Bug 211495 - www/lighttpd: update to 1.4.41
Summary: www/lighttpd: update to 1.4.41
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Guido Falsi
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-01 08:48 UTC by Piotr Kubaj
Modified: 2016-08-03 14:58 UTC (History)
3 users (show)

See Also:
pkubaj: maintainer-feedback+
pkubaj: merge-quarterly?


Attachments
www/lighttpd 1.4.41 (1.08 KB, patch)
2016-08-01 08:48 UTC, Piotr Kubaj
pkubaj: maintainer-approval+
Details | Diff
vuxml patch (1.15 KB, patch)
2016-08-03 06:32 UTC, Piotr Kubaj
no flags Details | Diff
vuxml diff (1.47 KB, patch)
2016-08-03 08:50 UTC, Guido Falsi
pkubaj: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer 2016-08-01 08:48:32 UTC
Created attachment 173152 [details]
www/lighttpd 1.4.41

The attached patch contains update of www/lighttpd to 1.4.41. The port and its external modules (www/lighttpd-mod*) build fine.
Comment 1 Piotr Kubaj freebsd_committer 2016-08-01 08:49:03 UTC
Since it contains security fixes, it should be MFH'd:
http://www.lighttpd.net/2016/7/31/1.4.41/
Comment 2 Guido Falsi freebsd_committer 2016-08-01 09:38:21 UTC
Hi,

I'm going to test the patch.

I agree with the merge to quarterly, but you should also add an entry to the vuxml DB for the security fixes.

I can help you with that but I'd like you to write the actual texts.

Could you try adding the entry to vuxml yourself? it's not difficult documentation can be found here:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/security-notify.html

You can  attach to this PR a diff to the vuln.xml file.
Comment 3 Piotr Kubaj freebsd_committer 2016-08-03 06:32:20 UTC
Created attachment 173210 [details]
vuxml patch

Please check if this is ok.
Comment 4 Guido Falsi freebsd_committer 2016-08-03 08:50:01 UTC
Created attachment 173213 [details]
vuxml diff

(In reply to Piotr Kubaj from comment #3)
> Created attachment 173210 [details]
> vuxml patch
> 
> Please check if this is ok.

I made a few changes.

Please mind the indentation when working with this file.

I also changes wording slightly:

- for consistency with other entries I substituted "multiple" for "several"
- since you are quoting the lighttpd website I took the list of security fixes verbatim from there and put in an <ul> element.

Please review these changes, I'll commit this all ASAP.
Comment 5 Piotr Kubaj freebsd_committer 2016-08-03 14:44:33 UTC
(In reply to Guido Falsi from comment #4)
It's ok for me.
Comment 6 commit-hook freebsd_committer 2016-08-03 14:54:56 UTC
A commit references this bug:

Author: feld
Date: Wed Aug  3 14:54:27 UTC 2016
New revision: 419527
URL: https://svnweb.freebsd.org/changeset/ports/419527

Log:
  Document lighttpd vulnerabilities

  PR:		211495

Changes:
  head/security/vuxml/vuln.xml
Comment 7 commit-hook freebsd_committer 2016-08-03 14:56:58 UTC
A commit references this bug:

Author: feld
Date: Wed Aug  3 14:56:03 UTC 2016
New revision: 419528
URL: https://svnweb.freebsd.org/changeset/ports/419528

Log:
  www/lighttpd: Update to 1.4.41

  PR:		211495
  MFH:		2016Q3

Changes:
  head/www/lighttpd/Makefile
  head/www/lighttpd/distinfo
Comment 8 commit-hook freebsd_committer 2016-08-03 14:58:00 UTC
A commit references this bug:

Author: feld
Date: Wed Aug  3 14:57:51 UTC 2016
New revision: 419529
URL: https://svnweb.freebsd.org/changeset/ports/419529

Log:
  MFH: r418900 r419528

  www/lighttpd: Update to 1.4.41

  - Convert to USES=localbase
  - Update MAINTAINER address
  - Remove NODELAY option, it has been integrated upstream
  - Modernize Makefile

  PR:		211495

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/www/lighttpd/Makefile
  branches/2016Q3/www/lighttpd/distinfo
  branches/2016Q3/www/lighttpd/files/extra-patch-mysqlauth
  branches/2016Q3/www/lighttpd/files/extra-patch-nodelay
  branches/2016Q3/www/lighttpd/files/extra-patch-src_Makefile.am
  branches/2016Q3/www/lighttpd/files/extra-patch-src_Makefile.in
  branches/2016Q3/www/lighttpd/files/extra-patch-src_http__auth.c
  branches/2016Q3/www/lighttpd/files/extra-patch-src_http__auth.h
  branches/2016Q3/www/lighttpd/files/extra-patch-src_mod__auth.c
  branches/2016Q3/www/lighttpd/files/patch-configure.ac
  branches/2016Q3/www/lighttpd/files/patch-src-fdevent.h
  branches/2016Q3/www/lighttpd/files/patch-src_mod__cml__lua.c
  branches/2016Q3/www/lighttpd/files/patch-src_mod__magnet.c
  branches/2016Q3/www/lighttpd/files/patch-src_network.c
Comment 9 Mark Felder freebsd_committer 2016-08-03 14:58:52 UTC
Thanks for the hard work everyone!