Bug 267937 - archivers/advancecomp: update to 2.4
Summary: archivers/advancecomp: update to 2.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Fernando Apesteguía
URL: https://github.com/amadvance/advancec...
Keywords: security
Depends on:
Blocks:
 
Reported: 2022-11-22 22:57 UTC by Robert Clausecker
Modified: 2022-11-27 12:29 UTC (History)
2 users (show)

See Also:
fernape: merge-quarterly+


Attachments
archivers/advancecomp: update to 2.4 (1.66 KB, patch)
2022-11-22 22:57 UTC, Robert Clausecker
fuz: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clausecker freebsd_committer freebsd_triage 2022-11-22 22:57:53 UTC
Created attachment 238265 [details]
archivers/advancecomp: update to 2.4

This update fixes CVE-2022-35014, CVE-2022-35015, CVE-2022-35016,
CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, and CVE-2022-35020.

Changelog: https://github.com/amadvance/advancecomp/releases/tag/v2.4

Tested with Poudriere on armv7 arm64 FreeBSD 13.1.
Please MFH if possible.
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2022-11-23 06:44:48 UTC
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.

TODO: vuxml entries.

Thanks!
Comment 2 Robert Clausecker freebsd_committer freebsd_triage 2022-11-23 09:21:18 UTC
(In reply to Fernando Apesteguía from comment #1)

> TODO: vuxml entries.

:-(  I hate writing these.
Comment 3 Fernando Apesteguía freebsd_committer freebsd_triage 2022-11-23 09:35:33 UTC
(In reply to Robert Clausecker from comment #2)

I'll try to do it later. It was mostly a self-reminder :-)
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2022-11-24 08:51:32 UTC
(In reply to Fernando Apesteguía from comment #3)
I got the vuxml entry. I'll do the commit today.

Thanks!
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-11-24 16:15:52 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=dbf29c579ee30461c22872445cafa3c98a8c9235

commit dbf29c579ee30461c22872445cafa3c98a8c9235
Author:     Robert Clausecker <fuz@fuz.su>
AuthorDate: 2022-11-23 06:41:34 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-24 16:10:31 +0000

    archivers/advancecomp: update to 2.4

    ChangeLog: https://github.com/amadvance/advancecomp/releases/tag/v2.4

    Fixes multiple vulnerabilities.

    Add vuxml entries

    PR:             267937
    Reported by:    fuz@fuz.su (maintainer)
    MFH:            2022Q4 (security fix)
    Security:       CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
                    CVE-2022-35018, CVE-2022-35019, CVE-2022-35020

 archivers/advancecomp/Makefile | 4 ++--
 archivers/advancecomp/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-11-24 16:16:54 UTC
A commit in branch 2022Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=eced3aa10d3b7fc2467fdfd6bed60bc20f2e5442

commit eced3aa10d3b7fc2467fdfd6bed60bc20f2e5442
Author:     Robert Clausecker <fuz@fuz.su>
AuthorDate: 2022-11-23 06:41:34 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-24 16:12:23 +0000

    archivers/advancecomp: update to 2.4

    ChangeLog: https://github.com/amadvance/advancecomp/releases/tag/v2.4

    Fixes multiple vulnerabilities.

    Add vuxml entries

    PR:             267937
    Reported by:    fuz@fuz.su (maintainer)
    MFH:            2022Q4 (security fix)
    Security:       CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
                    CVE-2022-35018, CVE-2022-35019, CVE-2022-35020

    (cherry picked from commit dbf29c579ee30461c22872445cafa3c98a8c9235)

 archivers/advancecomp/Makefile | 4 ++--
 archivers/advancecomp/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2022-11-24 16:18:55 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=119b6f865b2c45ab1ba927e62bf41e122fb4ea08

commit 119b6f865b2c45ab1ba927e62bf41e122fb4ea08
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2022-11-24 16:13:42 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-11-24 16:14:42 +0000

    security/vuxml: Add multiple CVEs for advancecomp

    PR:     267937

 security/vuxml/vuln/2022.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
Comment 8 Robert Clausecker freebsd_committer freebsd_triage 2022-11-27 12:15:57 UTC
Looks like we are done here?
Comment 9 Fernando Apesteguía freebsd_committer freebsd_triage 2022-11-27 12:29:39 UTC
Yes. Sorry, I missed to close this one.

Cheers.