Created attachment 162015 [details]
Makefile patch to bump portrevision, chasing miniupnpc upgrade
This patch to Makefile chases the net/miniupnpc upgrade, which will resolve the buffer overflow bug referenced in http://talosintel.com/reports/TALOS-2015-0035 for the bitcoin ports.
Hold off on this - I've just found a build error from miniupnpc
Created attachment 162019 [details]
Patch to bump portrevision, chasing miniupnpc upgrade
Corrected patch to chase miniupnpc upgrade. A function definition had changed, so we needed to pick a patch for src/net.cpp to allow for this.
robbak, could you provide QA (portlint, poudriere) results as attachments please
Created attachment 162028 [details]
Created attachment 162029 [details]
Poudriere log of build.
Created attachment 162030 [details]
Patch to bump portrevision, chasing miniupnpc upgrade; pet portlint
Slight adjustment, as reccomended by portlint
A commit references this bug:
Date: Wed Oct 14 14:57:34 UTC 2015
New revision: 399270
net-p2p/bitcoin: chase r399209
Submitted by: firstname.lastname@example.org (based on)
Obtained from: upstream
Bug 203705 is 'security' fix while 'regression' here is about build breakage and runtime crash due to API/ABI changes. There's nothing to fix until that bug is MFH'd first.
net-p2p/bitcoin-utils lacks UPNP option, so no need to bump PORTREVISION there.