What's going on that a port with several vulnerabilities is not being updated?

Is anybody doing any work to bump patch to 2.7.7? It's already more than half a year passed.

Comment 3 Rene Ladan 2019-11-04 21:23:26 UTC

Maintainer reset.

Comment 4 commit-hook 2019-11-07 11:36:10 UTC

A commit references this bug:

Author: danfe
Date: Thu Nov  7 11:35:36 UTC 2019
New revision: 516964
URL: https://svnweb.freebsd.org/changeset/ports/516964

Log:
  - Pull in security patches from Debian while upstream still CBA
    to release a new version after almost a year since those bugs
    and vulnerabilities had been reported
  - Hook the test suite, which unfortunately requires bash(1), to
    our framework
  - Chase redirection in the WWW line of the port description

  Security:	791841a3-d484-4878-8909-92ef9ce424f4
  PR:		233455

Changes:
  head/devel/patch/Makefile
  head/devel/patch/distinfo
  head/devel/patch/files/patch-lib__Makefile.in
  head/devel/patch/files/patch-lib__localcharset.c
  head/devel/patch/pkg-descr

Comment 5 Alexey Dokuchaev 2019-11-07 11:39:09 UTC

Version 2.7.7 had not been released yet, I've pulled security patches from Debian for the moment: ports r516964.

Comment 6 Kubilay Kocak 2019-11-08 04:00:06 UTC

^Triage:

 - Assign to committer that resolved
 - VuXML entry added in ports r516965 adjusted in ports r516965
 - Re-open pending MFH request (security fix)

Comment 7 Alexey Dokuchaev 2020-01-26 08:15:09 UTC

2020Q1 was branched in r521721, so MFC happened automatically.