Bug 239897 - www/jetty9: Update to 9.4.20
Summary: www/jetty9: Update to 9.4.20
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Jochen Neumeister
URL: https://www.eclipse.org/lists/jetty-d...
Keywords: needs-patch, security
: 239251 (view as bug list)
Depends on:
Reported: 2019-08-16 02:57 UTC by Greg Lewis
Modified: 2020-04-03 05:32 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (dharrigan)
koobs: merge-quarterly+

Update to 9.4.20 (44.50 KB, patch)
2019-08-16 02:57 UTC, Greg Lewis
no flags Details | Diff
Updated patch (44.12 KB, patch)
2019-08-20 17:39 UTC, Greg Lewis
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Lewis freebsd_committer 2019-08-16 02:57:14 UTC
Created attachment 206606 [details]
Update to 9.4.20

* Update to 9.4.20
* Remove some unnecessary library removals from the Makefile
* Remove some unnecessary @dir directives from the packing list
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-08-16 03:09:47 UTC
A *substantial* number of bugfixes have been fixed between 9.3.9 (current port version, committed 18 Jun 2016) and 9.4.20, along with at least 7 security vulnerabilities, oldest dating to 2018/06/25


Pending complete review of changelogs, confirmation of QA, and VuXML entries for these security vulnerabilities.
Comment 2 Walter Schwarzenfeld freebsd_triage 2019-08-16 13:27:05 UTC
*** Bug 239251 has been marked as a duplicate of this bug. ***
Comment 3 Jochen Neumeister freebsd_committer 2019-08-20 09:15:17 UTC
There is an error: http://joneumbox.org/data/120i386-ports/2019-08-20_10h25m39s/logs/errors/jetty9-9.4.20.log

====> Running Q/A tests (stage-qa)
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: %%APP_NAME%%/lib/setuid/libsetuid-linux.so
Error: Orphaned: %%APP_NAME%%/lib/setuid/libsetuid-osx.so
Error: Orphaned: @dir %%APP_NAME%%/resources
===> Checking for items in pkg-plist which are not in STAGEDIR
===> Error: Plist issues found.
*** Error code 1
Comment 4 Greg Lewis freebsd_committer 2019-08-20 17:38:28 UTC
Thanks for catching that.  I'll attach an updated patch.
Comment 5 Greg Lewis freebsd_committer 2019-08-20 17:39:37 UTC
Created attachment 206737 [details]
Updated patch
Comment 6 commit-hook freebsd_committer 2019-08-28 16:40:06 UTC
A commit references this bug:

Author: joneum
Date: Wed Aug 28 16:39:52 UTC 2019
New revision: 510078
URL: https://svnweb.freebsd.org/changeset/ports/510078

  Update to 9.4.20

  Changelog: https://www.eclipse.org/lists/jetty-dev/msg03343.html

  PR:		239897
  MFH:		2019Q3
  Sponsored by:	Netzkommune GmbH

Comment 7 commit-hook freebsd_committer 2019-08-28 16:45:08 UTC
A commit references this bug:

Author: joneum
Date: Wed Aug 28 16:44:31 UTC 2019
New revision: 510080
URL: https://svnweb.freebsd.org/changeset/ports/510080

  MFH: r510078

  Update to 9.4.20

  Changelog: https://www.eclipse.org/lists/jetty-dev/msg03343.html

  PR:		239897
  Sponsored by:	Netzkommune GmbH

  Approved by:	ports-secteam (joneum)

_U  branches/2019Q3/
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2019-09-02 08:09:29 UTC
Was there a vuxml entry created for these (7+) vulnerabilities?
Comment 9 Jochen Neumeister freebsd_committer 2019-09-12 08:59:36 UTC
i don't see anything in the log for a vuxml that i would add as a port-secteam member
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2019-09-12 11:45:18 UTC
(In reply to Jochen Neumeister from comment #9)

In the security reports link mentioned in comment 1:


The version diff for this change was  9.3.9 -> 9.4.20.

There are 7 CVE's, for this version range, again mentioned in comment 1, none of which have been documented in VuXML

Here's is the explicit list:


Triage: While I'm here, set merge-quarterly correctly (the change was merged)

Pending VuXML entries
Comment 11 Jochen Neumeister freebsd_committer 2019-09-13 05:42:22 UTC
so please add a patch for vuxml
Comment 12 Kubilay Kocak freebsd_committer freebsd_triage 2019-09-13 10:22:28 UTC
(In reply to Jochen Neumeister from comment #11)

I'm sorry Jochen, I'm doing this for triage purposes, so security issues don't get missed for our users.

It is usual for either the Reporter, the port Maintainer or the Assignee of the issue in the last instance, to take care of the correct and appropriate changes