Bug 255976
| Summary: | net-mgmt/prometheus2: Update to 2.27.1 | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | David O'Rourke <dor.bsd> | ||||||||
| Component: | Individual Port(s) | Assignee: | Guangyuan Yang <ygy> | ||||||||
| Status: | Closed FIXED | ||||||||||
| Severity: | Affects Only Me | CC: | lwhsu, nc, ygy | ||||||||
| Priority: | --- | Keywords: | security | ||||||||
| Version: | Latest | Flags: | ygy:
maintainer-feedback+
ygy: merge-quarterly- |
||||||||
| Hardware: | Any | ||||||||||
| OS: | Any | ||||||||||
| URL: | https://github.com/prometheus/prometheus/releases | ||||||||||
| Bug Depends on: | 256324 | ||||||||||
| Bug Blocks: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
David O'Rourke
2021-05-18 16:31:44 UTC
For a security update, you will need to make an entry in security/vuxml. Information on this can be seen here: https://docs.freebsd.org/en/books/porters-handbook/security/#security-notify Apologies for not adding a VuXML entry yet, but I'm currently away. I hope to take care of this before next week. -David Created attachment 225237 [details]
net-mgmt/prometheus2: Update to 2.27.1
Updated diff with VuXML database entry.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6890a3c0b215c66ee4ac27745dc8caee73dda7f8 commit 6890a3c0b215c66ee4ac27745dc8caee73dda7f8 Author: David O'Rourke <dor.bsd@xm0.uk> AuthorDate: 2021-06-01 03:02:51 +0000 Commit: Guangyuan Yang <ygy@FreeBSD.org> CommitDate: 2021-06-01 03:02:51 +0000 security/vuxml: Document vulnerability in net-mgmt/prometheus2 PR: 255976 Security: CVE-2021-29622 Approved by: lwhsu (mentor) security/vuxml/vuln.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (In reply to David O'Rourke from comment #3) Thanks for the patch! I have committed the vuxml part. I noticed that you host assets on https://github.com/ports-assets/net-mgmt_prometheus2/releases and it seems like you skipped v2.26.1. From my understanding, v2.26.1 and v2.27.1 both contain the said bug fix, so IMO v2.26.1 should be the version that we MFH to 2021Q2. I have opened a separate PR https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256324, could you please provide a patch for v2.26.1 there? That sounds fair enough. I'll get the v2.26.1 assets committed and get another patch over into the bug you listed. (In reply to David O'Rourke from comment #6) Thank you, that would be great. Once the other PR closes, we can safely update it to 2.27.1 and close it here. (In reply to David O'Rourke from comment #6) Now that 2.26.1 is committed, please update the patch against the current HEAD. Thanks! Created attachment 225524 [details]
net-mgmt/prometheus2: Update to 2.27.1
Rebases patch against current ports HEAD, and removes the VuXML entry which was committed elsewhere.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9a67d7de4d74bd2e9a06dfd429c94113f683824b commit 9a67d7de4d74bd2e9a06dfd429c94113f683824b Author: David O'Rourke <dor.bsd@xm0.uk> AuthorDate: 2021-06-03 12:57:03 +0000 Commit: Guangyuan Yang <ygy@FreeBSD.org> CommitDate: 2021-06-03 12:57:03 +0000 net-mgmt/prometheus2: Update to 2.27.1 PR: 255976 Submitted by: David O'Rourke <dor.bsd@xm0.uk> (maintainer) Approved by: lwhsu (mentor, implicit) net-mgmt/prometheus2/Makefile | 2 +- net-mgmt/prometheus2/Makefile.modules | 64 ++++++++-------- net-mgmt/prometheus2/distinfo | 138 +++++++++++++++++----------------- 3 files changed, 102 insertions(+), 102 deletions(-) All committed, thanks again for the changes David! |
