Bug 238798 - www/drupal8: update to 8.6.16 (fixes sa-core-2019-007)
Summary: www/drupal8: update to 8.6.16 (fixes sa-core-2019-007)
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Jose Alonso Cardenas Marquez
URL: https://www.drupal.org/sa-core-2019-007
Keywords: security
Depends on:
Blocks: 237802
  Show dependency treegraph
 
Reported: 2019-06-25 08:49 UTC by Krzysztof
Modified: 2019-07-09 04:57 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (acm)
koobs: merge-quarterly?


Attachments
drupal8 update to 8.6.16 (40.28 KB, patch)
2019-06-25 08:49 UTC, Krzysztof
no flags Details | Diff
drupal8 update to 8.7.4 (522.80 KB, patch)
2019-07-09 04:57 UTC, Krzysztof
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Krzysztof 2019-06-25 08:49:04 UTC
Created attachment 205324 [details]
drupal8 update to 8.6.16

There is Security Advisory for drupal8 less then 8.6.16. You can check it at: https://www.drupal.org/sa-core-2019-007

I've made a patch which updates port to this new version.

I've tested this patch with poudriere. There is no errors.

Also I've checked the port with portlint. The result is:
% portlint -AC
WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy.
WARN: Makefile: extra item placed in the USES/USE_x section, for example, "SHEBANG_FILES".
WARN: Consider to set DEVELOPER=yes in /etc/make.conf
0 fatal errors and 3 warnings found.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-25 09:23:56 UTC
Comment on attachment 205324 [details]
drupal8 update to 8.6.16

Please don't set maintainer-approval unless you are the port maintainer
Comment 2 Krzysztof 2019-06-25 11:27:50 UTC
Pardon :-)))
Comment 3 Krzysztof 2019-07-09 04:57:18 UTC
Created attachment 205594 [details]
drupal8 update to 8.7.4

As Alonso suggested drupal 8.6.x will loose security updates at the end of this year (2019).

So I've made a patch which updates to 8.7.4.

I've tested this patch with poudriere. So I can share logs from poudriere if it is needed.