Created attachment 194020 [details] diff to 2.2.5 Patch included. Eliminated local patch for H2O issue #1706 (1707) because changes accepted in current release. See details here https://github.com/h2o/h2o/releases/tag/v2.2.5
max thanks, generally LGTM. Is there a reason for re-ording the pkg-plist? My diff here only needed: index 0a347a0bf165..cbca158de82c 100644 --- a/www/h2o/pkg-plist +++ b/www/h2o/pkg-plist @@ -34,10 +34,10 @@ include/h2o/version.h include/h2o/websocket.h lib/libh2o-evloop.so lib/libh2o-evloop.so.0.13 -lib/libh2o-evloop.so.0.13.4 +lib/libh2o-evloop.so.0.13.5 lib/libh2o.so lib/libh2o.so.0.13 -lib/libh2o.so.0.13.4 +lib/libh2o.so.0.13.5 libdata/pkgconfig/libh2o-evloop.pc libdata/pkgconfig/libh2o.pc %%DATADIR%%/annotate-backtrace-symbols which is nicely shorter. jrm:
Created attachment 194637 [details] dch@ shorter diff
(In reply to Dave Cottlehuber from comment #2) Dave, I completely trust you so please decide by yourself.
jrm@ can you give my diff a +1 before I commit it? thanks!
+1. Go for it.
A commit references this bug: Author: dch Date: Mon Jul 2 22:47:18 UTC 2018 New revision: 473774 URL: https://svnweb.freebsd.org/changeset/ports/473774 Log: www/h2o: update 2.2.4 to 2.2.5 - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt) - LibreSSL and PicoTLS changes - see https://github.com/h2o/h2o/blob/master/Changes PR: 228762 Submitted by: Max Kostikov <max@kostikov.co> Approved by: jrm MFH: 2018Q3 Security: CVE-2018-0608 Changes: head/www/h2o/Makefile head/www/h2o/distinfo head/www/h2o/files/patch-issue1706 head/www/h2o/pkg-plist
thanks for your contribution Max! I will add the CVE details tomorrow and get this backported to the quarterly branch also.
https://reviews.freebsd.org/D16110 closes off CVE data, backport to quarterly has MFC approved.
A commit references this bug: Author: dch Date: Tue Jul 3 13:13:55 UTC 2018 New revision: 473830 URL: https://svnweb.freebsd.org/changeset/ports/473830 Log: security/vuxml: add CVE-2018-0608 for www/h2o PR: 228762 Approved by: jrm Security: CVE-2018-0608 Differential Revision: https://reviews.freebsd.org/D16110 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: dch Date: Wed Jul 4 20:58:59 UTC 2018 New revision: 473921 URL: https://svnweb.freebsd.org/changeset/ports/473921 Log: MFH: r473774 www/h2o: update 2.2.4 to 2.2.5 - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt) - LibreSSL and PicoTLS changes - see https://github.com/h2o/h2o/blob/master/Changes PR: 228762 Submitted by: Max Kostikov <max@kostikov.co> Approved by: jrm Security: CVE-2018-0608 Approved by: ports-secteam Changes: _U branches/2018Q3/ branches/2018Q3/www/h2o/Makefile branches/2018Q3/www/h2o/distinfo branches/2018Q3/www/h2o/files/patch-issue1706 branches/2018Q3/www/h2o/pkg-plist