From nobody Fri Oct 29 17:50:08 2021
X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 78DD51838580
	for <ports-bugs@mlmmj.nyi.freebsd.org>; Fri, 29 Oct 2021 17:50:08 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HgqhJ2tCcz4nl1
	for <ports-bugs@FreeBSD.org>; Fri, 29 Oct 2021 17:50:08 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 42DD31B338
	for <ports-bugs@FreeBSD.org>; Fri, 29 Oct 2021 17:50:08 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 19THo8JU057575
	for <ports-bugs@FreeBSD.org>; Fri, 29 Oct 2021 17:50:08 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 19THo8gr057574
	for ports-bugs@FreeBSD.org; Fri, 29 Oct 2021 17:50:08 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 259534] archivers/advancecomp: Update to 2.2.g20210429 and fix
 CVEs
Date: Fri, 29 Oct 2021 17:50:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: security
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: fuz@fuz.su
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 bug_file_loc op_sys bug_status keywords bug_severity priority component
 assigned_to reporter flagtypes.name attachments.created
Message-ID: <bug-259534-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs
List-Help: <mailto:ports-bugs+help@freebsd.org>
List-Post: <mailto:ports-bugs@freebsd.org>
List-Subscribe: <mailto:ports-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports-bugs@freebsd.org
X-BeenThere: freebsd-ports-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259534

            Bug ID: 259534
           Summary: archivers/advancecomp: Update to 2.2.g20210429 and fix
                    CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/amadvance/advancecomp/releases
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: fuz@fuz.su
 Attachment #229127 maintainer-approval+
             Flags:

Created attachment 229127
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D229127&action=
=3Dedit
archivers/advancecomp: Update to 2.2.g20210429

This updates archivers/advancecomp to a few commits after the 2.1 version.=
=20
This is needed as CVE-2019-9210, CVE-2019-8383, and CVE-2019-8379 are open =
in
2.1 but fixed in the git repository.  No significant other changes have
occurred since version 2.1.

While we are at it...

 - follow project to new upstream
 - unbundle libdeflate
 - hook up test suite
 - add a BZIP2 option
 - take maintainership of this unmaintained port

Relevant upstream changes:

 - Added support for reading MNG files with depth of 1, 2, and 4 bits.
 - Fixed a crash condition with invalid ZIP data.
 - Support ZIPs with data descriptor signature.

Tested with Poudriere on armv7 arm64 FreeBSD 13.
Test suite passes (if BZIP2 is disabled), portlint is happy.

Please MFH this change as it fixes open security problems.

--=20
You are receiving this mail because:
You are the assignee for the bug.=