Bug 230575 - net/libzmq4: Update to 4.3.1
Summary: net/libzmq4: Update to 4.3.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kubilay Kocak
URL: https://github.com/zeromq/libzmq/blob...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2018-08-12 23:36 UTC by Yuri Victorovich
Modified: 2019-07-01 06:47 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (koobs)
koobs: merge-quarterly+


Attachments
patch (1.32 KB, patch)
2018-08-12 23:36 UTC, Yuri Victorovich
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri Victorovich freebsd_committer 2018-08-12 23:36:57 UTC
Created attachment 196139 [details]
patch
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2018-08-13 01:56:00 UTC
Thank you Yuri,

Approved by: koobs (maintainer) if you want to take care of it and it passes QA (poudriere, maketest, dependent builds against it), otherwise I can take care of it

Given some items in changelog [1] (and other bugfixes), should this be MFH'd ?

[1] * Fixed #3018 - fix backward-incompatible change in the NULL auth
                mechanism that slipped in 4.2.3 and made connections
                with a ZAP domain set on a socket but without a working
                ZAP handler fail. See ZMQ_ZAP_ENFORCE_DOMAIN and RFC27.
Comment 2 Yuri Victorovich freebsd_committer 2018-08-13 17:08:24 UTC
(In reply to Kubilay Kocak from comment #1)

Hi Kubilay,

I will be busy this week, so if you could commit it this would be great!

Yuri
Comment 3 Nathan 2018-08-26 06:56:33 UTC
Seems this and older version does not build on mips
Comment 4 Tobias Kortkamp freebsd_committer 2019-01-25 09:22:41 UTC
Koobs, Yuri: Ping?

We are now at 4.3.1. which also fixes CVE-2019-6250, which has been present
since 4.2.0.

https://github.com/zeromq/libzmq/releases/tag/v4.3.1
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2019-01-25 11:11:34 UTC
On it, thank you for the (security) bump.
Comment 6 commit-hook freebsd_committer 2019-01-26 09:21:33 UTC
A commit references this bug:

Author: koobs
Date: Sat Jan 26 09:21:15 UTC 2019
New revision: 491252
URL: https://svnweb.freebsd.org/changeset/ports/491252

Log:
  net/py-pyzmq: Fix framework compliance issues

  Identified while QA'ing an upcoming net/libzmq update [1]:

   - Strip shared libraries.
   - Update (correct) LICENSE definition, previous was incomplete.
   - Backport upstream PR [2] to fix test_large_send OOM issue.

   QA: 209 passed, 33 skipped in 58.81 seconds

   [2] https://github.com/zeromq/pyzmq/pull/1219

  PR:		230575 [1]
  Approved by:	portmgr (blanket: framework compliance)
  MFH:		2019Q1

Changes:
  head/net/py-pyzmq/Makefile
  head/net/py-pyzmq/files/
  head/net/py-pyzmq/files/patch-PR1219
Comment 7 commit-hook freebsd_committer 2019-01-26 09:49:59 UTC
A commit references this bug:

Author: koobs
Date: Sat Jan 26 09:49:39 UTC 2019
New revision: 491255
URL: https://svnweb.freebsd.org/changeset/ports/491255

Log:
  security/vuxml: Add libzmq4 -- Remote Code Execution Vulnerability

  PR:	230575

Changes:
  head/security/vuxml/vuln.xml
Comment 8 commit-hook freebsd_committer 2019-01-26 10:50:50 UTC
A commit references this bug:

Author: koobs
Date: Sat Jan 26 10:50:45 UTC 2019
New revision: 491260
URL: https://svnweb.freebsd.org/changeset/ports/491260

Log:
  net/libzmq4: Update to 4.3.1

   - Use upstream provided methods for verbose builds and disabling -Werror
   - Pet portlint (USES order)
   - Add patch to fix flaky tests [1]

  This release fixes a remote code execution vulnerability (CVE-2019-6250)

  Changelog:

    https://github.com/zeromq/libzmq/releases/tag/v4.3.1

  PR:		230575 [1]
  Reported by:	tobik
  Security:	8e48365a-214d-11e9-9f8a-0050562a4d7b
  MFH:		2019Q1

