Summary: | mail/dovecot: Update to 2.3.7.2 (Fixes CVE-2019-11500) | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Christian Schwarz <me> |
Component: | Individual Port(s) | Assignee: | Larry Rosenman <ler> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | delphij, joneum, ports-secteam |
Priority: | Normal | Keywords: | security |
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(ler) ler: merge-quarterly+ |
Hardware: | Any | ||
OS: | Any | ||
URL: | https://dovecot.org/pipermail/dovecot/2019-August/116873.html |
Description
Christian Schwarz
2019-08-28 16:02:33 UTC
Already committed the fix to head, and have an MFH request in. Unfortunately, MFH'ing this fix brings in a GCC change that I'd like a reading on from the SO folks. Can I get a ruling from ports-secteam? Approved for MFH, see: Xin LI 2019-08-28 16:21:08 UTC Flags: merge-quarterly+ Committed to head in ports r510075 VuXMl entry added in ports r510074 @Larry Could you please include this PR: reference in the MFH to quarterly that that the commit is tracked in this bug. After merge, set merge-quarterly to + and close as necessary The problem I'm having is I don't necessarily want to bring in the GCC change: Tools/scripts/mfh 2019Q3 506460 506487 506821 506824 507181 507215 510075 which is all dovecot{,-pigeonhole}, but it gives a conflict with 507372. On 08/28/2019 11:30 am, Larry Rosenman wrote: Ugh. I don't really want to mfh: ------------------------------------------------------------------------ r507372 | gerald | 2019-07-26 15:46:53 -0500 (Fri, 26 Jul 2019) | 14 lines Bump PORTREVISION for ports depending on the canonical version of GCC as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3 to GCC 9.1 under most circumstances now after revision 507371. This includes ports - with USE_GCC=yes or USE_GCC=any, - with USES=fortran, - using Mk/bsd.octave.mk which in turn features USES=fortran, and - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang, c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib plus, everything INDEX-11 shows with a dependency on lang/gcc9 now. PR: 238330 Is it ok to just fix the conflict? I manually fixed the conflicts, and committed it. merged in r510165. |