Bug 211407 - dns/libidn: update 1.31 -> 1.33
Summary: dns/libidn: update 1.31 -> 1.33
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jason Unovitch
URL:
Keywords: patch, patch-ready, security
Depends on:
Blocks:
 
Reported: 2016-07-27 13:20 UTC by Piotr Kubaj
Modified: 2016-08-01 02:30 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (gaod)
junovitch: merge-quarterly+

Attachments
dns/libidn 1.33 (3.27 KB, patch)
2016-07-27 13:20 UTC, Piotr Kubaj 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer freebsd_triage 2016-07-27 13:20:20 UTC 
Created attachment 173038 [details]
dns/libidn 1.33

This patch updates the port to 1.33 version, which patches multiple vulnerabilities http://www.openwall.com/lists/oss-security/2016/07/20/6
Comment 1 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-27 13:21:12 UTC 
(In reply to Piotr Kubaj from comment #0)
Builds fine in Poudriere with 10.3 inside.
Comment 2 Walter Schwarzenfeld freebsd_triage 2016-07-27 15:14:37 UTC 
Only a question: It is a minor update, maybe it is not needed. But gnutls is depend on libidn. Should not it tested too?
Comment 3 Piotr Kubaj freebsd_committer freebsd_triage 2016-07-28 12:23:12 UTC 
(In reply to w.schwarzenfeld from comment #2)
As it patches CVE's I think it's needed, unless you send patches to patch the vulnerabilities or prove that 1.31 (version in ports) isn't vulnerable.

I know there are many dependencies, but I can't really test every dependent port.
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-07-31 15:15:50 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Jul 31 15:14:57 UTC 2016
New revision: 419388
URL: https://svnweb.freebsd.org/changeset/ports/419388

Log:
  Document security issues fixed Libidn 1.33

  PR:		211407
  Reported by:	Piotr Kubaj <pkubaj@anongoth.pl>
  Security:	CVE-2015-8948
  Security:	CVE-2016-6261
  Security:	CVE-2016-6262
  Security:	CVE-2016-6263
  Security:	https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-07-31 15:15:54 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Jul 31 15:15:04 UTC 2016
New revision: 419389
URL: https://svnweb.freebsd.org/changeset/ports/419389

Log:
  dns/libidn: update 1.31 -> 1.33

  PR:		211407
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2015-8948
  Security:	CVE-2016-6261
  Security:	CVE-2016-6262
  Security:	CVE-2016-6263
  Security:	https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html
  MFH:		2016Q3

Changes:
  head/dns/libidn/Makefile
  head/dns/libidn/distinfo
  head/dns/libidn/pkg-plist
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-07-31 15:15:56 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Jul 31 15:15:43 UTC 2016
New revision: 419390
URL: https://svnweb.freebsd.org/changeset/ports/419390

Log:
  MFH: r419389

  dns/libidn: update 1.31 -> 1.33

  PR:		211407
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2015-8948
  Security:	CVE-2016-6261
  Security:	CVE-2016-6262
  Security:	CVE-2016-6263
  Security:	https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html

Changes:
_U  branches/2016Q3/
  branches/2016Q3/dns/libidn/Makefile
  branches/2016Q3/dns/libidn/distinfo
  branches/2016Q3/dns/libidn/pkg-plist
Comment 7 Jason Unovitch freebsd_committer freebsd_triage 2016-07-31 15:18:42 UTC 
Committed. Thanks Piotr!
Comment 8 Antoine Brodin freebsd_committer freebsd_triage 2016-07-31 19:42:11 UTC 
The patch is wrong, info/dir in plist is harmful
Comment 9 commit-hook freebsd_committer freebsd_triage 2016-08-01 02:28:03 UTC 
A commit references this bug:

Author: junovitch
Date: Mon Aug  1 02:27:12 UTC 2016
New revision: 419420
URL: https://svnweb.freebsd.org/changeset/ports/419420

Log:
  dns/libidn: remove erroneous addition of autogenerated info/dir in plist

  PR:		211407
  Pointyhat to:	junovitch
  Approved by:	ports-secteam (with hat)
  MFH:		2016Q3

Changes:
  head/dns/libidn/Makefile
  head/dns/libidn/pkg-plist
Comment 10 commit-hook freebsd_committer freebsd_triage 2016-08-01 02:28:07 UTC 
A commit references this bug:

Author: junovitch
Date: Mon Aug  1 02:27:49 UTC 2016
New revision: 419421
URL: https://svnweb.freebsd.org/changeset/ports/419421

Log:
  MFH: r419420

  dns/libidn: remove erroneous addition of autogenerated info/dir in plist

  PR:		211407
  Pointyhat to:	junovitch
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/dns/libidn/Makefile
  branches/2016Q3/dns/libidn/pkg-plist
Comment 11 Jason Unovitch freebsd_committer freebsd_triage 2016-08-01 02:30:51 UTC 
(In reply to Antoine Brodin from comment #8)
Close again after removal of erroneous plist line.