Bug 272304 - devel/libtar: Deprecate and set expiration date to 2023-09-30
Summary: devel/libtar: Deprecate and set expiration date to 2023-09-30
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Daniel Engberg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-01 08:02 UTC by Daniel Engberg
Modified: 2023-07-19 18:16 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (manuelj.munoz)

Attachments
Patch for libtar (426 bytes, patch)
2023-07-01 08:02 UTC, Daniel Engberg 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer freebsd_triage 2023-07-01 08:02:09 UTC 
Created attachment 243090 [details]
Patch for libtar

Abandonware since 2013 and multiple CVEs over the years

References:
https://www.opencve.io/cve?vendor=feep&product=libtar
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2023-07-03 07:06:06 UTC 
^Triage: reporter is committer, assign accordingly
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-07-19 18:06:53 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=812412f5df7c8afae81f2b945795f203e59daaac

commit 812412f5df7c8afae81f2b945795f203e59daaac
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-07-19 16:43:00 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-07-19 18:05:40 +0000

    devel/libtar: Deprecate and set expiration date to 2023-09-30

    Abandonware since 2013 and multiple CVEs over the years

    References:
    https://www.opencve.io/cve?vendor=feep&product=libtar

    PR:             272304
    Approved by:    portmgr (maintainer timeout, 2+ weeks)

 devel/libtar/Makefile | 3 +++
 1 file changed, 3 insertions(+)