Changes:
  head/net/libzmq4/Makefile
  head/net/libzmq4/distinfo
  head/net/libzmq4/files/
  head/net/libzmq4/files/patch-PR3358
  head/net/libzmq4/files/patch-PR3359
  head/net/libzmq4/pkg-plist
Comment 9 commit-hook freebsd_committer 2019-02-01 02:08:39 UTC
A commit references this bug:

Author: koobs
Date: Fri Feb  1 02:08:14 UTC 2019
New revision: 491791
URL: https://svnweb.freebsd.org/changeset/ports/491791

Log:
  net/libzmq4: Remove spurious distinfo entry

  Leftover while attempting to use PATCHFILES and PATCH_DIST_STRIP with a local
  (not remote) source instead of a files/patch-* file, so one could take verbatim
  diffs from GitHub commits/PR's which contain a/ b/ path prefixes, without
  having to modify them manually.

  PR:		230575
  Reported by:	ohauer
  X-MFH-With:	r491260
  MFH:		2019Q1

Changes:
  head/net/libzmq4/distinfo
Comment 10 Jochen Neumeister freebsd_committer 2019-02-15 18:32:45 UTC
what is the current status?
Does ports-secteam have to be active here?
Comment 11 commit-hook freebsd_committer 2019-03-01 08:08:53 UTC
A commit references this bug:

Author: tobik
Date: Fri Mar  1 08:08:16 UTC 2019
New revision: 494242
URL: https://svnweb.freebsd.org/changeset/ports/494242

Log:
  net/openpgm: Do not add -I to non-existing directory in openpgm-5.2.pc

  foo/lib/pgm-5.2/include does not exist, so applications using strict
  compiler flags will fail to build due to this.

  Here this breaks devel/xeus build after r491260 [1]:

  CMake Error in CMakeLists.txt:
    Imported target "cppzmq" includes non-existent path

      "/usr/local/lib/pgm-5.2/include"

    in its INTERFACE_INCLUDE_DIRECTORIES.  Possible reasons include:

    * The path was deleted, renamed, or moved to another location.

    * An install or uninstall procedure did not complete successfully.

    * The installation package was faulty and references files it does not
    provide.

  - Bump revisions of all net/openpgm consumers
  - Unbreak devel/xeus

  [1] http://beefy9.nyi.freebsd.org/data/112amd64-default/491532/logs/errors/xeus-0.18.1.log

  PR:		230575

Changes:
  head/devel/libxs/Makefile
  head/devel/xeus/Makefile
  head/net/cppzmq/Makefile
  head/net/libzmq3/Makefile
  head/net/libzmq4/Makefile
  head/net/openpgm/Makefile
  head/net/openpgm/distinfo
  head/net-p2p/monero-cli/Makefile
Comment 12 Tobias Kortkamp freebsd_committer 2019-03-01 08:14:21 UTC
(In reply to Kubilay Kocak from comment #5)
> On it, thank you for the (security) bump.

Thanks for updating.  I've attempted to fix the breakage of devel/xeus [1].
Were there more problems?

[1] https://lists.freebsd.org/pipermail/svn-ports-all/2019-January/206368.html
Comment 13 Tobias Kortkamp freebsd_committer 2019-03-11 07:03:02 UTC
(In reply to Tobias Kortkamp from comment #12)
> Thanks for updating.  I've attempted to fix the breakage of devel/xeus [1].
> Were there more problems?

I guess not.
Comment 14 commit-hook freebsd_committer 2019-03-25 07:40:04 UTC
A commit references this bug:

Author: koobs
Date: Mon Mar 25 07:39:01 UTC 2019
New revision: 496798
URL: https://svnweb.freebsd.org/changeset/ports/496798

Log:
  MFH: r491252 net/py-pyzmq: Fix framework compliance issues

  Identified while QA'ing an upcoming net/libzmq update [1]:

   - Strip shared libraries.
   - Update (correct) LICENSE definition, previous was incomplete.
   - Backport upstream PR [2] to fix test_large_send OOM issue.

   QA: 209 passed, 33 skipped in 58.81 seconds

   [2] https://github.com/zeromq/pyzmq/pull/1219

  PR:		230575 [1]
  Approved by:	portmgr (blanket: framework compliance)

  Approved by:	ports-secteam (blanket: framework compliance)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/net/py-pyzmq/Makefile
  branches/2019Q1/net/py-pyzmq/files/