Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Mar 2015 16:50:44 -0500
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        Brooks Davis <brooks@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r382179 - head/devel/cross-binutils
Message-ID:  <5511DC34.9020504@FreeBSD.org>
In-Reply-To: <201503242132.t2OLWm3Y013942@svn.freebsd.org>
References:  <201503242132.t2OLWm3Y013942@svn.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 3/24/2015 4:32 PM, Brooks Davis wrote:
> Author: brooks
> Date: Tue Mar 24 21:32:47 2015
> New Revision: 382179
> URL: https://svnweb.freebsd.org/changeset/ports/382179
> QAT: https://qat.redports.org/buildarchive/r382179/
>=20
> Log:
>   The ancient version of binutils in the cross-binutils port suffers fo=
r
>   several vulnerabilities.  Mark it FORBIDDEN and DEPRECATED and set it=
 expire
>   April 15th.
>  =20
>   This also effects devel/mingw64-binutils.
>  =20
>   Consumers of this port should switch to devel/binutil or slave ports
>   there of.
>  =20
>   PR:		198816
>   Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
>=20
> Modified:
>   head/devel/cross-binutils/Makefile
>=20
> Modified: head/devel/cross-binutils/Makefile
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/devel/cross-binutils/Makefile	Tue Mar 24 21:32:08 2015	(r38217=
8)
> +++ head/devel/cross-binutils/Makefile	Tue Mar 24 21:32:47 2015	(r38217=
9)
> @@ -12,9 +12,13 @@ PKGNAMEPREFIX=3D	${TGTARCH}-${TGTABI}-
>  PATCH_SITES=3D	ftp://ftp.rtems.com/pub/rtems/SOURCES/4.11/
>  PATCH_DIST_STRIP=3D	-p1
> =20
> -MAINTAINER=3D 	brooks@FreeBSD.org
> +MAINTAINER=3D 	ports@FreeBSD.org
>  COMMENT=3D	GNU binutils port for cross-target development
> =20
> +FORBIDDEN=3D	Multiple vulnerbilities parsing PE and ihex files
> +DEPRECATED=3D	Obsolete.  Migrate to devel/binutils based ports
> +EXPIRATION_DATE=3D	2015-04-15
> +
>  USES=3D		gmake makeinfo tar:bzip2
>  GNU_CONFIGURE=3D	yes
>  ALL_TARGET=3D	all info
>=20


FORBIDDEN prevents all packages from being made, which contradicts the
deprecation period. Since you updated vuxml the user will already be
alerted that this is insecure. They also will be prompted about it when
installing it locally since it is in the vuxml. The FORBIDDEN is really
not needed. Leaving it in might as well delete the port today.

--=20
Regards,
Bryan Drewery


--Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJVEdw0AAoJEDXXcbtuRpfPuGAIAKisEo6mjh99tnNycVdC/hoX
m4Epfm6XirTupj2KoZkW4X0G6oMQ86SdI3cIzAia8Y98pB7rjcqfjBgKBTsgxGfr
HAP4eelL6bcf9/uG3ksGEB6KKrxTnR0CHOKxHYMUWZ3Swl9Ez3YvPaZ+06vy6nZo
DaIPYRMoKEF+geI/3HWB5uBktUv0PTfCd+y0mw+nq3q1OaXcVq6vV6QuXUGKe3U2
dNoQuubE5M6M+NGRy70fFWwMVdFYLRDSTwYuR7Qw09r8NkGTqq7jj3sJp7iF5lWJ
ZE5HJICnS+vs1n6XSqvaq1GA5HUzNy4pipx4LZbskY4jPkOlXMim4FVQ34y0x4Q=
=bNDP
-----END PGP SIGNATURE-----

--Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5511DC34.9020504>