Bug 203096
| Summary: | [patch][maintainer update] update www/h2o to 1.4.5 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Dave Cottlehuber <dch> | ||||||
| Component: | Individual Port(s) | Assignee: | Grzegorz Blach <gblach> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Some People | CC: | gblach, ports-secteam | ||||||
| Priority: | --- | Keywords: | patch | ||||||
| Version: | Latest | Flags: | dch:
maintainer-feedback+
|
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Bug Depends on: | 203147 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
|
Description
Dave Cottlehuber
2015-09-14 10:29:28 UTC
Created attachment 161112 [details]
secfix
# portlint
WARN: Makefile: possible use of absolute pathname "/var/log/${PORTNAME}...".
0 fatal errors and 1 warning found.
# poudriere
http://pkg.skunkwerks.at/poudriere/data/10_2_amd64-default/2015-09-16_08h02m33s/logs/h2o-1.4.5.log
# patch
https://github.com/dch/freebsd-ports/commit/9b61c980024f27d136866cb57ba1244aa2a18de0
Created attachment 161114 [details] CVE-2015-5638 first try at a vuxml commit, may need tweaking. # patch https://github.com/dch/freebsd-ports/commit/a5704fb65b3c6af5f03a93c03f347d31b8bc51aa # make validate make validate |& tee /ramdisk/make-validate.vuxml /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml A commit references this bug: Author: gblach Date: Wed Sep 16 12:29:58 UTC 2015 New revision: 397062 URL: https://svnweb.freebsd.org/changeset/ports/397062 Log: - Fix rc.d issues introduced with recent perl changes [1] - Update to 1.4.5 [2] PR: 203147 [1], 203096 [2] Submitted by: Dave Cottlehuber (maintainer) Changes: head/www/h2o/Makefile head/www/h2o/distinfo head/www/h2o/files/h2o.in secfix committed A commit references this bug: Author: feld Date: Wed Sep 16 16:32:40 UTC 2015 New revision: 397072 URL: https://svnweb.freebsd.org/changeset/ports/397072 Log: Document www/h2o vulnerability PR: 203096 PR: 203147 Security: CVE-2015-5638 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Fri Sep 18 09:56:32 UTC 2015 New revision: 397229 URL: https://svnweb.freebsd.org/changeset/ports/397229 Log: MFH r393066,r396229,r396629,r397062: r393066 www/h2o: 1.2.0 -> 1.4.2 ChangeLog: https://github.com/h2o/h2o/releases PR: 200998 Submitted by: sean@x-n.su Approved by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) r396229 - Update to 1.4.4 [1] - Drop 8.x support [2] PR: 202818 [1] Submitted by: Dave Cottlehuber (dch <at> skunkwerks <dot> at) [1] Approved by: portmgr blanket [2] r396629 - Fix rc.d script - Bump PORTVERSION PR: 202937 Submitted by: gblach Approved by: Dave Cottlehuber (dch <at> skunkwerks <dot> at) r397062 - Fix rc.d issues introduced with recent perl changes [1] - Update to 1.4.5 [2] PR: 203147 [1], 203096 [2] Submitted by: Dave Cottlehuber (maintainer) Security: 31ea7f73-5c55-11e5-8607-74d02b9a84d5 Security: CVE-2015-5638 Approved by: ports-secteam (feld) Changes: _U branches/2015Q3/ branches/2015Q3/www/h2o/Makefile branches/2015Q3/www/h2o/distinfo branches/2015Q3/www/h2o/files/h2o.conf.sample branches/2015Q3/www/h2o/files/h2o.in branches/2015Q3/www/h2o/files/patch-CMakeLists.txt branches/2015Q3/www/h2o/pkg-plist |