassandra3 multiple vulnerabilities CVE-2022-42003 CVE-2022-4200 CVE-2022-25857 CVE-2019-2684 CVE-2020-7238 CVE-2022-24823 CVE-2021-44521 CVE-2015-0886 PR: 267624 security/vuxml/vuln/2023.xml | 107 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+)
Committed, Thanks!