Bug 250660
| Summary: | multimedia/motion: Update to 4.3.2 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | ports | ||||||
| Component: | Individual Port(s) | Assignee: | Fernando Apesteguía <fernape> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Many People | CC: | fernape, rhurlin | ||||||
| Priority: | --- | Keywords: | buildisok | ||||||
| Version: | Latest | Flags: | fernape:
merge-quarterly+
|
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://github.com/Motion-Project/motion/releases/tag/release-4.3.2 | ||||||||
| Attachments: |
|
||||||||
Comment on attachment 219127 [details]
Update to latest released version.
Added maintainer-approval.
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/207928887 ^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field. Q/A: Consider reordering some variables in the Makefile.https://www.freebsd.org/doc/en/books/porters-handbook/book.html#porting-order Thanks! Added release notes (such as they are). I looked through the documentation on the order of variables, and I didn't spot anything that looked to conflict with that document? What would you suggest should be re-ordered? Happy to make improvements, just not seeing what is wrong! (In reply to ports from comment #5) I use portclippy along with portlint. As linters, sometimes they are wrong, but this is what I get when I run portclippy: # PORTNAME block PORTNAME PORTVERSION DISTVERSIONPREFIX CATEGORIES # Maintainer block MAINTAINER COMMENT # License block LICENSE LICENSE_FILE # Dependencies LIB_DEPENDS # USES block USES +KMODDIR USE_GITHUB GH_ACCOUNT USE_RC_SUBR # Configure block GNU_CONFIGURE CONFIGURE_ARGS -KMODDIR # Standard bsd.port.mk variables SUB_FILES # Packaging list block PLIST_FILES PORTDOCS PORTEXAMPLES # Options definitions OPTIONS_DEFINE +OPTIONS_DEFAULT OPTIONS_RADIO OPTIONS_RADIO_VIDEO -OPTIONS_DEFAULT # Options descriptions -VIDEO_DESC BKTR_DESC -BKTR_CONFIGURE_WITH PWCBSD_DESC -PWCBSD_BUILD_DEPENDS -PWCBSD_RUN_DEPENDS -PWCBSD_CONFIGURE_WITH +VIDEO_DESC WEBCAMD_DESC # Options helpers -WEBCAMD_BUILD_DEPENDS -WEBCAMD_CONFIGURE_WITH +BKTR_CONFIGURE_WITH FFMPEG_LIB_DEPENDS FFMPEG_CONFIGURE_ON FFMPEG_CONFIGURE_OFF MYSQL_USES MYSQL_CONFIGURE_ON MYSQL_CONFIGURE_OFF PGSQL_USES PGSQL_CONFIGURE_ON PGSQL_CONFIGURE_OFF +PWCBSD_BUILD_DEPENDS +PWCBSD_RUN_DEPENDS +PWCBSD_CONFIGURE_WITH SQLITE3_USES SQLITE3_CONFIGURE_WITH +WEBCAMD_BUILD_DEPENDS +WEBCAMD_CONFIGURE_WITH Cheers Created attachment 219154 [details]
Update to 4.3.2 and also re-order the Makefile to agree with portclippy's suggestions
portclippy is pretty cool, thanks for that! Have updated.
Build testing... I don't see any security related changes in the ChangeLog. Which one do you mean? A commit references this bug: Author: fernape Date: Wed Oct 28 08:08:25 UTC 2020 New revision: 553525 URL: https://svnweb.freebsd.org/changeset/ports/553525 Log: multimedia/motion: Update to 4.3.2 ChangeLog: https://github.com/Motion-Project/motion/releases/tag/release-4.3.2 PR: 250660 Submitted by: ports@blievers.net (maintainer) Changes: head/multimedia/motion/Makefile head/multimedia/motion/distinfo Committed, Please feel free to re-open this should you think this needs to be MFHed Thanks! CVE-2020-26566 is the security issue. Not sure why it isn't in the release notes, maybe giving people a chance to update? Re-opening, given the CVE, I think this should be MFH'd. Sorry I wasn't clear in the first place. (In reply to ports from comment #12) OK, Thanks for checking. Apparently, when they say "Use MHD function for url decoding" (https://github.com/Motion-Project/motion/issues/1227#issuecomment-716099090) they meant fixing a CVE... This is an example of a really bad ChangeLog :( I'm on it. Thanks! It does seem like the release notes could be better, I'm optimistically hoping that they update them once they feel the fix has been distributed enough. A commit references this bug: Author: fernape Date: Wed Oct 28 10:25:26 UTC 2020 New revision: 553531 URL: https://svnweb.freebsd.org/changeset/ports/553531 Log: security/vuxml: Add entry for multimedia/motion Follow up commit for 553525. For some reason, "Use MHD function for url decoding" actually means fixing CVE-2020-26566 PR: 250660 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: fernape Date: Wed Oct 28 11:23:59 UTC 2020 New revision: 553538 URL: https://svnweb.freebsd.org/changeset/ports/553538 Log: MFH: r553525 multimedia/motion: Update to 4.3.2 ChangeLog: https://github.com/Motion-Project/motion/releases/tag/release-4.3.2 Fixes CVE-2020-26566 https://cve-search.iicrai.org/cve/CVE-2020-26566 PR: 250660 Submitted by: ports@blievers.net (maintainer) Approved by: ports-secteam (fluffy@) Changes: _U branches/2020Q4/ branches/2020Q4/multimedia/motion/Makefile branches/2020Q4/multimedia/motion/distinfo MFHed. Thanks! |
Created attachment 219127 [details] Update to latest released version. As per the summary. I have flagged this as "affects many people" as it contains a security update.