Date: Tue, 11 Apr 2017 07:53:46 +0200 From: Matthias Fechner <idefix@fechner.net> To: Kurt Jaeger <lists@opsec.eu> Cc: ports@FreeBSD.org Subject: Re: Update of devel/rubygem-google-api-client broke www/rubygem-rest-client (blocks security related update) Message-ID: <36e463cd-17d8-bdcd-f4a0-3fd858f5e534@fechner.net> In-Reply-To: <20170411052716.GB64587@home.opsec.eu> References: <8fc6d2a5-6d60-1ba9-b2ba-54eadc14a130@fechner.net> <20170411052716.GB64587@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Kurt, Am 11.04.2017 um 07:27 schrieb Kurt Jaeger: > Which security bug does this fix ? Any link ? > For rubygem-rest-client, we're still waiting for the maintainer to > approve, as far as I can see. > the gitlab port has the following security bug: https://about.gitlab.com/2017/04/05/gitlab-9-dot-0-dot-4-security-release= / But I cannot apply anything (you even can not run it currently) as the rubygem-google-api-client upgrade has broken the dependency tree. To explain it a little bit more: the new rubygem-google-api-client depends on a module > 3.0. but rubygem-rest-client needs version < 3.0 This is a run dependency, you will not see while building the port. But gitlab depends on both ports, which makes it completely broken. You cannot run it anymore. I hope that makes it clear, that commiting this port (https://bugs.freebs= d.org/bugzilla/show_bug.cgi?id=3D218366) is really crucial. Gru=C3=9F Matthias --=20 "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36e463cd-17d8-bdcd-f4a0-3fd858f5e534>