Bug 239843 - www/h2o and www/h2o-devel: update to 2.2.6/2.3.0-beta2 with multiple CVE fixes
Summary: www/h2o and www/h2o-devel: update to 2.2.6/2.3.0-beta2 with multiple CVE fixes
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dave Cottlehuber
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-14 11:39 UTC by Max Kostikov
Modified: 2019-08-14 18:07 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (dch)


Attachments
update to 2.2.6 (2.70 KB, patch)
2019-08-14 11:39 UTC, Max Kostikov
no flags Details | Diff
h2o-devel (4.62 KB, patch)
2019-08-14 15:06 UTC, Adam Weinberger
no flags Details | Diff
updated patch for 2.2.6 (14.59 KB, patch)
2019-08-14 15:18 UTC, Max Kostikov
no flags Details | Diff
update to 2.2.6 (3.45 KB, patch)
2019-08-14 17:59 UTC, Max Kostikov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Max Kostikov 2019-08-14 11:39:39 UTC
Created attachment 206521 [details]
update to 2.2.6

Fixed CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), CVE-2019-9515 (Settings Flood)
Comment 1 Adam Weinberger freebsd_committer 2019-08-14 15:04:33 UTC
(In reply to Max Kostikov from comment #0)
That patch needs to be edited. The plist removes the %%MRUBY%% option_sub. There's also not a lot of point in sorting %%DATADIR%% if the rest of the plist isn't strictly sorted.
Comment 2 Adam Weinberger freebsd_committer 2019-08-14 15:06:09 UTC
Created attachment 206542 [details]
h2o-devel

Attaching a patch to update h2o-devel to 2.3.0-beta2
Comment 3 Max Kostikov 2019-08-14 15:18:42 UTC
Created attachment 206544 [details]
updated patch for 2.2.6

(In reply to Adam Weinberger from comment #1)
Adam, thanks for pointed this.
See new .diff in attachment. Hope it will be ok now.
Comment 4 Adam Weinberger freebsd_committer 2019-08-14 17:42:30 UTC
(In reply to Max Kostikov from comment #3)
Hi Max,

Unfortunately, this one is actually made it worse. Now there's two plists in the patch, everything is reversed, and the mruby files are listed twice.
Comment 5 Max Kostikov 2019-08-14 17:59:17 UTC
Created attachment 206549 [details]
update to 2.2.6

(In reply to Adam Weinberger from comment #4)
Sorry. That's my bad. See one more revision in attachment.
Comment 6 Adam Weinberger freebsd_committer 2019-08-14 18:07:21 UTC
(In reply to Max Kostikov from comment #5)
This one looks great!

Dave, I believe these patches are ready for you!