Bug 215834 - [maintainer-update] security update devel/pcsc-lite, vuxml entry update too
Summary: [maintainer-update] security update devel/pcsc-lite, vuxml entry update too
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Nikolai Lifanov
URL: https://reviews.freebsd.org/D9071
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-06 19:51 UTC by Mahdi Mokhtari
Modified: 2017-01-10 03:45 UTC (History)
1 user (show)

See Also:

Attachments
Patch does update and adds entry to vuxml (2.49 KB, patch)
2017-01-06 19:55 UTC, Mahdi Mokhtari 		mmokhi: maintainer-approval+
Details | Diff
Previous patch + keeping PORTEPOCH (2.49 KB, patch)
2017-01-06 20:43 UTC, Mahdi Mokhtari 		mmokhi: maintainer-approval+
Details | Diff
Regenerated previous patch according new changes on vuxml. (2.62 KB, patch)
2017-01-08 11:15 UTC, Mahdi Mokhtari 		mmokhi: maintainer-approval+
Details | Diff
Updated patch to reflect latest changes of review (2.58 KB, patch)
2017-01-08 11:46 UTC, Mahdi Mokhtari 		mmokhi: maintainer-approval+
Details | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 19:51:39 UTC 
Updating `pcsc-lite` to 1.8.20 (also omitted `PORTEPOCH` cause I think not needed anymore :-D).
Also the former 1.8.19 is vulnerable to a use-after-free attack which is fixed in this new 1.8.20.
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 19:55:21 UTC 
Created attachment 178579 [details]
Patch does update and adds entry to vuxml
Comment 2 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 19:56:57 UTC 
Poudriere result is okay.
portlint is fine.

Waiting for review (in URL)
Returning it to pool.
Comment 3 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-06 20:43:33 UTC 
Created attachment 178583 [details]
Previous patch + keeping PORTEPOCH

Updated patch to reflect the newest diffs on review.
Comment 4 Nikolai Lifanov freebsd_committer freebsd_triage 2017-01-08 01:38:31 UTC 
The vuxml patch doesn't apply cleanly. Can you reroll please?

U         devel/pcsc-lite/Makefile
U         devel/pcsc-lite/distinfo
C         security/vuxml/vuln.xml
>         rejected hunk @@ -58,6 +58,37 @@
Comment 5 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-08 08:05:27 UTC 
(In reply to Nikolai Lifanov from comment #4)
Yeah. Gonna do it right now. Just a moment.
Comment 6 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-08 11:15:10 UTC 
Created attachment 178616 [details]
Regenerated previous patch according new changes on vuxml.
Comment 7 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-08 11:46:29 UTC 
Created attachment 178617 [details]
Updated patch to reflect latest changes of review
Comment 8 commit-hook freebsd_committer freebsd_triage 2017-01-09 14:25:40 UTC 
A commit references this bug:

Author: lifanov
Date: Mon Jan  9 14:24:50 UTC 2017
New revision: 430951
URL: https://svnweb.freebsd.org/changeset/ports/430951

Log:
  security/vuxml: document pcsc-lite vulnerabilities

  PR:		215834
  Submitted by:	Mahdi Mokhtari <mokhi64@gmail.com> (maintainer)
  Reviewed by:	matthew
  Approved by:	matthew (mentor)
  MFH:		2017Q1

Changes:
  head/security/vuxml/vuln.xml
Comment 9 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-09 14:28:01 UTC 
(In reply to commit-hook from comment #8)
Thanks :)
The `devel/pcsc-lite` part of patch still not committed?
Comment 10 commit-hook freebsd_committer freebsd_triage 2017-01-09 14:29:45 UTC 
A commit references this bug:

Author: lifanov
Date: Mon Jan  9 14:29:33 UTC 2017
New revision: 430953
URL: https://svnweb.freebsd.org/changeset/ports/430953

Log:
  update devel/pcsc-lite to 1.8.20

  PR:		215834
  Submitted by:	Mahdi Mokhtari <mokhi64@gmail.com> (maintainer)
  Reviewed by:	matthew
  Approved by:	matthew (mentor)
  MFH:		2017Q1
  Security:	https://vuxml.FreeBSD.org/freebsd/c218873d-d444-11e6-84ef-f0def167eeea.html
  Differential Revision:	https://reviews.freebsd.org/D9071

Changes:
  head/devel/pcsc-lite/Makefile
  head/devel/pcsc-lite/distinfo
Comment 11 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-09 14:33:48 UTC 
(In reply to commit-hook from comment #10)
Thanks :)
Good job ;)
Comment 12 Nikolai Lifanov freebsd_committer freebsd_triage 2017-01-09 14:35:12 UTC 
Yes, these have to be committed separately.
This is my first vuxml/MFH thing, so I had to read up how this works.

Also, committed, thanks!
Comment 13 Mahdi Mokhtari freebsd_committer freebsd_triage 2017-01-09 14:35:59 UTC 
(In reply to Nikolai Lifanov from comment #12)
I see.
Thanks again.
Good job indeed ;-)
Comment 14 commit-hook freebsd_committer freebsd_triage 2017-01-10 03:14:52 UTC 
A commit references this bug:

Author: junovitch
Date: Tue Jan 10 03:13:54 UTC 2017
New revision: 431063
URL: https://svnweb.freebsd.org/changeset/ports/431063

Log:
  Mention pcsc-lite CVE (it was in next message in cited URL)

  While here, fix spacing

  PR:		215834

Changes:
  head/security/vuxml/vuln.xml
Comment 15 commit-hook freebsd_committer freebsd_triage 2017-01-10 03:45:23 UTC 
A commit references this bug:

Author: lifanov
Date: Tue Jan 10 03:44:48 UTC 2017
New revision: 431066
URL: https://svnweb.freebsd.org/changeset/ports/431066

Log:
  MFH: r430434 r430953

  - Pass maintainership to submitter

  PR:		215713
  Submitted by:	mokhi64@gmail.com

  update devel/pcsc-lite to 1.8.20

  PR:		215834
  Submitted by:	Mahdi Mokhtari <mokhi64@gmail.com> (maintainer)
  Reviewed by:	matthew
  Approved by:	matthew (mentor)
  Security:	https://vuxml.FreeBSD.org/freebsd/c218873d-d444-11e6-84ef-f0def167eeea.html
  Differential Revision:	https://reviews.freebsd.org/D9071

  Approved by:	ports-secteam

Changes:
_U  branches/2017Q1/
  branches/2017Q1/devel/pcsc-lite/Makefile
  branches/2017Q1/devel/pcsc-lite/distinfo