Bug 228762
| Summary: | www/h2o: update to 2.2.5 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Max Kostikov <max> | ||||||
| Component: | Individual Port(s) | Assignee: | Dave Cottlehuber <dch> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Many People | CC: | jrm | ||||||
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(dch) |
||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://reviews.freebsd.org/D16110 | ||||||||
| Attachments: |
|
||||||||
|
Description
Max Kostikov
2018-06-05 13:55:10 UTC
max thanks, generally LGTM. Is there a reason for re-ording the pkg-plist? My diff here only needed: index 0a347a0bf165..cbca158de82c 100644 --- a/www/h2o/pkg-plist +++ b/www/h2o/pkg-plist @@ -34,10 +34,10 @@ include/h2o/version.h include/h2o/websocket.h lib/libh2o-evloop.so lib/libh2o-evloop.so.0.13 -lib/libh2o-evloop.so.0.13.4 +lib/libh2o-evloop.so.0.13.5 lib/libh2o.so lib/libh2o.so.0.13 -lib/libh2o.so.0.13.4 +lib/libh2o.so.0.13.5 libdata/pkgconfig/libh2o-evloop.pc libdata/pkgconfig/libh2o.pc %%DATADIR%%/annotate-backtrace-symbols which is nicely shorter. jrm: Created attachment 194637 [details]
dch@ shorter diff
(In reply to Dave Cottlehuber from comment #2) Dave, I completely trust you so please decide by yourself. jrm@ can you give my diff a +1 before I commit it? thanks! +1. Go for it. A commit references this bug: Author: dch Date: Mon Jul 2 22:47:18 UTC 2018 New revision: 473774 URL: https://svnweb.freebsd.org/changeset/ports/473774 Log: www/h2o: update 2.2.4 to 2.2.5 - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt) - LibreSSL and PicoTLS changes - see https://github.com/h2o/h2o/blob/master/Changes PR: 228762 Submitted by: Max Kostikov <max@kostikov.co> Approved by: jrm MFH: 2018Q3 Security: CVE-2018-0608 Changes: head/www/h2o/Makefile head/www/h2o/distinfo head/www/h2o/files/patch-issue1706 head/www/h2o/pkg-plist thanks for your contribution Max! I will add the CVE details tomorrow and get this backported to the quarterly branch also. https://reviews.freebsd.org/D16110 closes off CVE data, backport to quarterly has MFC approved. A commit references this bug: Author: dch Date: Tue Jul 3 13:13:55 UTC 2018 New revision: 473830 URL: https://svnweb.freebsd.org/changeset/ports/473830 Log: security/vuxml: add CVE-2018-0608 for www/h2o PR: 228762 Approved by: jrm Security: CVE-2018-0608 Differential Revision: https://reviews.freebsd.org/D16110 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: dch Date: Wed Jul 4 20:58:59 UTC 2018 New revision: 473921 URL: https://svnweb.freebsd.org/changeset/ports/473921 Log: MFH: r473774 www/h2o: update 2.2.4 to 2.2.5 - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt) - LibreSSL and PicoTLS changes - see https://github.com/h2o/h2o/blob/master/Changes PR: 228762 Submitted by: Max Kostikov <max@kostikov.co> Approved by: jrm Security: CVE-2018-0608 Approved by: ports-secteam Changes: _U branches/2018Q3/ branches/2018Q3/www/h2o/Makefile branches/2018Q3/www/h2o/distinfo branches/2018Q3/www/h2o/files/patch-issue1706 branches/2018Q3/www/h2o/pkg-plist |
