Bug 228762 - www/h2o: update to 2.2.5
Summary: www/h2o: update to 2.2.5
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dave Cottlehuber
URL: https://reviews.freebsd.org/D16110
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-05 13:55 UTC by Max Kostikov
Modified: 2018-07-04 20:59 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (dch)

Attachments
diff to 2.2.5 (8.24 KB, patch)
2018-06-05 13:55 UTC, Max Kostikov 		dch: maintainer-approval+
Details | Diff
dch@ shorter diff (4.78 KB, patch)
2018-06-25 22:04 UTC, Dave Cottlehuber 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Max Kostikov 2018-06-05 13:55:10 UTC 
Created attachment 194020 [details]
diff to 2.2.5

Patch included.
Eliminated local patch for H2O issue #1706 (1707) because changes accepted in current release.
See details here https://github.com/h2o/h2o/releases/tag/v2.2.5
Comment 1 Dave Cottlehuber freebsd_committer freebsd_triage 2018-06-25 22:01:14 UTC 
max thanks, generally LGTM. Is there a reason for re-ording the pkg-plist? My
diff here only needed:

index 0a347a0bf165..cbca158de82c 100644
--- a/www/h2o/pkg-plist
+++ b/www/h2o/pkg-plist
@@ -34,10 +34,10 @@ include/h2o/version.h
 include/h2o/websocket.h
 lib/libh2o-evloop.so
 lib/libh2o-evloop.so.0.13
-lib/libh2o-evloop.so.0.13.4
+lib/libh2o-evloop.so.0.13.5
 lib/libh2o.so
 lib/libh2o.so.0.13
-lib/libh2o.so.0.13.4
+lib/libh2o.so.0.13.5
 libdata/pkgconfig/libh2o-evloop.pc
 libdata/pkgconfig/libh2o.pc
 %%DATADIR%%/annotate-backtrace-symbols

which is nicely shorter.

jrm:
Comment 2 Dave Cottlehuber freebsd_committer freebsd_triage 2018-06-25 22:04:18 UTC 
Created attachment 194637 [details]
dch@ shorter diff
Comment 3 Max Kostikov 2018-06-26 08:02:23 UTC 
(In reply to Dave Cottlehuber from comment #2)
Dave, I completely trust you so please decide by yourself.
Comment 4 Dave Cottlehuber freebsd_committer freebsd_triage 2018-06-28 11:31:32 UTC 
jrm@ can you give my diff a +1 before I commit it? thanks!
Comment 5 Joseph Mingrone freebsd_committer freebsd_triage 2018-06-28 13:33:44 UTC 
+1.  Go for it.
Comment 6 commit-hook freebsd_committer freebsd_triage 2018-07-02 22:47:40 UTC 
A commit references this bug:

Author: dch
Date: Mon Jul  2 22:47:18 UTC 2018
New revision: 473774
URL: https://svnweb.freebsd.org/changeset/ports/473774

Log:
  www/h2o: update 2.2.4 to 2.2.5

  - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
  - LibreSSL and PicoTLS changes
  - see https://github.com/h2o/h2o/blob/master/Changes

  PR:		228762
  Submitted by:	Max Kostikov <max@kostikov.co>
  Approved by:	jrm
  MFH:		2018Q3
  Security:	CVE-2018-0608

Changes:
  head/www/h2o/Makefile
  head/www/h2o/distinfo
  head/www/h2o/files/patch-issue1706
  head/www/h2o/pkg-plist
Comment 7 Dave Cottlehuber freebsd_committer freebsd_triage 2018-07-02 22:56:22 UTC 
thanks for your contribution Max! I will add the CVE details tomorrow and get this backported to the quarterly branch also.
Comment 8 Dave Cottlehuber freebsd_committer freebsd_triage 2018-07-03 12:14:30 UTC 
https://reviews.freebsd.org/D16110 closes off CVE data, backport to quarterly has  MFC approved.
Comment 9 commit-hook freebsd_committer freebsd_triage 2018-07-03 13:14:12 UTC 
A commit references this bug:

Author: dch
Date: Tue Jul  3 13:13:55 UTC 2018
New revision: 473830
URL: https://svnweb.freebsd.org/changeset/ports/473830

Log:
  security/vuxml: add CVE-2018-0608 for www/h2o

  PR:		228762
  Approved by:	jrm
  Security:	CVE-2018-0608
  Differential Revision:	https://reviews.freebsd.org/D16110

Changes:
  head/security/vuxml/vuln.xml
Comment 10 commit-hook freebsd_committer freebsd_triage 2018-07-04 20:59:17 UTC 
A commit references this bug:

Author: dch
Date: Wed Jul  4 20:58:59 UTC 2018
New revision: 473921
URL: https://svnweb.freebsd.org/changeset/ports/473921

Log:
  MFH: r473774

  www/h2o: update 2.2.4 to 2.2.5

  - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
  - LibreSSL and PicoTLS changes
  - see https://github.com/h2o/h2o/blob/master/Changes

  PR:		228762
  Submitted by:	Max Kostikov <max@kostikov.co>
  Approved by:	jrm
  Security:	CVE-2018-0608

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q3/
  branches/2018Q3/www/h2o/Makefile
  branches/2018Q3/www/h2o/distinfo
  branches/2018Q3/www/h2o/files/patch-issue1706
  branches/2018Q3/www/h2o/pkg-plist