Bug 233419 - www/tt-rss: Update to bc42dfb790 g20181122 due to CVE-2018-19296
Summary: www/tt-rss: Update to bc42dfb790 g20181122 due to CVE-2018-19296
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Some People
Assignee: Thierry Thomas
URL:
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2018-11-23 00:26 UTC by Derek Schrock
Modified: 2018-11-23 17:50 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (thierry)
koobs: merge-quarterly?


Attachments
update to bc42dfb790 g20181122 (6.29 KB, patch)
2018-11-23 00:26 UTC, Derek Schrock
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Derek Schrock 2018-11-23 00:26:18 UTC
Created attachment 199463 [details]
update to bc42dfb790 g20181122

Update to commit bc42dfb790 g20181122 that removes [1] phpmailer
due to CVE-2018-19296 [2] in favor of php's mail().

Also, move USES* section around to appease portlint.

[1] https://discourse.tt-rss.org/t/phpmailer-cve-2018-19296-update/1635/2?u=derekschrock
[2] https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27

portlint: OK, minor warnings
testport: OK (poudriere: 11amd64)
Comment 1 Thierry Thomas freebsd_committer freebsd_triage 2018-11-23 17:49:43 UTC
Committed, thanks!
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-11-23 17:50:31 UTC
A commit references this bug:

Author: thierry
Date: Fri Nov 23 17:49:34 UTC 2018
New revision: 485696
URL: https://svnweb.freebsd.org/changeset/ports/485696

Log:
  Update to bc42dfb790 g20181122 due to CVE-2018-19296 (phpmailer).

  PR:		233419
  Submitted by:	dereks (at) lifeofadishwasher.com
  Security:	CVE-2018-19296

Changes:
  head/www/tt-rss/Makefile
  head/www/tt-rss/distinfo
  head/www/tt-rss/pkg-plist