Bug 239717 - databases/mongodb34: Update to 3.4.22 (bugfix & security release)
Summary: databases/mongodb34: Update to 3.4.22 (bugfix & security release)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kurt Jaeger
URL: https://docs.mongodb.com/manual/relea...
Keywords: security
Depends on:
Blocks: 240126 241078
  Show dependency treegraph
 
Reported: 2019-08-08 14:17 UTC by Ronald Klop
Modified: 2019-10-11 17:37 UTC (History)
3 users (show)

See Also:
ronald-lists: maintainer-feedback+
koobs: merge-quarterly?


Attachments
trivial update of version and distinfo + one patch is obsolete now (2.40 KB, patch)
2019-08-08 14:17 UTC, Ronald Klop
ronald-lists: maintainer-approval+
Details | Diff
vuxml entries for 3 CVEs (4.00 KB, patch)
2019-09-30 18:31 UTC, Ronald Klop
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ronald Klop 2019-08-08 14:17:02 UTC
Created attachment 206370 [details]
trivial update of version and distinfo + one patch is obsolete now

Pretty trivial patch to update the port.
files/patch-boost-1.67 is removed. The code it patched was upgraded and now compiles without this patch.
Comment 1 Ronald Klop 2019-08-26 18:18:03 UTC
What does needs-qa mean and who is going to do it?
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2019-08-26 23:31:07 UTC
@Ronald Ideally all changes are QA'd prior to submission, at least by the maintainer or the port, if not the reporter, but anyone can do it.

You can see descriptions for Keywords by clicking the 'Keywords' field title, but port updates, testing means, but is not necessarily limited to, running channes through our primarily QA tools: at least portlint and poudriere. 

For more information and instructions, see: https://www.freebsd.org/doc/en/books/porters-handbook/testing.html

If you need help or guidance, we have a dedicated porters channel at #freebsd-ports on freenode IRC
Comment 3 Ronald Klop 2019-09-11 08:18:42 UTC
Hi. As I'm the maintainer nobody can approve this more than I did.
How can I help getting this QA process further?
I would like to get this into the Q4 ports.
 (In reply to Kubilay Kocak from comment #2)
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2019-09-11 09:19:44 UTC
@Ronald The methods for testing ("QA") are described in comment 2

Further, since this is a bugfix and security release, it will be merged in any case.

Pending:

 - QA confirmation
 - VuXML entry
Comment 5 Ronald Klop 2019-09-30 18:31:21 UTC
Created attachment 207963 [details]
vuxml entries for 3 CVEs
Comment 6 Ronald Klop 2019-09-30 18:34:11 UTC
$ portlint -C
WARN: Makefile: [19]: the arguments to ONLY_FOR_ARCHS are not sorted.  Please consider sorting them.
WARN: Makefile: "USES" has to appear earlier.
WARN: /home/builder/mongodb34.22/files/patch-asio-openssl-1.1.0: patch was not generated using ``make makepatch''.  It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /home/builder/mongodb34.22/files/patch-src_mongo_util_net_ssl__manager.cpp: patch was not generated using ``make makepatch''.  It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /home/builder/mongodb34.22/files/patch-src_mongo_util_net_ssl__manager.h: patch was not generated using ``make makepatch''.  It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: Consider to set DEVELOPER=yes in /etc/make.conf
0 fatal errors and 6 warnings found.

No errors. I will fix some warnings in my next update to this port.
Comment 7 commit-hook freebsd_committer 2019-10-10 06:33:25 UTC
A commit references this bug:

Author: pi
Date: Thu Oct 10 06:33:04 UTC 2019
New revision: 514207
URL: https://svnweb.freebsd.org/changeset/ports/514207

Log:
  databases/mongodb34: upgrade 3.4.21 -> 3.4.22

  PR:		239717
  Submitted by:	Ronald Klop <ronald-lists@klop.ws> (maintainer)
  MFH:		2019Q4
  Relnotes:	https://docs.mongodb.com/manual/release-notes/3.4/#aug-6-2019
  Security:	CVE-2019-2386, CVE-2019-2389, CVE-2019-2390

Changes:
  head/databases/mongodb34/Makefile
  head/databases/mongodb34/distinfo
  head/databases/mongodb34/files/patch-boost-1.67
Comment 8 commit-hook freebsd_committer 2019-10-11 17:27:50 UTC
A commit references this bug:

Author: pi
Date: Fri Oct 11 17:27:21 UTC 2019
New revision: 514292
URL: https://svnweb.freebsd.org/changeset/ports/514292

Log:
  MFH: r514207

  databases/mongodb34: upgrade 3.4.21 -> 3.4.22

  PR:		239717
  Submitted by:	Ronald Klop <ronald-lists@klop.ws> (maintainer)
  Relnotes:	https://docs.mongodb.com/manual/release-notes/3.4/#aug-6-2019
  Security:	CVE-2019-2386, CVE-2019-2389, CVE-2019-2390
  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2019Q4/
  branches/2019Q4/databases/mongodb34/Makefile
  branches/2019Q4/databases/mongodb34/distinfo
  branches/2019Q4/databases/mongodb34/files/patch-boost-1.67
Comment 9 commit-hook freebsd_committer 2019-10-11 17:36:52 UTC
A commit references this bug:

Author: pi
Date: Fri Oct 11 17:36:37 UTC 2019
New revision: 514293
URL: https://svnweb.freebsd.org/changeset/ports/514293

Log:
  security/vuxml: mongodb vulnerabilities

  - CVE-2019-2386, CVE-2019-2389, CVE-2019-2390

  PR:		239717
  Submitted by:	Ronald Klop <ronald-lists@klop.ws>

Changes:
  head/security/vuxml/vuln.xml