Bug 215834 - [maintainer-update] security update devel/pcsc-lite, vuxml entry update too
Summary: [maintainer-update] security update devel/pcsc-lite, vuxml entry update too
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Nikolai Lifanov
URL: https://reviews.freebsd.org/D9071
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-06 19:51 UTC by Mahdi Mokhtari
Modified: 2017-01-10 03:45 UTC (History)
1 user (show)

See Also:


Attachments
Patch does update and adds entry to vuxml (2.49 KB, patch)
2017-01-06 19:55 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
Previous patch + keeping PORTEPOCH (2.49 KB, patch)
2017-01-06 20:43 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
Regenerated previous patch according new changes on vuxml. (2.62 KB, patch)
2017-01-08 11:15 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff
Updated patch to reflect latest changes of review (2.58 KB, patch)
2017-01-08 11:46 UTC, Mahdi Mokhtari
mmokhi: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 19:51:39 UTC
Updating `pcsc-lite` to 1.8.20 (also omitted `PORTEPOCH` cause I think not needed anymore :-D).
Also the former 1.8.19 is vulnerable to a use-after-free attack which is fixed in this new 1.8.20.
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 19:55:21 UTC
Created attachment 178579 [details]
Patch does update and adds entry to vuxml
Comment 2 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 19:56:57 UTC
Poudriere result is okay.
portlint is fine.

Waiting for review (in URL)
Returning it to pool.
Comment 3 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 20:43:33 UTC
Created attachment 178583 [details]
Previous patch + keeping PORTEPOCH

Updated patch to reflect the newest diffs on review.
Comment 4 Nikolai Lifanov freebsd_committer 2017-01-08 01:38:31 UTC
The vuxml patch doesn't apply cleanly. Can you reroll please?

U         devel/pcsc-lite/Makefile
U         devel/pcsc-lite/distinfo
C         security/vuxml/vuln.xml
>         rejected hunk @@ -58,6 +58,37 @@
Comment 5 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-08 08:05:27 UTC
(In reply to Nikolai Lifanov from comment #4)
Yeah. Gonna do it right now. Just a moment.
Comment 6 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-08 11:15:10 UTC
Created attachment 178616 [details]
Regenerated previous patch according new changes on vuxml.
Comment 7 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-08 11:46:29 UTC
Created attachment 178617 [details]
Updated patch to reflect latest changes of review
Comment 8 commit-hook freebsd_committer 2017-01-09 14:25:40 UTC
A commit references this bug:

Author: lifanov
Date: Mon Jan  9 14:24:50 UTC 2017
New revision: 430951
URL: https://svnweb.freebsd.org/changeset/ports/430951

Log:
  security/vuxml: document pcsc-lite vulnerabilities

  PR:		215834
  Submitted by:	Mahdi Mokhtari <mokhi64@gmail.com> (maintainer)
  Reviewed by:	matthew
  Approved by:	matthew (mentor)
  MFH:		2017Q1

Changes:
  head/security/vuxml/vuln.xml
Comment 9 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-09 14:28:01 UTC
(In reply to commit-hook from comment #8)
Thanks :)
The `devel/pcsc-lite` part of patch still not committed?
Comment 10 commit-hook freebsd_committer 2017-01-09 14:29:45 UTC
A commit references this bug:

Author: lifanov
Date: Mon Jan  9 14:29:33 UTC 2017
New revision: 430953
URL: https://svnweb.freebsd.org/changeset/ports/430953

Log:
  update devel/pcsc-lite to 1.8.20

  PR:		215834
  Submitted by:	Mahdi Mokhtari <mokhi64@gmail.com> (maintainer)
  Reviewed by:	matthew
  Approved by:	matthew (mentor)
  MFH:		2017Q1
  Security:	https://vuxml.FreeBSD.org/freebsd/c218873d-d444-11e6-84ef-f0def167eeea.html
  Differential Revision:	https://reviews.freebsd.org/D9071

Changes:
  head/devel/pcsc-lite/Makefile
  head/devel/pcsc-lite/distinfo
Comment 11 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-09 14:33:48 UTC
(In reply to commit-hook from comment #10)
Thanks :)
Good job ;)
Comment 12 Nikolai Lifanov freebsd_committer 2017-01-09 14:35:12 UTC
Yes, these have to be committed separately.
This is my first vuxml/MFH thing, so I had to read up how this works.

Also, committed, thanks!
Comment 13 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-09 14:35:59 UTC
(In reply to Nikolai Lifanov from comment #12)
I see.
Thanks again.
Good job indeed ;-)
Comment 14 commit-hook freebsd_committer 2017-01-10 03:14:52 UTC
A commit references this bug:

Author: junovitch
Date: Tue Jan 10 03:13:54 UTC 2017
New revision: 431063
URL: https://svnweb.freebsd.org/changeset/ports/431063

Log:
  Mention pcsc-lite CVE (it was in next message in cited URL)

  While here, fix spacing

  PR:		215834

Changes:
  head/security/vuxml/vuln.xml
Comment 15 commit-hook freebsd_committer 2017-01-10 03:45:23 UTC
A commit references this bug:

Author: lifanov
Date: Tue Jan 10 03:44:48 UTC 2017
New revision: 431066
URL: https://svnweb.freebsd.org/changeset/ports/431066

Log:
  MFH: r430434 r430953

  - Pass maintainership to submitter

  PR:		215713
  Submitted by:	mokhi64@gmail.com

  update devel/pcsc-lite to 1.8.20

  PR:		215834
  Submitted by:	Mahdi Mokhtari <mokhi64@gmail.com> (maintainer)
  Reviewed by:	matthew
  Approved by:	matthew (mentor)
  Security:	https://vuxml.FreeBSD.org/freebsd/c218873d-d444-11e6-84ef-f0def167eeea.html
  Differential Revision:	https://reviews.freebsd.org/D9071

  Approved by:	ports-secteam

Changes:
_U  branches/2017Q1/
  branches/2017Q1/devel/pcsc-lite/Makefile
  branches/2017Q1/devel/pcsc-lite/distinfo