From owner-svn-ports-all@FreeBSD.ORG Tue Mar 24 21:50:45 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CB4A76C0 for ; Tue, 24 Mar 2015 21:50:45 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9A5CFD42 for ; Tue, 24 Mar 2015 21:50:45 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t2OLojuH083914 for ; Tue, 24 Mar 2015 21:50:45 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t2OLojuw083913 for svn-ports-all@freebsd.org; Tue, 24 Mar 2015 21:50:45 GMT (envelope-from bdrewery) Received: (qmail 69193 invoked from network); 24 Mar 2015 16:50:41 -0500 Received: from unknown (HELO ?10.10.1.139?) (freebsd@shatow.net@10.10.1.139) by sweb.xzibition.com with ESMTPA; 24 Mar 2015 16:50:41 -0500 Message-ID: <5511DC34.9020504@FreeBSD.org> Date: Tue, 24 Mar 2015 16:50:44 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Brooks Davis , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r382179 - head/devel/cross-binutils References: <201503242132.t2OLWm3Y013942@svn.freebsd.org> In-Reply-To: <201503242132.t2OLWm3Y013942@svn.freebsd.org> OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2015 21:50:46 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 3/24/2015 4:32 PM, Brooks Davis wrote: > Author: brooks > Date: Tue Mar 24 21:32:47 2015 > New Revision: 382179 > URL: https://svnweb.freebsd.org/changeset/ports/382179 > QAT: https://qat.redports.org/buildarchive/r382179/ >=20 > Log: > The ancient version of binutils in the cross-binutils port suffers fo= r > several vulnerabilities. Mark it FORBIDDEN and DEPRECATED and set it= expire > April 15th. > =20 > This also effects devel/mingw64-binutils. > =20 > Consumers of this port should switch to devel/binutil or slave ports > there of. > =20 > PR: 198816 > Reported by: Sevan Janiyan >=20 > Modified: > head/devel/cross-binutils/Makefile >=20 > Modified: head/devel/cross-binutils/Makefile > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/devel/cross-binutils/Makefile Tue Mar 24 21:32:08 2015 (r38217= 8) > +++ head/devel/cross-binutils/Makefile Tue Mar 24 21:32:47 2015 (r38217= 9) > @@ -12,9 +12,13 @@ PKGNAMEPREFIX=3D ${TGTARCH}-${TGTABI}- > PATCH_SITES=3D ftp://ftp.rtems.com/pub/rtems/SOURCES/4.11/ > PATCH_DIST_STRIP=3D -p1 > =20 > -MAINTAINER=3D brooks@FreeBSD.org > +MAINTAINER=3D ports@FreeBSD.org > COMMENT=3D GNU binutils port for cross-target development > =20 > +FORBIDDEN=3D Multiple vulnerbilities parsing PE and ihex files > +DEPRECATED=3D Obsolete. Migrate to devel/binutils based ports > +EXPIRATION_DATE=3D 2015-04-15 > + > USES=3D gmake makeinfo tar:bzip2 > GNU_CONFIGURE=3D yes > ALL_TARGET=3D all info >=20 FORBIDDEN prevents all packages from being made, which contradicts the deprecation period. Since you updated vuxml the user will already be alerted that this is insecure. They also will be prompted about it when installing it locally since it is in the vuxml. The FORBIDDEN is really not needed. Leaving it in might as well delete the port today. --=20 Regards, Bryan Drewery --Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVEdw0AAoJEDXXcbtuRpfPuGAIAKisEo6mjh99tnNycVdC/hoX m4Epfm6XirTupj2KoZkW4X0G6oMQ86SdI3cIzAia8Y98pB7rjcqfjBgKBTsgxGfr HAP4eelL6bcf9/uG3ksGEB6KKrxTnR0CHOKxHYMUWZ3Swl9Ez3YvPaZ+06vy6nZo DaIPYRMoKEF+geI/3HWB5uBktUv0PTfCd+y0mw+nq3q1OaXcVq6vV6QuXUGKe3U2 dNoQuubE5M6M+NGRy70fFWwMVdFYLRDSTwYuR7Qw09r8NkGTqq7jj3sJp7iF5lWJ ZE5HJICnS+vs1n6XSqvaq1GA5HUzNy4pipx4LZbskY4jPkOlXMim4FVQ34y0x4Q= =bNDP -----END PGP SIGNATURE----- --Vl1vv1wo5q8thCdgML3lKK0hn7wdl4peC--