Date: Tue, 24 Mar 2015 16:50:44 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Brooks Davis <brooks@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r382179 - head/devel/cross-binutils Message-ID: <5511DC34.9020504@FreeBSD.org> In-Reply-To: <201503242132.t2OLWm3Y013942@svn.freebsd.org> References: <201503242132.t2OLWm3Y013942@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 3/24/2015 4:32 PM, Brooks Davis wrote: > Author: brooks > Date: Tue Mar 24 21:32:47 2015 > New Revision: 382179 > URL: https://svnweb.freebsd.org/changeset/ports/382179 > QAT: https://qat.redports.org/buildarchive/r382179/ >=20 > Log: > The ancient version of binutils in the cross-binutils port suffers fo= r > several vulnerabilities. Mark it FORBIDDEN and DEPRECATED and set it= expire > April 15th. > =20 > This also effects devel/mingw64-binutils. > =20 > Consumers of this port should switch to devel/binutil or slave ports > there of. > =20 > PR: 198816 > Reported by: Sevan Janiyan <venture37@geeklan.co.uk> >=20 > Modified: > head/devel/cross-binutils/Makefile >=20 > Modified: head/devel/cross-binutils/Makefile > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/devel/cross-binutils/Makefile Tue Mar 24 21:32:08 2015 (r38217= 8) > +++ head/devel/cross-binutils/Makefile Tue Mar 24 21:32:47 2015 (r38217= 9) > @@ -12,9 +12,13 @@ PKGNAMEPREFIX=3D ${TGTARCH}-${TGTABI}- > PATCH_SITES=3D ftp://ftp.rtems.com/pub/rtems/SOURCES/4.11/ > PATCH_DIST_STRIP=3D -p1 > =20 > -MAINTAINER=3D brooks@FreeBSD.org > +MAINTAINER=3D ports@FreeBSD.org > COMMENT=3D GNU binutils port for cross-target development > =20 > +FORBIDDEN=3D Multiple vulnerbilities parsing PE and ihex files > +DEPRECATED=3D Obsolete. Migrate to devel/binutils based ports > +EXPIRATION_DATE=3D 2015-04-15 > + > USES=3D gmake makeinfo tar:bzip2 > GNU_CONFIGURE=3D yes > ALL_TARGET=3D all info >=20 FORBIDDEN prevents all packages from being made, which contradicts the deprecation period. Since you updated vuxml the user will already be alerted that this is insecure. They also will be prompted about it when installing it locally since it is in the vuxml. The FORBIDDEN is really not needed. Leaving it in might as well delete the port today. --=20 Regards, Bryan Drewery --Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVEdw0AAoJEDXXcbtuRpfPuGAIAKisEo6mjh99tnNycVdC/hoX m4Epfm6XirTupj2KoZkW4X0G6oMQ86SdI3cIzAia8Y98pB7rjcqfjBgKBTsgxGfr HAP4eelL6bcf9/uG3ksGEB6KKrxTnR0CHOKxHYMUWZ3Swl9Ez3YvPaZ+06vy6nZo DaIPYRMoKEF+geI/3HWB5uBktUv0PTfCd+y0mw+nq3q1OaXcVq6vV6QuXUGKe3U2 dNoQuubE5M6M+NGRy70fFWwMVdFYLRDSTwYuR7Qw09r8NkGTqq7jj3sJp7iF5lWJ ZE5HJICnS+vs1n6XSqvaq1GA5HUzNy4pipx4LZbskY4jPkOlXMim4FVQ34y0x4Q= =bNDP -----END PGP SIGNATURE----- --Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5511DC34.9020504>