Bug 222219 - multimedia/mythtv: PORTVERSION is for fixed version 0.28.7, installs vulnerable version 0.27.5
Summary: multimedia/mythtv: PORTVERSION is for fixed version 0.28.7, installs vulnerab...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Tobias Kortkamp
Depends on:
Reported: 2017-09-11 08:51 UTC by robbak
Modified: 2017-12-20 23:31 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description robbak 2017-09-11 08:51:41 UTC
The last update to this port was messed up badly. Somehow the patches applied didn't update the all important github hash, meaning that the port still pulls in the sources for the old, vulnerable version.

This also applies to the multimedia/mythtv-frontend port.
Comment 1 commit-hook freebsd_committer 2017-12-20 23:29:58 UTC
A commit references this bug:

Author: tobik
Date: Wed Dec 20 23:29:03 UTC 2017
New revision: 456874
URL: https://svnweb.freebsd.org/changeset/ports/456874

  multimedia/mythtv{,-frontend}: Revert placebo version updates

  In r440321 and r440322 PORTVERSION was bumped to 0.28.7/0.28.1, but
  GH_TAGNAME was not updated.  Commit ad97d24 is tagged as v0.27.5 [1].

  Reset version back to 0.27.5 and bump PORTEPOCH.

  [1] https://github.com/MythTV/mythtv/releases/tag/v0.27.5

  PR:		222219
  Reported by:	robbak@gmail.com
  Pointy hat:	miwi