From owner-freebsd-ports-bugs@freebsd.org Tue Sep 15 13:30:07 2015 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00BE8A0452C for ; Tue, 15 Sep 2015 13:30:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E0BC61B01 for ; Tue, 15 Sep 2015 13:30:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t8FDU6kx005385 for ; Tue, 15 Sep 2015 13:30:06 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 198813] devel/psptoolchain-binutils: Multiple security vulnerabilities Date: Tue, 15 Sep 2015 13:30:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: needs-patch, security X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: tphilipp@potion-studios.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2015 13:30:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198813 --- Comment #2 from Tassilo Philipp --- Not yet, I've unfortunately not had any time to look into this, yet. Too much going on, currently, sorry... Also, not sure if the importance needs to be set to "affects many people", as I doubt that. This port of binutils is only used for the psptoolchain, there are no other dependencies on it. I don't think a lot of people are actually using this. But, bigger question: Given that this port is actually port of an existing patchset against gnu binutils 2.22, adding PSP support, it's a bit of an undertaking to switch to a newer binutils version, b/c the source-patchset didn't, yet. Not sure how to handle this best - fork from the sources and maintain an own, newer version of binutils, or actually just add patches to fix those vulnerabilities? Input welcome. -- You are receiving this mail because: You are the assignee for the bug.