svn commit: r382179 - head/devel/cross-binutils

Bryan Drewery bdrewery at FreeBSD.org
Tue Mar 24 21:50:43 UTC 2015 

On 3/24/2015 4:32 PM, Brooks Davis wrote:
> Author: brooks
> Date: Tue Mar 24 21:32:47 2015
> New Revision: 382179
> URL: https://svnweb.freebsd.org/changeset/ports/382179
> QAT: https://qat.redports.org/buildarchive/r382179/
> 
> Log:
>   The ancient version of binutils in the cross-binutils port suffers for
>   several vulnerabilities.  Mark it FORBIDDEN and DEPRECATED and set it expire
>   April 15th.
>   
>   This also effects devel/mingw64-binutils.
>   
>   Consumers of this port should switch to devel/binutil or slave ports
>   there of.
>   
>   PR:		198816
>   Reported by:	Sevan Janiyan <venture37 at geeklan.co.uk>
> 
> Modified:
>   head/devel/cross-binutils/Makefile
> 
> Modified: head/devel/cross-binutils/Makefile
> ==============================================================================
> --- head/devel/cross-binutils/Makefile	Tue Mar 24 21:32:08 2015	(r382178)
> +++ head/devel/cross-binutils/Makefile	Tue Mar 24 21:32:47 2015	(r382179)
> @@ -12,9 +12,13 @@ PKGNAMEPREFIX=	${TGTARCH}-${TGTABI}-
>  PATCH_SITES=	ftp://ftp.rtems.com/pub/rtems/SOURCES/4.11/
>  PATCH_DIST_STRIP=	-p1
>  
> -MAINTAINER= 	brooks at FreeBSD.org
> +MAINTAINER= 	ports at FreeBSD.org
>  COMMENT=	GNU binutils port for cross-target development
>  
> +FORBIDDEN=	Multiple vulnerbilities parsing PE and ihex files
> +DEPRECATED=	Obsolete.  Migrate to devel/binutils based ports
> +EXPIRATION_DATE=	2015-04-15
> +
>  USES=		gmake makeinfo tar:bzip2
>  GNU_CONFIGURE=	yes
>  ALL_TARGET=	all info
> 


FORBIDDEN prevents all packages from being made, which contradicts the
deprecation period. Since you updated vuxml the user will already be
alerted that this is insecure. They also will be prompted about it when
installing it locally since it is in the vuxml. The FORBIDDEN is really
not needed. Leaving it in might as well delete the port today.

-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-head/attachments/20150324/92a8b065/attachment.sig>

More information about the svn-ports-head mailing list