Date: Sat, 28 Oct 2023 22:25:26 GMT From: Dave Cottlehuber <dch@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: d225b5157f7b - 2023Q4 - www/h2o: patch for HTTP2 rapid reset attack, deprecate Message-ID: <202310282225.39SMPQwI078243@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2023Q4 has been updated by dch: URL: https://cgit.FreeBSD.org/ports/commit/?id=d225b5157f7b3f9aef8e33b1326675c27011a62e commit d225b5157f7b3f9aef8e33b1326675c27011a62e Author: Dave Cottlehuber <dch@FreeBSD.org> AuthorDate: 2023-10-28 22:13:46 +0000 Commit: Dave Cottlehuber <dch@FreeBSD.org> CommitDate: 2023-10-28 22:24:32 +0000 www/h2o: patch for HTTP2 rapid reset attack, deprecate - downstream dnsdist project has backported a fix for this specific issue - deprecation is still planned, and port should not be considered secure - pet port in line with www/h2o-devel See https://github.com/h2o/h2o/pull/3293 for further details Obtained from: Remi Gacogne <remi.gacogne@powerdns.com> Security: CVE-2023-44487 Security: https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf (cherry picked from commit dcd7c23bd4dd801ec1a5a415612a66cb97032dde) --- www/h2o/Makefile | 28 +++++++++++++++------------- www/h2o/distinfo | 4 +++- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/www/h2o/Makefile b/www/h2o/Makefile index 3dedc789309a..1cd762f288ac 100644 --- a/www/h2o/Makefile +++ b/www/h2o/Makefile @@ -1,9 +1,12 @@ PORTNAME= h2o DISTVERSIONPREFIX= v DISTVERSION= 2.2.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www +PATCH_SITES= https://github.com/h2o/h2o/pull/:github +PATCHFILES= 3293.patch:-p1:github + MAINTAINER= dch@FreeBSD.org COMMENT= Optimized HTTP/2 server including support for TLS 1.3 and HTTP/1.x WWW= https://github.com/h2o/h2o @@ -11,6 +14,7 @@ WWW= https://github.com/h2o/h2o LICENSE= BSD2CLAUSE MIT LICENSE_COMB= multi +DEPRECATED= Upstream EOL confirmed on 2023-10-10, removal planned for 2023-12-30 BROKEN_armv6= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported BROKEN_armv7= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported BROKEN_FreeBSD_12_powerpc64= fails to link: unrecognized option '-Wl,-rpath=/usr/local/lib/gcc6' @@ -18,17 +22,18 @@ BROKEN_FreeBSD_12_powerpc64= fails to link: unrecognized option '-Wl,-rpath=/usr LIB_DEPENDS= libuv.so:devel/libuv USES= cmake:noninja compiler:c11 cpe perl5 pkgconfig shebangfix ssl +CPE_VENDOR= dena USE_GITHUB= yes -USE_PERL5= run USE_LDCONFIG= yes - -CPE_VENDOR= dena - -CONFLICTS= h2o-devel +USE_PERL5= run +USE_RC_SUBR= ${PORTNAME} SHEBANG_FILES= share/h2o/start_server -PORTDOCS= README.md +CMAKE_ARGS+= -DBUILD_SHARED_LIBS=ON \ + -DWITH_BUNDLED_SSL=OFF + +CONFLICTS= h2o-devel SUB_FILES= ${PORTNAME} ${PORTNAME}.conf.sample SUB_LIST+= H2O_GROUP=${H2O_GROUP} \ @@ -39,23 +44,20 @@ PLIST_SUB= H2O_GROUP=${H2O_GROUP} \ H2O_LOGDIR=${H2O_LOGDIR} \ H2O_USER=${H2O_USER} +PORTDOCS= README.md + H2O_USER?= www H2O_GROUP?= www H2O_LOGDIR= /var/log/${PORTNAME}/ -USE_RC_SUBR= ${PORTNAME} - OPTIONS_DEFINE= DOCS MRUBY OPTIONS_DEFAULT= MRUBY OPTIONS_SUB= yes MRUBY_DESC= Build with embedded mruby handler support -CMAKE_ARGS+= -DBUILD_SHARED_LIBS=ON \ - -DWITH_BUNDLED_SSL=OFF - -MRUBY_CMAKE_BOOL= WITH_MRUBY MRUBY_USES= bison ruby:build +MRUBY_CMAKE_BOOL= WITH_MRUBY post-patch: @${REINPLACE_CMD} -e 's|exec perl|exec ${LOCALBASE}/bin/perl|' \ diff --git a/www/h2o/distinfo b/www/h2o/distinfo index e8e1ea81bb8a..cc5d472a2c6c 100644 --- a/www/h2o/distinfo +++ b/www/h2o/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1565781060 +TIMESTAMP = 1697026111 SHA256 (h2o-h2o-v2.2.6_GH0.tar.gz) = f8cbc1b530d85ff098f6efc2c3fdbc5e29baffb30614caac59d5c710f7bda201 SIZE (h2o-h2o-v2.2.6_GH0.tar.gz) = 16257760 +SHA256 (3293.patch) = 4e093c92840dd82df3e90868f7e957087f1631cea0fd67892e87b10445277c91 +SIZE (3293.patch) = 10243
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202310282225.39SMPQwI078243>