Ryan wrote: > > After seeing a security advisory on one of the xorg ports and > > realizing that we hadn't updated a bunch of them in a while and that > > xquartz (the project) seems pretty dead, I started going in and > > updating various things in xorg-* that hadn't been updated in a while. > > XQuartz and the MacPorts xorg-* ports are both maintained by Jeremy, > who as you know hasn't been very active in MacPorts > lately. Previously he's been good about these updates, but it > wouldn't surprise me if he has other commitments at work right > now, given that the next OS is just around the corner.
It looks like we're a couple years behind on the xorg-server update, which has CVEs against it, so I think it may be necessary for me (hopefully with help from others) to do that one. > > There's also the curious case of xorg-libXfont2, where our version > > seems to be ahead of the livecheck version, and I'm just plain > > confused about what is going on. > > For me, livecheck shows that xorg-libXfont2 is up to date. The livecheck was broken. After that got fixed, I did the update successfully. I've done a boatload of updates on the xorg stuff so far. I intend to do the remaining "easy" ones. After that, I am going to try tackling the xorg-server one, though I feel a bit uncomfortable given how involved it is. There are others, like "mesa", that are not in xorg that also need love. Assistance on these would be welcome. I've spent some hours on it already, but I have limited time and it seems like there is a lot to do. Normally I'd say there's no rush, but CVEs make me nervous. Perry -- Perry E. Metzger [email protected]
