From owner-freebsd-ports@freebsd.org  Tue Dec  5 11:05:46 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 416B4E5DE05
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue,  5 Dec 2017 11:05:46 +0000 (UTC) (envelope-from hausen@punkt.de)
Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D092975CB5
 for <freebsd-ports@freebsd.org>; Tue,  5 Dec 2017 11:05:45 +0000 (UTC)
 (envelope-from hausen@punkt.de)
Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10])
 by gate2.intern.punkt.de with ESMTP id vB5B5h94031592;
 Tue, 5 Dec 2017 12:05:43 +0100 (CET)
Received: from [217.29.44.110] ([217.29.44.110])
 by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id vB5B5gBA024715;
 Tue, 5 Dec 2017 12:05:42 +0100 (CET) (envelope-from hausen@punkt.de)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: Missing fixes for various ports in Q4 branch? (was: MySQL 5.6)
From: "Patrick M. Hausen" <hausen@punkt.de>
In-Reply-To: <20171205105529.GR2827@home.opsec.eu>
Date: Tue, 5 Dec 2017 12:05:42 +0100
Cc: freebsd-ports@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <94AC4DE0-78AB-4EB4-BE43-682D2CCEDB9B@punkt.de>
References: <0C45356F-037F-4BF8-8222-0F82879F6A5D@punkt.de>
 <20171205105529.GR2827@home.opsec.eu>
To: Kurt Jaeger <lists@opsec.eu>
X-Mailer: Apple Mail (2.3273)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Dec 2017 11:05:46 -0000

Hi all,

> Am 05.12.2017 um 11:55 schrieb Kurt Jaeger <lists@opsec.eu>:
>=20
> Hi!
>=20
>> I thought quarterly ports branches would receive security fixes from
>> HEAD but no other version bumps.
>>=20
>> If this is correct, then why is MySQL 5.6 in Q4 one version behind =
HEAD
>> (updated 6 weeks ago) and with all the critical security issues still =
present?
>=20
> Maintainer just committed the merge from HEAD to quarterly.
>=20
> Thanks for the heads-up. Sometimes things slip through.

OK ... in that case ...

PHP 5.6 is 5.6.31 in Q4 with CVE-2016-1283 and 5.6.32 in HEAD.
Update to HEAD 4 weeks ago.

Curl is behind, too - though this fix was committed to HEAD just 2 days =
ago.


I'll routinely use `pkg audit` after building a new master image for our =
hosting
from now on.


Kind regards,
Patrick
--=20
punkt.de GmbH			Internet - Dienstleistungen - Beratung
Kaiserallee 13a			Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe			info@punkt.de	http://punkt.de
AG Mannheim 108285		Gf: Juergen Egeling