Created attachment 178547 [details] bump irssi to 0.8.21 Multiple vulnerabilities have been found in Irssi and fixed with upstream version 0.8.21. The patch here bumps to that version. * Irssi SA: https://irssi.org/security/irssi_sa_2017_01.txt * Upstream release: https://github.com/irssi/irssi/commit/7cac354161a8914712264408347a9a2882aab22f The changes are security fixes only and are OK to be MFH'd. * Poudriere build test 11.0, amd64: OK * Poudriere build test 10.3, amd64: OK Tested also the builds of chinese/irssi port.
A commit references this bug: Author: vanilla Date: Fri Jan 6 03:45:12 UTC 2017 New revision: 430686 URL: https://svnweb.freebsd.org/changeset/ports/430686 Log: Update to 1.0.0, also remove deprecated configure options. PR: 215800 Submitted by: vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com> MFH: 2017Q1 Changes: head/irc/irssi/Makefile head/irc/irssi/distinfo head/irc/irssi/files/patch-configure head/irc/irssi/files/patch-configure.ac head/irc/irssi/pkg-plist
A commit references this bug: Author: vanilla Date: Fri Jan 6 04:00:50 UTC 2017 New revision: 430688 URL: https://svnweb.freebsd.org/changeset/ports/430688 Log: MFH: r430686 Update to 1.0.0, also remove deprecated configure options. PR: 215800 Submitted by: vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com> Approved by: ports-secteam@ (junovitch@) Changes: _U branches/2017Q1/ branches/2017Q1/irc/irssi/Makefile branches/2017Q1/irc/irssi/distinfo branches/2017Q1/irc/irssi/files/patch-configure branches/2017Q1/irc/irssi/files/patch-configure.ac branches/2017Q1/irc/irssi/pkg-plist
Please note: my submission was to update to 0.8.21 so that could be merged to quarterly as it's only a security fix. Upgrade to 1.0.0 was NOT requested nor submitted by me, and has broken Quarterly's promise of bugfix/security fix only. In addition, it appears some irssi plugins are now broken: please see bug #215829. I'm reopening for further consideration to revert the change in 2017Q1, to minimize damage before more people start installing it. (also, with my triage hat on, please don't forget to mark merge-quarterly and maintainer-feedback flags as done)
A commit references this bug: Author: junovitch Date: Sat Jan 7 23:07:47 UTC 2017 New revision: 430844 URL: https://svnweb.freebsd.org/changeset/ports/430844 Log: Tag irssi entry with assigned CVEs, while here wrap at 80 and reference PR PR: 215800 Security: CVE-2017-5193 Security: CVE-2017-5194 Security: CVE-2017-5195 Security: CVE-2017-5196 Security: https://vuxml.FreeBSD.org/freebsd/3d6be69b-d365-11e6-a071-001e67f15f5a.html Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: vanilla Date: Sun Jan 8 01:37:34 UTC 2017 New revision: 430851 URL: https://svnweb.freebsd.org/changeset/ports/430851 Log: Downgrade to 0.8.21. PR: 215800 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Changes: head/irc/irssi/Makefile head/irc/irssi/distinfo head/irc/irssi/files/patch-Makefile.in head/irc/irssi/files/patch-configure head/irc/irssi/files/patch-perl-Makefile head/irc/irssi/files/patch-src_core_network-openssl.c head/irc/irssi/pkg-plist
A commit references this bug: Author: vanilla Date: Sun Jan 8 01:39:30 UTC 2017 New revision: 430852 URL: https://svnweb.freebsd.org/changeset/ports/430852 Log: MFH: r430851 Downgrade to 0.8.21. PR: 215800 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Approved by: ports-secteam (feld) Changes: _U branches/2017Q1/ branches/2017Q1/irc/irssi/Makefile branches/2017Q1/irc/irssi/distinfo branches/2017Q1/irc/irssi/files/patch-Makefile.in branches/2017Q1/irc/irssi/files/patch-configure branches/2017Q1/irc/irssi/files/patch-perl-Makefile branches/2017Q1/irc/irssi/files/patch-src_core_network-openssl.c branches/2017Q1/irc/irssi/pkg-plist
Thanks. Please set merge-quarterly(+) flag, I don't have permission to.