Bug 232278 - www/lighttpd: update to 1.4.51
Summary: www/lighttpd: update to 1.4.51
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Steve Wills
Depends on:
Reported: 2018-10-15 12:03 UTC by Piotr Kubaj
Modified: 2018-11-09 19:33 UTC (History)
2 users (show)

See Also:
pkubaj: maintainer-feedback+
pkubaj: merge-quarterly?

patch (1002 bytes, patch)
2018-10-15 12:03 UTC, Piotr Kubaj
pkubaj: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer 2018-10-15 12:03:38 UTC
Created attachment 198170 [details]

Update port to newly released 1.4.51.

Tested on 11-STABLE.

NOTE: this release fixes some *security* bugs, so MHF is recommended.
Comment 1 Steve Wills freebsd_committer 2018-10-19 00:37:06 UTC
Can you please point to the security issue(s)? Would be good to have a VuXML too, but I can do it if you want.
Comment 2 Piotr Kubaj freebsd_committer 2018-10-19 08:24:50 UTC
(In reply to Steve Wills from comment #1)
I don't know myself what security fixes are in this release.

The only info I have is that there are some. That's why I didn't send VuXML.
Comment 3 Steve Wills freebsd_committer 2018-10-19 12:03:34 UTC
(In reply to Piotr Kubaj from comment #2)
I managed to find these:




but there's no CVE or other announcement. We could create a VuXML entry anyway based on these, but I'm not sure what we'd say except what's in those links.
Comment 4 Piotr Kubaj freebsd_committer 2018-10-19 12:28:45 UTC
(In reply to Steve Wills from comment #3)
FreeBSD has getpwnam(), so the 2nd patch doesn't matter for FreeBSD.

But IMO use-after-free fixes are enough for MFC (and we can put that to VuXML entry).
Comment 5 commit-hook freebsd_committer 2018-11-09 10:55:47 UTC
A commit references this bug:

Author: dinoex
Date: Fri Nov  9 10:54:54 UTC 2018
New revision: 484509
URL: https://svnweb.freebsd.org/changeset/ports/484509

  - lighttpd - use-after-free vulnerabilities
  PR:		232278

Comment 6 commit-hook freebsd_committer 2018-11-09 19:32:01 UTC
A commit references this bug:

Author: swills
Date: Fri Nov  9 19:30:59 UTC 2018
New revision: 484541
URL: https://svnweb.freebsd.org/changeset/ports/484541

  www/lighttpd: update to 1.4.51

  PR:		232278
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
  MFH:		2018Q4
  Security:	92a6efd0-e40d-11e8-ada4-408d5cf35399

Comment 7 commit-hook freebsd_committer 2018-11-09 19:33:05 UTC
A commit references this bug:

Author: swills
Date: Fri Nov  9 19:32:10 UTC 2018
New revision: 484542
URL: https://svnweb.freebsd.org/changeset/ports/484542

  MFH: r484541

  www/lighttpd: update to 1.4.51

  PR:		232278
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
  Security:	92a6efd0-e40d-11e8-ada4-408d5cf35399
  Approved by:	ports-secteam (implicit)

_U  branches/2018Q4/
Comment 8 Steve Wills freebsd_committer 2018-11-09 19:33:21 UTC
Committed, thanks!