Summary: | irc/irssi: Update to 0.8.21 (Security fixes) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | VK <vlad-fbsd> | ||||
Component: | Individual Port(s) | Assignee: | Vanilla I. Shu <vanilla> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | junovitch, ports-secteam, vanilla | ||||
Priority: | --- | Keywords: | patch, security | ||||
Version: | Latest | Flags: | vlad-fbsd:
maintainer-feedback+
vanilla: merge-quarterly+ |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://irssi.org/security/irssi_sa_2017_01.txt | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215829 | ||||||
Bug Depends on: | 215801 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
VK
2017-01-05 17:19:55 UTC
A commit references this bug: Author: vanilla Date: Fri Jan 6 03:45:12 UTC 2017 New revision: 430686 URL: https://svnweb.freebsd.org/changeset/ports/430686 Log: Update to 1.0.0, also remove deprecated configure options. PR: 215800 Submitted by: vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com> MFH: 2017Q1 Changes: head/irc/irssi/Makefile head/irc/irssi/distinfo head/irc/irssi/files/patch-configure head/irc/irssi/files/patch-configure.ac head/irc/irssi/pkg-plist A commit references this bug: Author: vanilla Date: Fri Jan 6 04:00:50 UTC 2017 New revision: 430688 URL: https://svnweb.freebsd.org/changeset/ports/430688 Log: MFH: r430686 Update to 1.0.0, also remove deprecated configure options. PR: 215800 Submitted by: vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com> Approved by: ports-secteam@ (junovitch@) Changes: _U branches/2017Q1/ branches/2017Q1/irc/irssi/Makefile branches/2017Q1/irc/irssi/distinfo branches/2017Q1/irc/irssi/files/patch-configure branches/2017Q1/irc/irssi/files/patch-configure.ac branches/2017Q1/irc/irssi/pkg-plist Please note: my submission was to update to 0.8.21 so that could be merged to quarterly as it's only a security fix. Upgrade to 1.0.0 was NOT requested nor submitted by me, and has broken Quarterly's promise of bugfix/security fix only. In addition, it appears some irssi plugins are now broken: please see bug #215829. I'm reopening for further consideration to revert the change in 2017Q1, to minimize damage before more people start installing it. (also, with my triage hat on, please don't forget to mark merge-quarterly and maintainer-feedback flags as done) A commit references this bug: Author: junovitch Date: Sat Jan 7 23:07:47 UTC 2017 New revision: 430844 URL: https://svnweb.freebsd.org/changeset/ports/430844 Log: Tag irssi entry with assigned CVEs, while here wrap at 80 and reference PR PR: 215800 Security: CVE-2017-5193 Security: CVE-2017-5194 Security: CVE-2017-5195 Security: CVE-2017-5196 Security: https://vuxml.FreeBSD.org/freebsd/3d6be69b-d365-11e6-a071-001e67f15f5a.html Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: vanilla Date: Sun Jan 8 01:37:34 UTC 2017 New revision: 430851 URL: https://svnweb.freebsd.org/changeset/ports/430851 Log: Downgrade to 0.8.21. PR: 215800 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Changes: head/irc/irssi/Makefile head/irc/irssi/distinfo head/irc/irssi/files/patch-Makefile.in head/irc/irssi/files/patch-configure head/irc/irssi/files/patch-perl-Makefile head/irc/irssi/files/patch-src_core_network-openssl.c head/irc/irssi/pkg-plist A commit references this bug: Author: vanilla Date: Sun Jan 8 01:39:30 UTC 2017 New revision: 430852 URL: https://svnweb.freebsd.org/changeset/ports/430852 Log: MFH: r430851 Downgrade to 0.8.21. PR: 215800 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Approved by: ports-secteam (feld) Changes: _U branches/2017Q1/ branches/2017Q1/irc/irssi/Makefile branches/2017Q1/irc/irssi/distinfo branches/2017Q1/irc/irssi/files/patch-Makefile.in branches/2017Q1/irc/irssi/files/patch-configure branches/2017Q1/irc/irssi/files/patch-perl-Makefile branches/2017Q1/irc/irssi/files/patch-src_core_network-openssl.c branches/2017Q1/irc/irssi/pkg-plist Thanks. Please set merge-quarterly(+) flag, I don't have permission to. |