Summary: | [patch] www/joomla15: Deprecation | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Torsten Zühlsdorff <ports> | ||||||
Component: | Individual Port(s) | Assignee: | Jason Unovitch <junovitch> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Only Me | CC: | feld, junovitch, ports-secteam, robi | ||||||
Priority: | --- | Keywords: | patch-ready, security | ||||||
Version: | Latest | Flags: | junovitch:
maintainer-feedback-
junovitch: merge-quarterly+ |
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204016 | ||||||||
Attachments: |
|
Description
Torsten Zühlsdorff
2015-10-24 09:15:44 UTC
Nicola, this was assigned to you even though you were not the maintainer of that particular version. Please feel free to reassign it if you wish. Created attachment 162437 [details] deprecated/forbid both www/joomla15 and www/joomla25 Torsten, Thank you! Per the porter's handbook, we also need to mark this FORBIDDEN. I think we should deprecate both before 2016Q1 gets branched as well so I've shortened the timelines. https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/dads-noinstall.html Also, www/joomla31 uses a different package name then the port origin suggests (`make -VPKGNAME` is joomla3-3.2.3). It probably should have been named www/joomla3. Ports-secteam, Both these ports are well past their usable life and I think the most responsible thing at this point is to immediately forbid and deprecated them as well as MFH this to prevent those packages from being built by default quarterly. Approval to apply this patch for both ports with 'Approved by: ports-secteam (name)"? Log: www/joomla{15,25}: mark FORBIDDEN and DEPRECATED Joomla 1.5 was end of life in December 2012 Joomla 2.5 was end of life in December 2014 Reference: https://www.joomla.org/about-joomla/technical-requirements.html PR: 203995 Submitted by: Torsten Zühlsdorff <ports@toco-domains.de> (original patch) Security: CVE-2014-6632 Security: CVE-2014-7228 Security: CVE-2014-7229 Security: https://vuxml.freebsd.org/freebsd/cec4d01a-7ac5-11e5-b35a-002590263bf5.html Security: https://vuxml.freebsd.org/freebsd/beb3d5fc-7ac5-11e5-b35a-002590263bf5.html MFH: 2015Q4 Ping. Any issues with an 'Approved by: ports-secteam' to immediately mark these long past EOL ports DEPRECATED and FORBIDDEN? J A commit references this bug: Author: junovitch Date: Sat Nov 7 23:28:10 UTC 2015 New revision: 401027 URL: https://svnweb.freebsd.org/changeset/ports/401027 Log: www/joomla{15,25}: mark FORBIDDEN and DEPRECATED Joomla 1.5 was end of life in September 2012 Joomla 2.5 was end of life in December 2014 Reference: https://docs.joomla.org/What_version_of_Joomla!_should_you_use PR: 203995 Submitted by: Torsten Zuhlsdorff <ports@toco-domains.de> (original patch) Approved by: maintainer timeouts (2 weeks) Security: CVE-2014-6632 Security: CVE-2014-7228 Security: CVE-2014-7229 Security: https://vuxml.FreeBSD.org/freebsd/cec4d01a-7ac5-11e5-b35a-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/beb3d5fc-7ac5-11e5-b35a-002590263bf5.html MFH: 2015Q4 Changes: head/www/joomla15/Makefile head/www/joomla25/Makefile A commit references this bug: Author: junovitch Date: Tue Nov 10 01:15:21 UTC 2015 New revision: 401181 URL: https://svnweb.freebsd.org/changeset/ports/401181 Log: MFH: r401027 www/joomla{15,25}: mark FORBIDDEN and DEPRECATED Joomla 1.5 was end of life in September 2012 Joomla 2.5 was end of life in December 2014 Reference: https://docs.joomla.org/What_version_of_Joomla!_should_you_use PR: 203995 Submitted by: Torsten Zuhlsdorff <ports@toco-domains.de> (original patch) Approved by: maintainer timeouts (2 weeks) Approved by: ports-secteam (feld) Security: CVE-2014-6632 Security: CVE-2014-7228 Security: CVE-2014-7229 Security: https://vuxml.FreeBSD.org/freebsd/cec4d01a-7ac5-11e5-b35a-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/beb3d5fc-7ac5-11e5-b35a-002590263bf5.html Changes: _U branches/2015Q4/ branches/2015Q4/www/joomla15/Makefile branches/2015Q4/www/joomla25/Makefile - Set maintainer-feedback- based on maintainer timeout - Set merge-quarterly+ based on MFH in r401181 Torsten, I was going to follow up with closing the PR after the MFH but thanks for being proactive and closing it. |