Bug 211407
| Summary: | dns/libidn: update 1.31 -> 1.33 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Piotr Kubaj <pkubaj> | ||||
| Component: | Individual Port(s) | Assignee: | Jason Unovitch <junovitch> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | gaod, junovitch, ports-secteam, w.schwarzenfeld | ||||
| Priority: | --- | Keywords: | patch, patch-ready, security | ||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(gaod) junovitch: merge-quarterly+ |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Piotr Kubaj
2016-07-27 13:20:20 UTC
(In reply to Piotr Kubaj from comment #0) Builds fine in Poudriere with 10.3 inside. Only a question: It is a minor update, maybe it is not needed. But gnutls is depend on libidn. Should not it tested too? (In reply to w.schwarzenfeld from comment #2) As it patches CVE's I think it's needed, unless you send patches to patch the vulnerabilities or prove that 1.31 (version in ports) isn't vulnerable. I know there are many dependencies, but I can't really test every dependent port. A commit references this bug: Author: junovitch Date: Sun Jul 31 15:14:57 UTC 2016 New revision: 419388 URL: https://svnweb.freebsd.org/changeset/ports/419388 Log: Document security issues fixed Libidn 1.33 PR: 211407 Reported by: Piotr Kubaj <pkubaj@anongoth.pl> Security: CVE-2015-8948 Security: CVE-2016-6261 Security: CVE-2016-6262 Security: CVE-2016-6263 Security: https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Sun Jul 31 15:15:04 UTC 2016 New revision: 419389 URL: https://svnweb.freebsd.org/changeset/ports/419389 Log: dns/libidn: update 1.31 -> 1.33 PR: 211407 Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> Approved by: ports-secteam (with hat) Security: CVE-2015-8948 Security: CVE-2016-6261 Security: CVE-2016-6262 Security: CVE-2016-6263 Security: https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html MFH: 2016Q3 Changes: head/dns/libidn/Makefile head/dns/libidn/distinfo head/dns/libidn/pkg-plist A commit references this bug: Author: junovitch Date: Sun Jul 31 15:15:43 UTC 2016 New revision: 419390 URL: https://svnweb.freebsd.org/changeset/ports/419390 Log: MFH: r419389 dns/libidn: update 1.31 -> 1.33 PR: 211407 Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> Approved by: ports-secteam (with hat) Security: CVE-2015-8948 Security: CVE-2016-6261 Security: CVE-2016-6262 Security: CVE-2016-6263 Security: https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html Changes: _U branches/2016Q3/ branches/2016Q3/dns/libidn/Makefile branches/2016Q3/dns/libidn/distinfo branches/2016Q3/dns/libidn/pkg-plist Committed. Thanks Piotr! The patch is wrong, info/dir in plist is harmful A commit references this bug: Author: junovitch Date: Mon Aug 1 02:27:12 UTC 2016 New revision: 419420 URL: https://svnweb.freebsd.org/changeset/ports/419420 Log: dns/libidn: remove erroneous addition of autogenerated info/dir in plist PR: 211407 Pointyhat to: junovitch Approved by: ports-secteam (with hat) MFH: 2016Q3 Changes: head/dns/libidn/Makefile head/dns/libidn/pkg-plist A commit references this bug: Author: junovitch Date: Mon Aug 1 02:27:49 UTC 2016 New revision: 419421 URL: https://svnweb.freebsd.org/changeset/ports/419421 Log: MFH: r419420 dns/libidn: remove erroneous addition of autogenerated info/dir in plist PR: 211407 Pointyhat to: junovitch Approved by: ports-secteam (with hat) Changes: _U branches/2016Q3/ branches/2016Q3/dns/libidn/Makefile branches/2016Q3/dns/libidn/pkg-plist (In reply to Antoine Brodin from comment #8) Close again after removal of erroneous plist line. |