Bug 203621

Summary: net-mgmt/lldpd: update to 0.7.16 -> 0.7.18
Product: Ports & Packages Reporter: Mathieu Simon <freebsd>
Component: Individual Port(s)Assignee: Jason Unovitch <junovitch>
Status: Closed FIXED    
Severity: Affects Some People CC: junovitch
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Bump lldpd to 0.7.18 none

Description Mathieu Simon 2015-10-07 16:20:20 UTC 
Created attachment 161808 [details]
Bump lldpd to 0.7.18

Hi there

Here is an update for the net-mgmt/lldpd port that I maintain.

I've tried giving README.bsd and the installation message. The patch attached has passed poudriere testport in 10.2-amd64 and 9.3-amd64 jails.

Best regards
Mathieu
Comment 1 commit-hook freebsd_committer freebsd_triage 2015-10-09 20:02:51 UTC 
A commit references this bug:

Author: junovitch
Date: Fri Oct  9 20:02:05 UTC 2015
New revision: 398954
URL: https://svnweb.freebsd.org/changeset/ports/398954

Log:
  net-mgmt/lldpd: update 0.7.16 -> 0.7.18

  - Add additional information to README on -I interface flag usage
  - Change formatting of pkg-message

  Changes:	https://github.com/vincentbernat/lldpd/compare/0.7.16...0.7.18

  PR:		203621
  Submitted by:	Mathieu Simon <freebsd@simweb.ch> (maintainer)

Changes:
  head/net-mgmt/lldpd/Makefile
  head/net-mgmt/lldpd/distinfo
  head/net-mgmt/lldpd/files/README.bsd
  head/net-mgmt/lldpd/pkg-message
Comment 2 Jason Unovitch freebsd_committer freebsd_triage 2015-10-09 20:09:12 UTC 
`portlint -ac` was fine, I had no issues building in 9, 10, or 11 amd64 and i386, and a quick runtime check looked fine.

One question though.  Wouldn't this port be best converted to a USE_GITHUB port on the next update?  With only one address as a MASTER_SITE it feels like that would be a more reliable and sustainable solution long term.  If that make sense, please do so the the 0.7.19 update.  Thanks!
Comment 3 Mathieu Simon 2015-10-10 13:12:46 UTC 
Hi Jason

Thanks for commiting the patch and added verification.

> One question though.  Wouldn't this port be best converted to a USE_GITHUB port
> on the next update?  With only one address as a MASTER_SITE it feels like that
> would be a more reliable and sustainable solution long term.  If that make
> sense, please do so the the 0.7.19 update.  Thanks!

Tempting, however: The author points for release tarballs at his server and 
they are not identical from the archives downloadable after he tags there:

- Release tarballs contain a ready-to-run configure.sh
- Archives on github tags contain autogen.sh, they would induce a dependency 
  on libtool and autotools (+ their respective dependencies) to first generate configure.sh.

I don't know if it would be easier to upload/mirror them on my personal site, 
providing a mirror this way instead of adding build dependencies.* I don't think having 
both github and the official mirror would work because of their different build dependencies.

I'm really none of an expert in this area, let me know what is "typically preferred". :-)

-- Mathieu

* Proposal: https://github.com/matsimon/freebsd-ports-dev/commit/fcfc4eb39c82a294688cec0ae62fdac7e7442a5c
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2015-10-10 13:33:57 UTC 
(In reply to Mathieu Simon from comment #3)
Mathieu,
Thanks for the explanation.  The differences between the Github tag and final tarball on the author's website was something I was not aware of.  I think we can leave it as is unless the author's policy changes.

The personal mirror is up to you.  For a core infrastructure port like Apache, Nginx, etc, more mirrors benefit all the end users building the port.  I think in this case we can survive with the main site and a fall back to FreeBSD's distfile cache mirror.  However, if you are comfortable supporting the extra mirror I can go ahead and commit that to the port.
Comment 5 Mathieu Simon 2015-10-10 13:37:26 UTC 
(In reply to Jason Unovitch from comment #4)

Since it's a relatively small distfile I don't mind adding this one as mirror and keeping it updated. Go ahead to add that one.

Thanks,
Mathieu
Comment 6 commit-hook freebsd_committer freebsd_triage 2015-10-10 13:44:29 UTC 
A commit references this bug:

Author: junovitch
Date: Sat Oct 10 13:44:11 UTC 2015
New revision: 398994
URL: https://svnweb.freebsd.org/changeset/ports/398994

Log:
  net-mgmt/lldpd: Add maintainer's mirror to MASTER_SITES

  PR:		203621
  Submitted by:	Mathieu Simon <freebsd@simweb.ch> (maintainer)

Changes:
  head/net-mgmt/lldpd/Makefile
Comment 7 Jason Unovitch freebsd_committer freebsd_triage 2015-10-10 13:46:51 UTC 
(In reply to Mathieu Simon from comment #5)
Thanks!

Something to keep in mind is that, over time, tags of "release" packages, quarterly branches, and so forth will accumulate that refer to old versions of the packages.  Generally you shouldn't remove old distfiles since it's possible for an end user using one of those tags to try to download an old release.
Comment 8 commit-hook freebsd_committer freebsd_triage 2015-10-27 13:58:12 UTC 
A commit references this bug:

Author: mat
Date: Tue Oct 27 13:57:40 UTC 2015
New revision: 400244
URL: https://svnweb.freebsd.org/changeset/ports/400244

Log:
  MFH: r398954 r398994 r400237

  net-mgmt/lldpd: update 0.7.16 -> 0.7.19

  - Add additional information to README on -I interface flag usage
  - Change formatting of pkg-message
  - net-mgmt/lldpd: Add maintainer's mirror to MASTER_SITES

  Fixes a buffer overflow allowing arbitrary code execution.

  PR:		203621 204044
  Submitted by:	maintainer
  Security:	2a4a112a-7c1b-11e5-bd77-0800275369e2
  Sponsored by:	Absolight

Changes:
_U  branches/2015Q4/
  branches/2015Q4/net-mgmt/lldpd/Makefile
  branches/2015Q4/net-mgmt/lldpd/distinfo
  branches/2015Q4/net-mgmt/lldpd/files/README.bsd
  branches/2015Q4/net-mgmt/lldpd/pkg-message