Bug 239599 - devel/libevent: update to 2.1.11
Summary: devel/libevent: update to 2.1.11
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jan Beich
URL: https://github.com/libevent/libevent/...
Keywords: patch, patch-ready, security
Depends on: 238127 239655
Blocks: 239603
  Show dependency treegraph
 
Reported: 2019-08-02 12:53 UTC by Jan Beich
Modified: 2019-08-27 17:01 UTC (History)
1 user (show)

See Also:
zeising: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Beich freebsd_committer 2019-08-02 12:53:46 UTC
See review D21133 for the patch.
Comment 1 Jan Beich freebsd_committer 2019-08-02 12:55:40 UTC
Can you provide implicit approval for future updates? The ports framework doesn't support co-maintainers but this port is critical to www/firefox, security/tor and a number of others. I'd like to avoid waiting on maintainer timeouts to land security fixes that are almost always included in the updates. The intent is similar to devel/icu, multimedia/ffmpeg, etc.
Comment 2 Niclas Zeising freebsd_committer 2019-08-02 12:59:46 UTC
Feel free to grab the port.  I was surprised when I found it was maintained by ports@ (it's too important for that).  I thought you already owned the port since I know it's important for Firefox.

As a side note, is it customary for libinput to provide security updates without CVEs, or did I simply miss the CVE?
Comment 3 Jan Beich freebsd_committer 2019-08-02 13:13:57 UTC
(In reply to Niclas Zeising from comment #2)
> Feel free to grab the port.

I only grab ports if ready to refactor, not for mere updates. Refactoring takes complete understanding of every line and/or a lot of time.

> is it customary for libinput to provide security updates without CVEs,
> or did I simply miss the CVE?

Not sure. There're few vulnerabilities but like in FFmpeg's case CVEs maybe assigned several months later to let distributions catch up.

For one, CVE-2015-6525 was published half a year after 2.0.22 update.
Comment 4 Niclas Zeising freebsd_committer 2019-08-02 13:25:53 UTC
(In reply to Jan Beich from comment #3)
> (In reply to Niclas Zeising from comment #2)
> > Feel free to grab the port.
> 
> I only grab ports if ready to refactor, not for mere updates. Refactoring
> takes complete understanding of every line and/or a lot of time.

Ok.  Implicit approval for updates granted.
Comment 5 commit-hook freebsd_committer 2019-08-02 13:31:25 UTC
A commit references this bug:

Author: jbeich
Date: Fri Aug  2 13:31:01 UTC 2019
New revision: 507877
URL: https://svnweb.freebsd.org/changeset/ports/507877

Log:
  devel/libevent2: update to 2.1.11

  Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
  ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
  PR:		239599
  Reported by:	GitHub (watch releases)
  Approved by:	zeising (maintainer)
  MFH:		2019Q3 (maybe security, partially restores 2.1.8 ABI)
  Differential Revision:	https://reviews.freebsd.org/D21133

Changes:
  head/audio/forked-daapd/Makefile
  head/databases/libcouchbase/Makefile
  head/databases/libmemcached/Makefile
  head/databases/memcached/Makefile
  head/databases/memcacheq/Makefile
  head/databases/mysql56-server/Makefile
  head/databases/mysql57-server/Makefile
  head/databases/mysql80-server/Makefile
  head/databases/mysqlwsrep56-server/Makefile
  head/databases/mysqlwsrep57-server/Makefile
  head/databases/percona57-server/Makefile
  head/databases/pgbouncer/Makefile
  head/databases/sharedance/Makefile
  head/devel/eventxx/Makefile
  head/devel/folly/Makefile
  head/devel/fstrm/Makefile
  head/devel/gearmand/Makefile
  head/devel/gearmand-devel/Makefile
  head/devel/libdnsres/Makefile
  head/devel/libevent/Makefile
  head/devel/libevent/distinfo
  head/devel/libevent/pkg-plist
  head/devel/libmsocket/Makefile
  head/devel/lua51-libevent/Makefile
  head/devel/p5-Event-Lib/Makefile
  head/devel/pecl-event/Makefile
  head/devel/shards/Makefile
  head/devel/thrift-cpp/Makefile
  head/dns/adsuck/Makefile
  head/dns/dnscrypt-wrapper/Makefile
  head/dns/dnsproxy/Makefile
  head/dns/getdns/Makefile
  head/dns/nsd/Makefile
  head/dns/unbound/Makefile
  head/irc/bitlbee/Makefile
  head/lang/crystal/Makefile
  head/lang/io/Makefile
  head/mail/dbmail/Makefile
  head/mail/mailest/Makefile
  head/mail/opensmtpd/Makefile
  head/mail/opensmtpd-devel/Makefile
  head/mail/opensmtpd-extras/Makefile
  head/mail/rspamd/Makefile
  head/mail/thunderbird/Makefile
  head/multimedia/ustreamer/Makefile
  head/net/aprsc/Makefile
  head/net/coturn/Makefile
  head/net/honeyd/Makefile
  head/net/ifstated/Makefile
  head/net/ladvd/Makefile
  head/net/measurement-kit/Makefile
  head/net/netatalk3/Makefile
  head/net/ntp/Makefile
  head/net/nylon/Makefile
  head/net/openmdns/Makefile
  head/net/openmpi/Makefile
  head/net/openmpi2/Makefile
  head/net/openmpi3/Makefile
  head/net/rsocket-cpp/Makefile
  head/net/trickle/Makefile
  head/net/turnserver/Makefile
  head/net-im/telegram/Makefile
  head/net-mgmt/ccnet-server/Makefile
  head/net-mgmt/lldpd/Makefile
  head/net-mgmt/seafile-client/Makefile
  head/net-mgmt/seafile-gui/Makefile
  head/net-mgmt/seafile-server/Makefile
  head/net-mgmt/zabbix4-server/Makefile
  head/net-mgmt/zabbix42-server/Makefile
  head/net-p2p/bitcoin/Makefile
  head/net-p2p/libswift/Makefile
  head/net-p2p/litecoin/Makefile
  head/net-p2p/namecoin/Makefile
  head/net-p2p/qtum/Makefile
  head/net-p2p/transmission-cli/Makefile
  head/security/certificate-transparency/Makefile
  head/security/fragroute/Makefile
  head/security/kickpass/Makefile
  head/security/obfsclient/Makefile
  head/security/openiked/Makefile
  head/security/scanssh/Makefile
  head/security/spybye/Makefile
  head/security/sslproxy/Makefile
  head/security/sslsplit/Makefile
  head/security/tor/Makefile
  head/security/tor-devel/Makefile
  head/sysutils/ori/Makefile
  head/sysutils/tlsdate/Makefile
  head/sysutils/tmate/Makefile
  head/sysutils/tmate-slave/Makefile
  head/sysutils/tmux/Makefile
  head/sysutils/tmux23/Makefile
  head/textproc/groonga/Makefile
  head/www/cliqz/Makefile
  head/www/crawl/Makefile
  head/www/envoy/Makefile
  head/www/firefox/Makefile
  head/www/firefox-esr/Makefile
  head/www/libevhtp/Makefile
  head/www/links/Makefile
  head/www/mohawk/Makefile
  head/www/nghttp2/Makefile
  head/www/pecl-http/Makefile
  head/www/qt5-webengine/Makefile
  head/www/slowcgi/Makefile
Comment 6 Jan Beich freebsd_committer 2019-08-27 17:01:51 UTC
ports-secteam@ timeout. Resetting MFH request.