Bug 255492

Summary: irc/ircII: Update to 20210314 (fixes CVE-2021-29376)
Product: Ports & Packages Reporter: andrew
Component: Individual Port(s)Assignee: Kevin Bowling <kbowling>
Status: Closed FIXED    
Severity: Affects Many People CC: eduardo, kbowling, ports-secteam, ygy
Priority: Normal Keywords: needs-patch, needs-qa, security
Version: LatestFlags: kbowling: merge-quarterly+
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 255292    
Attachments:
Description Flags
update to 20210314
andrew: maintainer-approval+
update to 20210314 with plist fixed andrew: maintainer-approval+

Description andrew 2021-04-29 16:46:16 UTC
Created attachment 224537 [details]
update to 20210314

Update to 20210314

Security: CVE-2021-29376
Comment 1 Nuno Teixeira freebsd_committer 2021-05-23 09:40:58 UTC
poudriere testport log:

====> Running Q/A tests (stage-qa)
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: %%DATADIR%%/help/bind/refresh_window_lastlog
===> Checking for items in pkg-plist which are not in STAGEDIR
===> Error: Plist issues found.
*** Error code 1

Stop.
make: stopped in /usr/ports/irc/ircII
=>> Error: check-plist failures detected
build of irc/ircII | ircii-20210314 ended at Sun May 23 10:39:28 WEST 2021
build time: 00:00:10
!!! build failure encountered !!!
[00:00:29] Error: Build failed in phase: check-plist
Comment 2 andrew 2021-05-30 23:48:10 UTC
Created attachment 225388 [details]
update to 20210314 with plist fixed

Sorry, this should be correct.
Comment 3 Guangyuan Yang freebsd_committer 2021-06-08 22:10:11 UTC
For a security fix, could you please also attach a patch to a new entry of security/vuxml?
Comment 4 commit-hook freebsd_committer 2021-06-15 15:49:30 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=876e3518e2d6471142cc16e0d9020c4cac7bbefb

commit 876e3518e2d6471142cc16e0d9020c4cac7bbefb
Author:     Andrew Gierth <andrew@tao11.riddles.org.uk>
AuthorDate: 2021-06-15 15:27:57 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-06-15 15:48:19 +0000

    irc/ircII: Update to 20210314

    PR:             255492
    Approved by:    maintainer
    MFH:            2021Q2
    Security:       CVE-2021-29376

 irc/ircII/Makefile  | 2 +-
 irc/ircII/distinfo  | 6 +++---
 irc/ircII/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)
Comment 5 commit-hook freebsd_committer 2021-06-15 15:49:31 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bfa25459fcfaf5bcb4803ff598d72208fd920580

commit bfa25459fcfaf5bcb4803ff598d72208fd920580
Author:     Kevin Bowling <kbowling@FreeBSD.org>
AuthorDate: 2021-06-15 15:46:39 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-06-15 15:48:20 +0000

    security/vuxml: Document CVE-2021-29376 for irc/ircII

    PR:             255492
    Reported by:    Andrew Gierth <andrew@tao11.riddles.org.uk>

 security/vuxml/vuln.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
Comment 6 commit-hook freebsd_committer 2021-06-15 15:50:32 UTC
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0a20f3a3fdd6c9869164218323ec17fb735e1d21

commit 0a20f3a3fdd6c9869164218323ec17fb735e1d21
Author:     Andrew Gierth <andrew@tao11.riddles.org.uk>
AuthorDate: 2021-06-15 15:27:57 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2021-06-15 15:49:20 +0000

    irc/ircII: Update to 20210314

    PR:             255492
    Approved by:    maintainer
    MFH:            2021Q2
    Security:       CVE-2021-29376

    (cherry picked from commit 876e3518e2d6471142cc16e0d9020c4cac7bbefb)

 irc/ircII/Makefile  | 2 +-
 irc/ircII/distinfo  | 6 +++---
 irc/ircII/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)
Comment 7 Kevin Bowling freebsd_committer 2021-06-15 15:52:53 UTC
Thanks for the patch.  You can see the VuXML in the above commit for future reference.