Created attachment 162015 [details] Makefile patch to bump portrevision, chasing miniupnpc upgrade This patch to Makefile chases the net/miniupnpc upgrade, which will resolve the buffer overflow bug referenced in http://talosintel.com/reports/TALOS-2015-0035 for the bitcoin ports.
Hold off on this - I've just found a build error from miniupnpc
Created attachment 162019 [details] Patch to bump portrevision, chasing miniupnpc upgrade Corrected patch to chase miniupnpc upgrade. A function definition had changed, so we needed to pick a patch for src/net.cpp to allow for this.
robbak, could you provide QA (portlint, poudriere) results as attachments please
Created attachment 162028 [details] Portlint output.
Created attachment 162029 [details] Poudriere log of build.
Created attachment 162030 [details] Patch to bump portrevision, chasing miniupnpc upgrade; pet portlint Slight adjustment, as reccomended by portlint
A commit references this bug: Author: jbeich Date: Wed Oct 14 14:57:34 UTC 2015 New revision: 399270 URL: https://svnweb.freebsd.org/changeset/ports/399270 Log: net-p2p/bitcoin: chase r399209 https://github.com/miniupnp/miniupnp/commit/1da63faa4fff5cb30e5d4b848ceef80a292382b9 PR: 203761 Submitted by: robbak@gmail.com (based on) Obtained from: upstream MFH: 2015Q4 X-MFH-With: r399209 Changes: head/net-p2p/bitcoin/Makefile head/net-p2p/bitcoin/files/patch-src_net.cpp head/net-p2p/bitcoin-utils/Makefile
Bug 203705 is 'security' fix while 'regression' here is about build breakage and runtime crash due to API/ABI changes. There's nothing to fix until that bug is MFH'd first. net-p2p/bitcoin-utils lacks UPNP option, so no need to bump PORTREVISION there.