Bug 211892 - www/h2o: Update to 2.0.4
Summary: www/h2o: Update to 2.0.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kubilay Kocak
URL:
Keywords: needs-patch, needs-qa, patch, security
Depends on:
Blocks:
 
Reported: 2016-08-16 07:50 UTC by Dave Cottlehuber
Modified: 2016-09-14 17:47 UTC (History)
2 users (show)

See Also:
dch: maintainer-feedback+
dch: merge-quarterly?


Attachments
v1 patch (2.06 KB, text/plain)
2016-08-16 07:50 UTC, Dave Cottlehuber
no flags Details
v2 patch -- merge to quarterly (1.33 KB, patch)
2016-08-22 18:10 UTC, Dave Cottlehuber
dch: maintainer-approval+
Details | Diff
v3 patch solely including upgrade (1.13 KB, patch)
2016-09-13 20:52 UTC, Dave Cottlehuber
dch: maintainer-approval+
Details | Diff
v4 patch including vuxml.xml entry (2.29 KB, patch)
2016-09-13 22:48 UTC, Dave Cottlehuber
dch: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dave Cottlehuber freebsd_committer 2016-08-16 07:50:57 UTC
Created attachment 173724 [details]
v1 patch

# Changes

- [build] build mruby library handler support by default in FreeBSD port
- [fastcgi] setenv should displace HTTP headers #996 (Kazuho Oku)
- [http2] fix buffer overrun #972 (Frederik Deweerdt)
- [misc] fix build error when libuv is not found #1008 (nextgenthemes)
- [misc] fix assertion failure when YAML alias and merge is used in certain way #1011 (Kazuho Oku)

# QA

- portlint OK (DATADIR & /var/log/${PORTNAME} as usual)
- poudriere OK on 11.0-BETA4

# Committers

Please include in quarterly (wrt possible buffer overrun in hpack parser)
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2016-08-19 09:17:49 UTC
Thank you Dave. Please:

* Separate patches into two: one for the update so it (the security/bugfixes) can be merged, and the other for the feature/options additions
* Please QA against all supported versions 9/10/11 and at least each of i386/amd64
Comment 2 Dave Cottlehuber freebsd_committer 2016-08-22 18:10:34 UTC
Created attachment 173953 [details]
v2 patch -- merge to quarterly

# v2 patch

- revised per koobs@ request to drop option knob
- includes only version bump & patch for potential buffer overrun
- ready for quarterly merge

# QA

- portlint as before
- poudriere OK on
  10_amd64 10.3-RELEASE-p7
  10_i386  10.3-RELEASE-p7
  11_amd64 11.0-BETA4
  9_amd64  9.3-RELEASE-p45
  9_i386   9.3-RELEASE-p45
Comment 3 Dave Cottlehuber freebsd_committer 2016-09-13 20:52:09 UTC
Created attachment 174745 [details]
v3 patch solely including upgrade
Comment 4 Dave Cottlehuber freebsd_committer 2016-09-13 22:48:33 UTC
Created attachment 174753 [details]
v4 patch including vuxml.xml entry

https://github.com/skunkwerks/ports/commit/da6a5ece75bba819115f540cb28d2b8e4e860fa0.patch

# QA

- portlint OK
- poudriere OK 9_i386 9_amd64 10_i386 10_amd64 11_amd64

includes vuxml entry for 2016-09-14 public release
Comment 5 commit-hook freebsd_committer 2016-09-14 09:27:23 UTC
A commit references this bug:

Author: brnrd
Date: Wed Sep 14 09:27:14 UTC 2016
New revision: 422122
URL: https://svnweb.freebsd.org/changeset/ports/422122

Log:
  www/h2o: Update to 2.0.4 (Fixes vulnerability)

    - Update to version 2.0.4

  PR:		211892
  Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
  Reviewed by:	brnrd
  MFH:		2016Q3
  Security:	08664d42-7989-11e6-b7a8-74d02b9a84d5

Changes:
  head/www/h2o/Makefile
  head/www/h2o/distinfo
Comment 6 commit-hook freebsd_committer 2016-09-14 09:32:25 UTC
A commit references this bug:

Author: brnrd
Date: Wed Sep 14 09:31:35 UTC 2016
New revision: 422123
URL: https://svnweb.freebsd.org/changeset/ports/422123

Log:
  security/vuxml: Document www/h2o vulnerability

  PR:		211892
  Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
  Reviewed by:	brnrd
  MFH:		2016Q3
  Security:	08664d42-7989-11e6-b7a8-74d02b9a84d5

Changes:
  head/security/vuxml/vuln.xml
Comment 7 commit-hook freebsd_committer 2016-09-14 14:54:47 UTC
A commit references this bug:

Author: brnrd
Date: Wed Sep 14 14:54:41 UTC 2016
New revision: 422136
URL: https://svnweb.freebsd.org/changeset/ports/422136

Log:
  MFH: r422122

  www/h2o: Update to 2.0.4 (Fixes vulnerability)

    - Update to version 2.0.4

  PR:		211892
  Submitted by:	Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
  Reviewed by:	brnrd
  Security:	08664d42-7989-11e6-b7a8-74d02b9a84d5

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q3/
  branches/2016Q3/www/h2o/Makefile
  branches/2016Q3/www/h2o/distinfo
Comment 8 Dave Cottlehuber freebsd_committer 2016-09-14 17:47:32 UTC
thanks all. koobs@ I'll submit a new patch that adds the mruby support.