Summary: | Update graphics/shotwell to snapshot to fix security issue | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Koop Mast <kwm> | ||||
Component: | Individual Port(s) | Assignee: | Koop Mast <kwm> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | feld, ports-secteam | ||||
Priority: | --- | Keywords: | patch-ready | ||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Koop Mast
2016-01-31 22:28:04 UTC
The right thing to do here is protect our users. As we have the capability to do so and as long as this does not rely on a defunct version of webkit we should be able to keep it alive in our ports tree. I can approve this snapshot update and MFH. A commit references this bug: Author: kwm Date: Fri Feb 5 16:32:10 UTC 2016 New revision: 408219 URL: https://svnweb.freebsd.org/changeset/ports/408219 Log: Document shotwell failure to validate TLS certificates. PR: 206807 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: kwm Date: Fri Feb 5 16:34:59 UTC 2016 New revision: 408220 URL: https://svnweb.freebsd.org/changeset/ports/408220 Log: Update shotwell to a git snapshot. Update to a snapshot, to fix ssl cert validation. Sadly it doesn't look upstream shotwell is still active so we need to update to a snapshot. Also to fix this, they had to port it to webkit2gtk3. PR: 206807 Approved by: ports-secteam (feld) MFH: 2016Q1 Changes: head/graphics/shotwell/Makefile head/graphics/shotwell/distinfo head/graphics/shotwell/files/patch-Makefile head/graphics/shotwell/pkg-plist |