Bug 215800

Summary:

irc/irssi: Update to 0.8.21 (Security fixes)

Product:

Ports & Packages

Reporter:

VK <vlad-fbsd>

Component:

Individual Port(s)

Assignee:

Vanilla I. Shu <vanilla>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

junovitch, ports-secteam, vanilla

Priority:

---

Keywords:

patch, security

Version:

Latest

Flags:

vlad-fbsd: maintainer-feedback+
vanilla: merge-quarterly+

Hardware:

Any

OS:

Any

URL:

https://irssi.org/security/irssi_sa_2017_01.txt

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215829

Bug Depends on:

215801

Bug Blocks:

Attachments:

Description	Flags
bump irssi to 0.8.21	vlad-fbsd: maintainer-approval? (vanilla)

Description VK freebsd_triage

2017-01-05 17:19:55 UTC

Created attachment 178547 [details]
bump irssi to 0.8.21

Multiple vulnerabilities have been found in Irssi and fixed with upstream version 0.8.21. The patch here bumps to that version.

* Irssi SA:
  https://irssi.org/security/irssi_sa_2017_01.txt

* Upstream release:
  https://github.com/irssi/irssi/commit/7cac354161a8914712264408347a9a2882aab22f

The changes are security fixes only and are OK to be MFH'd.

* Poudriere build test 11.0, amd64: OK
* Poudriere build test 10.3, amd64: OK

Tested also the builds of chinese/irssi port.

Comment 1 commit-hook freebsd_committer

2017-01-06 03:46:18 UTC

A commit references this bug:

Author: vanilla
Date: Fri Jan  6 03:45:12 UTC 2017
New revision: 430686
URL: https://svnweb.freebsd.org/changeset/ports/430686

Log:
  Update to 1.0.0, also remove deprecated configure options.

  PR:		215800
  Submitted by:	vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com>
  MFH:		2017Q1

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
  head/irc/irssi/files/patch-configure
  head/irc/irssi/files/patch-configure.ac
  head/irc/irssi/pkg-plist

Comment 2 commit-hook freebsd_committer

2017-01-06 04:01:31 UTC

A commit references this bug:

Author: vanilla
Date: Fri Jan  6 04:00:50 UTC 2017
New revision: 430688
URL: https://svnweb.freebsd.org/changeset/ports/430688

Log:
  MFH: r430686

  Update to 1.0.0, also remove deprecated configure options.

  PR:		215800
  Submitted by:	vlad-fbsd@acheronmedia.com <vlad-fbsd at acheronmedia.com>

  Approved by:	ports-secteam@ (junovitch@)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/irc/irssi/Makefile
  branches/2017Q1/irc/irssi/distinfo
  branches/2017Q1/irc/irssi/files/patch-configure
  branches/2017Q1/irc/irssi/files/patch-configure.ac
  branches/2017Q1/irc/irssi/pkg-plist

Comment 3 VK freebsd_triage

2017-01-06 15:33:57 UTC

Please note: my submission was to update to 0.8.21 so that could be merged to quarterly as it's only a security fix. Upgrade to 1.0.0 was NOT requested nor submitted by me, and has broken Quarterly's promise of bugfix/security fix only.

In addition, it appears some irssi plugins are now broken: please see bug #215829.

I'm reopening for further consideration to revert the change in 2017Q1, to minimize damage before more people start installing it.

(also, with my triage hat on, please don't forget to mark merge-quarterly and maintainer-feedback flags as done)

Comment 4 commit-hook freebsd_committer

2017-01-07 23:07:59 UTC

A commit references this bug:

Author: junovitch
Date: Sat Jan  7 23:07:47 UTC 2017
New revision: 430844
URL: https://svnweb.freebsd.org/changeset/ports/430844

Log:
  Tag irssi entry with assigned CVEs, while here wrap at 80 and reference PR

  PR:		215800
  Security:	CVE-2017-5193
  Security:	CVE-2017-5194
  Security:	CVE-2017-5195
  Security:	CVE-2017-5196
  Security:	https://vuxml.FreeBSD.org/freebsd/3d6be69b-d365-11e6-a071-001e67f15f5a.html

Changes:
  head/security/vuxml/vuln.xml

Comment 5 commit-hook freebsd_committer

2017-01-08 01:37:59 UTC

A commit references this bug:

Author: vanilla
Date: Sun Jan  8 01:37:34 UTC 2017
New revision: 430851
URL: https://svnweb.freebsd.org/changeset/ports/430851

Log:
  Downgrade to 0.8.21.

  PR:		215800
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Changes:
  head/irc/irssi/Makefile
  head/irc/irssi/distinfo
  head/irc/irssi/files/patch-Makefile.in
  head/irc/irssi/files/patch-configure
  head/irc/irssi/files/patch-perl-Makefile
  head/irc/irssi/files/patch-src_core_network-openssl.c
  head/irc/irssi/pkg-plist

Comment 6 commit-hook freebsd_committer

2017-01-08 01:40:03 UTC

A commit references this bug:

Author: vanilla
Date: Sun Jan  8 01:39:30 UTC 2017
New revision: 430852
URL: https://svnweb.freebsd.org/changeset/ports/430852

Log:
  MFH: r430851

  Downgrade to 0.8.21.

  PR:		215800
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/irc/irssi/Makefile
  branches/2017Q1/irc/irssi/distinfo
  branches/2017Q1/irc/irssi/files/patch-Makefile.in
  branches/2017Q1/irc/irssi/files/patch-configure
  branches/2017Q1/irc/irssi/files/patch-perl-Makefile
  branches/2017Q1/irc/irssi/files/patch-src_core_network-openssl.c
  branches/2017Q1/irc/irssi/pkg-plist

Comment 7 VK freebsd_triage

2017-01-08 14:26:21 UTC

Thanks. Please set merge-quarterly(+) flag, I don't have permission to.