Bug 239599
| Summary: | devel/libevent: update to 2.1.11 | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Jan Beich <jbeich> |
| Component: | Individual Port(s) | Assignee: | Jan Beich <jbeich> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | CC: | zeising |
| Priority: | --- | Keywords: | patch, patch-ready, security |
| Version: | Latest | Flags: | zeising:
maintainer-feedback+
|
| Hardware: | Any | ||
| OS: | Any | ||
| URL: | https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable | ||
| Bug Depends on: | 238127, 239655 | ||
| Bug Blocks: | 239603 | ||
|
Description
Jan Beich
2019-08-02 12:53:46 UTC
Can you provide implicit approval for future updates? The ports framework doesn't support co-maintainers but this port is critical to www/firefox, security/tor and a number of others. I'd like to avoid waiting on maintainer timeouts to land security fixes that are almost always included in the updates. The intent is similar to devel/icu, multimedia/ffmpeg, etc. Feel free to grab the port. I was surprised when I found it was maintained by ports@ (it's too important for that). I thought you already owned the port since I know it's important for Firefox. As a side note, is it customary for libinput to provide security updates without CVEs, or did I simply miss the CVE? (In reply to Niclas Zeising from comment #2) > Feel free to grab the port. I only grab ports if ready to refactor, not for mere updates. Refactoring takes complete understanding of every line and/or a lot of time. > is it customary for libinput to provide security updates without CVEs, > or did I simply miss the CVE? Not sure. There're few vulnerabilities but like in FFmpeg's case CVEs maybe assigned several months later to let distributions catch up. For one, CVE-2015-6525 was published half a year after 2.0.22 update. (In reply to Jan Beich from comment #3) > (In reply to Niclas Zeising from comment #2) > > Feel free to grab the port. > > I only grab ports if ready to refactor, not for mere updates. Refactoring > takes complete understanding of every line and/or a lot of time. Ok. Implicit approval for updates granted. A commit references this bug: Author: jbeich Date: Fri Aug 2 13:31:01 UTC 2019 New revision: 507877 URL: https://svnweb.freebsd.org/changeset/ports/507877 Log: devel/libevent2: update to 2.1.11 Changes: https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable ABI: https://abi-laboratory.pro/tracker/timeline/libevent/ PR: 239599 Reported by: GitHub (watch releases) Approved by: zeising (maintainer) MFH: 2019Q3 (maybe security, partially restores 2.1.8 ABI) Differential Revision: https://reviews.freebsd.org/D21133 Changes: head/audio/forked-daapd/Makefile head/databases/libcouchbase/Makefile head/databases/libmemcached/Makefile head/databases/memcached/Makefile head/databases/memcacheq/Makefile head/databases/mysql56-server/Makefile head/databases/mysql57-server/Makefile head/databases/mysql80-server/Makefile head/databases/mysqlwsrep56-server/Makefile head/databases/mysqlwsrep57-server/Makefile head/databases/percona57-server/Makefile head/databases/pgbouncer/Makefile head/databases/sharedance/Makefile head/devel/eventxx/Makefile head/devel/folly/Makefile head/devel/fstrm/Makefile head/devel/gearmand/Makefile head/devel/gearmand-devel/Makefile head/devel/libdnsres/Makefile head/devel/libevent/Makefile head/devel/libevent/distinfo head/devel/libevent/pkg-plist head/devel/libmsocket/Makefile head/devel/lua51-libevent/Makefile head/devel/p5-Event-Lib/Makefile head/devel/pecl-event/Makefile head/devel/shards/Makefile head/devel/thrift-cpp/Makefile head/dns/adsuck/Makefile head/dns/dnscrypt-wrapper/Makefile head/dns/dnsproxy/Makefile head/dns/getdns/Makefile head/dns/nsd/Makefile head/dns/unbound/Makefile head/irc/bitlbee/Makefile head/lang/crystal/Makefile head/lang/io/Makefile head/mail/dbmail/Makefile head/mail/mailest/Makefile head/mail/opensmtpd/Makefile head/mail/opensmtpd-devel/Makefile head/mail/opensmtpd-extras/Makefile head/mail/rspamd/Makefile head/mail/thunderbird/Makefile head/multimedia/ustreamer/Makefile head/net/aprsc/Makefile head/net/coturn/Makefile head/net/honeyd/Makefile head/net/ifstated/Makefile head/net/ladvd/Makefile head/net/measurement-kit/Makefile head/net/netatalk3/Makefile head/net/ntp/Makefile head/net/nylon/Makefile head/net/openmdns/Makefile head/net/openmpi/Makefile head/net/openmpi2/Makefile head/net/openmpi3/Makefile head/net/rsocket-cpp/Makefile head/net/trickle/Makefile head/net/turnserver/Makefile head/net-im/telegram/Makefile head/net-mgmt/ccnet-server/Makefile head/net-mgmt/lldpd/Makefile head/net-mgmt/seafile-client/Makefile head/net-mgmt/seafile-gui/Makefile head/net-mgmt/seafile-server/Makefile head/net-mgmt/zabbix4-server/Makefile head/net-mgmt/zabbix42-server/Makefile head/net-p2p/bitcoin/Makefile head/net-p2p/libswift/Makefile head/net-p2p/litecoin/Makefile head/net-p2p/namecoin/Makefile head/net-p2p/qtum/Makefile head/net-p2p/transmission-cli/Makefile head/security/certificate-transparency/Makefile head/security/fragroute/Makefile head/security/kickpass/Makefile head/security/obfsclient/Makefile head/security/openiked/Makefile head/security/scanssh/Makefile head/security/spybye/Makefile head/security/sslproxy/Makefile head/security/sslsplit/Makefile head/security/tor/Makefile head/security/tor-devel/Makefile head/sysutils/ori/Makefile head/sysutils/tlsdate/Makefile head/sysutils/tmate/Makefile head/sysutils/tmate-slave/Makefile head/sysutils/tmux/Makefile head/sysutils/tmux23/Makefile head/textproc/groonga/Makefile head/www/cliqz/Makefile head/www/crawl/Makefile head/www/envoy/Makefile head/www/firefox/Makefile head/www/firefox-esr/Makefile head/www/libevhtp/Makefile head/www/links/Makefile head/www/mohawk/Makefile head/www/nghttp2/Makefile head/www/pecl-http/Makefile head/www/qt5-webengine/Makefile head/www/slowcgi/Makefile ports-secteam@ timeout. Resetting MFH request. |