Paul Irofti <p...@irofti.net> writes: > Along with the openvpn backport that jca committed, I also backported > and tested mail/libetpan. OK?
The problem is that the diff below bumps the lib major version. For -stable it is better to avoid this as much as we can, since it means that users have to rebuild all the packages that depend on libetpan (updating libetpan isn't enough if consumer ports don't use the new lib). https://github.com/dinhviethoa/libetpan/releases/tag/1.8 says CVE-2017-8825. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8825 points at https://github.com/dinhviethoa/libetpan/issues/274 and https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d Probably a fix can be pushed to -stable without changing the lib version at all. Also, > Index: Makefile > =================================================================== > RCS file: /cvs/ports/mail/libetpan/Makefile,v > retrieving revision 1.25 > diff -u -p -r1.25 Makefile > --- Makefile 11 Nov 2016 12:07:00 -0000 1.25 > +++ Makefile 15 May 2017 14:57:45 -0000 > @@ -1,14 +1,13 @@ > -# $OpenBSD: Makefile,v 1.25 2016/11/11 12:07:00 danj Exp $ > +# $OpenBSD: Makefile,v 1.27 2017/05/11 00:35:09 danj Exp $ > > COMMENT= mail purpose library > > GH_ACCOUNT= dinhviethoa > GH_PROJECT= libetpan > -GH_TAGNAME= 1.7.2 > +GH_TAGNAME= 1.8 > CATEGORIES= mail devel > -REVISION= 2 > > -SHARED_LIBS= etpan 17.0 # 20.0 > +SHARED_LIBS= etpan 18.0 # 21.0 > > HOMEPAGE= http://www.etpan.org/libetpan.html > > @@ -17,7 +16,7 @@ MAINTAINER= Daniel Jakots <o...@chown.me > # BSD > PERMIT_PACKAGE_CDROM= Yes > > -WANTLIB += crypto curl expat iconv m nghttp2 pthread sasl2 ssl stdc++ z > +WANTLIB += crypto curl expat iconv m nghttp2 pthread sasl2 ssl ${LIBCXX} z afaict, there is no ${LIBCXX} support in -stable. > > AUTOCONF_VERSION= 2.69 > AUTOMAKE_VERSION= 1.15 > Index: distinfo > =================================================================== > RCS file: /cvs/ports/mail/libetpan/distinfo,v > retrieving revision 1.9 > diff -u -p -r1.9 distinfo > --- distinfo 28 Jun 2016 16:28:13 -0000 1.9 > +++ distinfo 15 May 2017 14:57:45 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (libetpan-1.7.2.tar.gz) = MnlygqQg8xdPSmeVSOIPortKy0BLgn1iwvRNPeTrMSA= > -SIZE (libetpan-1.7.2.tar.gz) = 6186628 > +SHA256 (libetpan-1.8.tar.gz) = TmentKutzzzBb6FuFiGmjlTUidrf2afR+WDBculTtus= > +SIZE (libetpan-1.8.tar.gz) = 6188927 > -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
