Bug 228762 - www/h2o: update to 2.2.5
Summary: www/h2o: update to 2.2.5
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dave Cottlehuber
URL: https://reviews.freebsd.org/D16110
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-05 13:55 UTC by Max Kostikov
Modified: 2018-07-04 20:59 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (dch)


Attachments
diff to 2.2.5 (8.24 KB, patch)
2018-06-05 13:55 UTC, Max Kostikov
dch: maintainer-approval+
Details | Diff
dch@ shorter diff (4.78 KB, patch)
2018-06-25 22:04 UTC, Dave Cottlehuber
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Max Kostikov 2018-06-05 13:55:10 UTC
Created attachment 194020 [details]
diff to 2.2.5

Patch included.
Eliminated local patch for H2O issue #1706 (1707) because changes accepted in current release.
See details here https://github.com/h2o/h2o/releases/tag/v2.2.5
Comment 1 Dave Cottlehuber freebsd_committer 2018-06-25 22:01:14 UTC
max thanks, generally LGTM. Is there a reason for re-ording the pkg-plist? My
diff here only needed:

index 0a347a0bf165..cbca158de82c 100644
--- a/www/h2o/pkg-plist
+++ b/www/h2o/pkg-plist
@@ -34,10 +34,10 @@ include/h2o/version.h
 include/h2o/websocket.h
 lib/libh2o-evloop.so
 lib/libh2o-evloop.so.0.13
-lib/libh2o-evloop.so.0.13.4
+lib/libh2o-evloop.so.0.13.5
 lib/libh2o.so
 lib/libh2o.so.0.13
-lib/libh2o.so.0.13.4
+lib/libh2o.so.0.13.5
 libdata/pkgconfig/libh2o-evloop.pc
 libdata/pkgconfig/libh2o.pc
 %%DATADIR%%/annotate-backtrace-symbols

which is nicely shorter.

jrm:
Comment 2 Dave Cottlehuber freebsd_committer 2018-06-25 22:04:18 UTC
Created attachment 194637 [details]
dch@ shorter diff
Comment 3 Max Kostikov 2018-06-26 08:02:23 UTC
(In reply to Dave Cottlehuber from comment #2)
Dave, I completely trust you so please decide by yourself.
Comment 4 Dave Cottlehuber freebsd_committer 2018-06-28 11:31:32 UTC
jrm@ can you give my diff a +1 before I commit it? thanks!
Comment 5 Joseph Mingrone freebsd_committer 2018-06-28 13:33:44 UTC
+1.  Go for it.
Comment 6 commit-hook freebsd_committer 2018-07-02 22:47:40 UTC
A commit references this bug:

Author: dch
Date: Mon Jul  2 22:47:18 UTC 2018
New revision: 473774
URL: https://svnweb.freebsd.org/changeset/ports/473774

Log:
  www/h2o: update 2.2.4 to 2.2.5

  - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
  - LibreSSL and PicoTLS changes
  - see https://github.com/h2o/h2o/blob/master/Changes

  PR:		228762
  Submitted by:	Max Kostikov <max@kostikov.co>
  Approved by:	jrm
  MFH:		2018Q3
  Security:	CVE-2018-0608

Changes:
  head/www/h2o/Makefile
  head/www/h2o/distinfo
  head/www/h2o/files/patch-issue1706
  head/www/h2o/pkg-plist
Comment 7 Dave Cottlehuber freebsd_committer 2018-07-02 22:56:22 UTC
thanks for your contribution Max! I will add the CVE details tomorrow and get this backported to the quarterly branch also.
Comment 8 Dave Cottlehuber freebsd_committer 2018-07-03 12:14:30 UTC
https://reviews.freebsd.org/D16110 closes off CVE data, backport to quarterly has  MFC approved.
Comment 9 commit-hook freebsd_committer 2018-07-03 13:14:12 UTC
A commit references this bug:

Author: dch
Date: Tue Jul  3 13:13:55 UTC 2018
New revision: 473830
URL: https://svnweb.freebsd.org/changeset/ports/473830

Log:
  security/vuxml: add CVE-2018-0608 for www/h2o

  PR:		228762
  Approved by:	jrm
  Security:	CVE-2018-0608
  Differential Revision:	https://reviews.freebsd.org/D16110

Changes:
  head/security/vuxml/vuln.xml
Comment 10 commit-hook freebsd_committer 2018-07-04 20:59:17 UTC
A commit references this bug:

Author: dch
Date: Wed Jul  4 20:58:59 UTC 2018
New revision: 473921
URL: https://svnweb.freebsd.org/changeset/ports/473921

Log:
  MFH: r473774

  www/h2o: update 2.2.4 to 2.2.5

  - fix buffer overflow CVE-2018-0608 #1775 (Frederik Deweerdt)
  - LibreSSL and PicoTLS changes
  - see https://github.com/h2o/h2o/blob/master/Changes

  PR:		228762
  Submitted by:	Max Kostikov <max@kostikov.co>
  Approved by:	jrm
  Security:	CVE-2018-0608

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q3/
  branches/2018Q3/www/h2o/Makefile
  branches/2018Q3/www/h2o/distinfo
  branches/2018Q3/www/h2o/files/patch-issue1706
  branches/2018Q3/www/h2o/pkg-plist