Bug 272304

Summary: devel/libtar: Deprecate and set expiration date to 2023-09-30
Product: Ports & Packages Reporter: Daniel Engberg <diizzy>
Component: Individual Port(s)Assignee: Daniel Engberg <diizzy>
Status: Closed FIXED    
Severity: Affects Only Me CC: fernape, manuelj.munoz
Priority: --- Flags: bugzilla: maintainer-feedback? (manuelj.munoz)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch for libtar none

Description Daniel Engberg freebsd_committer freebsd_triage 2023-07-01 08:02:09 UTC 
Created attachment 243090 [details]
Patch for libtar

Abandonware since 2013 and multiple CVEs over the years

References:
https://www.opencve.io/cve?vendor=feep&product=libtar
Comment 1 Fernando ApesteguĂ­a freebsd_committer freebsd_triage 2023-07-03 07:06:06 UTC 
^Triage: reporter is committer, assign accordingly
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-07-19 18:06:53 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=812412f5df7c8afae81f2b945795f203e59daaac

commit 812412f5df7c8afae81f2b945795f203e59daaac
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-07-19 16:43:00 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-07-19 18:05:40 +0000

    devel/libtar: Deprecate and set expiration date to 2023-09-30

    Abandonware since 2013 and multiple CVEs over the years

    References:
    https://www.opencve.io/cve?vendor=feep&product=libtar

    PR:             272304
    Approved by:    portmgr (maintainer timeout, 2+ weeks)

 devel/libtar/Makefile | 3 +++
 1 file changed, 3 insertions(+)