On Mar 21, 2025, at 03:17, Matthias Fechner <mfech...@freebsd.org> wrote:
> Dear Mark, > > Am 21.03.2025 um 07:06 schrieb Mark Millard: >> The conflict was created at "Security related update to 0.14.0.": >> >> Commit db5b5f1 >> on Mar 6, 2021. >> >> mfechner_at_freebsd.org shows on the commit. >> >> It added the following 2 lines to devel/thrift-cpp/pkg-plist : >> >> lib/cmake/thrift/ThriftConfig.cmake >> lib/cmake/thrift/ThriftConfigVersion.cmake >> >> The same overall commit also added those lines to each of: >> >> devel/thrift-c_glib/pkg-plist >> devel/thrift/pkg-plist (Actually this is the creation of this pkg-plist >> file, it previously did not exist.) >> >> The conflicts have existed across the 3 since then. >> >> Someone on discord was trying to use both devel/thrift >> and devel/thrift-cpp , where devel/thrift-cpp would be >> in use in a way that uses what devel/thrift installs. >> >> The person having the problem also reported: >> >> QUOTE >> thrift-cpp-0.16.0_5 cmake has if( TRUE AND ON ) while thrift has if( FALSE >> AND OFF ) on line 83 for libevent dependency, otherwise they're identical. >> END QUOTE > > not sure how I can help here, I do not know the thrift-* ports. Okay. Just for reference for the cmake related changes that created the conflicts: https://github.com/freebsd/freebsd-ports/commit/db5b5f1ee3cb6273443f1b1063a000e8dbd2210b shows: QUOTE Security related update to 0.14.0. Changelog: https://github.com/apache/thrift/blob/master/CHANGES.md In the changelog I cannot find the information that this includes a security related fix. Neither in CVE database: https://www.cvedetails.com/product/38295/Apache-Thrift.html?vendor_id=45 But gitlab mentions it that it updates to version 0.14.0 to mitigate security concerns: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ This update is therefor required for the gitlab-ce security update to 13.9.2. Changed build system to cmake, this fixed problems if openssl from ports is used. It also improves the build performance by factor of CPUs available. Cmake also seems to be the recommended build system. mfechner mfechner committed on Mar 6, 2021 END QUOTE cmake related files are installed by the package and 2 of them have the same path in 3 different devel/thrift* ports, preventing more than 1 of 3 being installed at the same time. === Mark Millard marklmi at yahoo.com
