I could press the magic button and force the update through but I'd be stepping on toes.
Yuri, the maintainer, just did a ton of port updates 2 days ago.
If there was a CVE issued it would be easier to prod ports-secteam, but there is somewhat of a security concern regardless so I think they should take action.
I used to be on the ports-secteam and I'd just update ports without permission all the time when this stuff happened.
feld
in reply to subnetspider • • •PR is here
bugs.freebsd.org/bugzilla/show…
I'll bump and nudge ports-secteam
291140 – security/tor: update to 0.4.8.21
bugs.freebsd.orgsubnetspider
in reply to feld • • •@feld I've seen the PR, but I'm confused about the severity - all I know is that all but the latest version got obsoleted, which is ... odd.
It also makes FreeBSD look bad imo, as Linux and OpenBSD have already updated their packages days ago. :/
I'm probably just pessimistic again, but thanks.
feld
in reply to subnetspider • • •I could press the magic button and force the update through but I'd be stepping on toes.
Yuri, the maintainer, just did a ton of port updates 2 days ago.
If there was a CVE issued it would be easier to prod ports-secteam, but there is somewhat of a security concern regardless so I think they should take action.
I used to be on the ports-secteam and I'd just update ports without permission all the time when this stuff happened.
subnetspider
in reply to feld • • •@feld Just took a look at freshports, those are quite a lot of ports 😅
freshports.org/search.php?styp…
FreshPorts -- Search
www.freshports.orgfeld
in reply to subnetspider • • •dang he's got a lot of commits. And I thought I had a lot at 2835
but I never did autogenerate / autoupdate a bunch of ports for different language libraries. Easy to rack up a high score when you do that