Bug 211892
| Summary: | www/h2o: Update to 2.0.4 | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Dave Cottlehuber <dch> | ||||||||||
| Component: | Individual Port(s) | Assignee: | Kubilay Kocak <koobs> | ||||||||||
| Status: | Closed FIXED | ||||||||||||
| Severity: | Affects Only Me | CC: | dch, ports-secteam | ||||||||||
| Priority: | --- | Keywords: | needs-patch, needs-qa, patch, security | ||||||||||
| Version: | Latest | Flags: | dch:
maintainer-feedback+
dch: merge-quarterly? |
||||||||||
| Hardware: | Any | ||||||||||||
| OS: | Any | ||||||||||||
| Attachments: |
|
||||||||||||
Thank you Dave. Please: * Separate patches into two: one for the update so it (the security/bugfixes) can be merged, and the other for the feature/options additions * Please QA against all supported versions 9/10/11 and at least each of i386/amd64 Created attachment 173953 [details]
v2 patch -- merge to quarterly
# v2 patch
- revised per koobs@ request to drop option knob
- includes only version bump & patch for potential buffer overrun
- ready for quarterly merge
# QA
- portlint as before
- poudriere OK on
10_amd64 10.3-RELEASE-p7
10_i386 10.3-RELEASE-p7
11_amd64 11.0-BETA4
9_amd64 9.3-RELEASE-p45
9_i386 9.3-RELEASE-p45
Created attachment 174745 [details]
v3 patch solely including upgrade
Created attachment 174753 [details] v4 patch including vuxml.xml entry https://github.com/skunkwerks/ports/commit/da6a5ece75bba819115f540cb28d2b8e4e860fa0.patch # QA - portlint OK - poudriere OK 9_i386 9_amd64 10_i386 10_amd64 11_amd64 includes vuxml entry for 2016-09-14 public release A commit references this bug: Author: brnrd Date: Wed Sep 14 09:27:14 UTC 2016 New revision: 422122 URL: https://svnweb.freebsd.org/changeset/ports/422122 Log: www/h2o: Update to 2.0.4 (Fixes vulnerability) - Update to version 2.0.4 PR: 211892 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) Reviewed by: brnrd MFH: 2016Q3 Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5 Changes: head/www/h2o/Makefile head/www/h2o/distinfo A commit references this bug: Author: brnrd Date: Wed Sep 14 09:31:35 UTC 2016 New revision: 422123 URL: https://svnweb.freebsd.org/changeset/ports/422123 Log: security/vuxml: Document www/h2o vulnerability PR: 211892 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) Reviewed by: brnrd MFH: 2016Q3 Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: brnrd Date: Wed Sep 14 14:54:41 UTC 2016 New revision: 422136 URL: https://svnweb.freebsd.org/changeset/ports/422136 Log: MFH: r422122 www/h2o: Update to 2.0.4 (Fixes vulnerability) - Update to version 2.0.4 PR: 211892 Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer) Reviewed by: brnrd Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5 Approved by: ports-secteam (feld) Changes: _U branches/2016Q3/ branches/2016Q3/www/h2o/Makefile branches/2016Q3/www/h2o/distinfo thanks all. koobs@ I'll submit a new patch that adds the mruby support. |
Created attachment 173724 [details] v1 patch # Changes - [build] build mruby library handler support by default in FreeBSD port - [fastcgi] setenv should displace HTTP headers #996 (Kazuho Oku) - [http2] fix buffer overrun #972 (Frederik Deweerdt) - [misc] fix build error when libuv is not found #1008 (nextgenthemes) - [misc] fix assertion failure when YAML alias and merge is used in certain way #1011 (Kazuho Oku) # QA - portlint OK (DATADIR & /var/log/${PORTNAME} as usual) - poudriere OK on 11.0-BETA4 # Committers Please include in quarterly (wrt possible buffer overrun in hpack parser)