Bug 178082 - [patch] mail/davmail depend on x11-toolkits/swt-devel to avoid having vulnerable libxul pulled in
Summary: [patch] mail/davmail depend on x11-toolkits/swt-devel to avoid having vulnera...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Emanuel Haupt
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-23 14:10 UTC by Emanuel Haupt
Modified: 2013-04-24 01:10 UTC (History)
0 users

See Also:


Attachments
davmail.patch (397 bytes, patch)
2013-04-23 14:10 UTC, Emanuel Haupt
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Emanuel Haupt freebsd_committer freebsd_triage 2013-04-23 14:10:03 UTC
mail/davmail currently depends on x11-toolkits/swt which requires www/libxul19.
www/libxul19 is very outdated and has multiple vulnerabilities.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-04-23 14:10:10 UTC
Maintainer of mail/davmail,

Please note that PR ports/178082 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/178082

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2013-04-23 14:10:11 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Emanuel Haupt freebsd_committer freebsd_triage 2013-04-23 15:18:10 UTC
Responsible Changed
From-To: freebsd-ports-bugs->ehaupt

I will take care of it.
Comment 4 Emanuel Haupt freebsd_committer freebsd_triage 2013-04-23 15:19:34 UTC
New patch:

--- patch begins here ---
Index: Makefile
===================================================================
--- Makefile    (revision 316354)
+++ Makefile    (working copy)
@@ -1,5 +1,4 @@
 # Created by: John Prather
-#
 # $FreeBSD$
 
 PORTNAME=      davmail
@@ -14,7 +13,7 @@
 
 LICENSE=       GPLv2
 
-RUN_DEPENDS=   swt>=3.5:${PORTSDIR}/x11-toolkits/swt
+RUN_DEPENDS=   ${JAVALIBDIR}/swt-devel.jar:${PORTSDIR}/x11-toolkits/swt-devel
 
 USE_ANT=       yes
 USE_JAVA=      yes
--- patch ends here ---
Comment 5 Emanuel Haupt freebsd_committer freebsd_triage 2013-04-23 16:40:20 UTC
I noticed that there is also a newer version. The following patch
implements:

- Update to 4.2.1
- Remove CR/LF from build.xml
- Use x11-toolkits/swt-devel which does not depend on
  vulnerable libxul version

--- patch begins here ---
Index: Makefile
===================================================================
--- Makefile	(revision 316357)
+++ Makefile	(working copy)
@@ -1,9 +1,8 @@
 # Created by: John Prather
-#
 # $FreeBSD$
 
 PORTNAME=	davmail
-PORTVERSION=	4.1.0
+PORTVERSION=	4.2.1
 CATEGORIES=	mail java
 MASTER_SITES=	SF/davmail/davmail/${PORTVERSION}
 DISTNAME=	${PORTNAME}-src-${PORTVERSION}-${REVISION}
@@ -14,15 +13,17 @@
 
 LICENSE=	GPLv2
 
-RUN_DEPENDS=	swt>=3.5:${PORTSDIR}/x11-toolkits/swt
+RUN_DEPENDS=	${JAVALIBDIR}/swt-devel.jar:${PORTSDIR}/x11-toolkits/swt-devel
 
+USE_DOS2UNIX=	build.xml
 USE_ANT=	yes
 USE_JAVA=	yes
 JAVA_VERSION=	1.6+
 ALL_TARGET=	release
-REVISION=	2042
+REVISION=	2089
 # port build number, same as on DISTNAME
 MAKE_ARGS=	-Drevision=${REVISION}
+MAKE_ENV+=	"ANT_OPTS=-Dfile.encoding=UTF-8"
 
 DATADIR=	${JAVASHAREDIR}/${PORTNAME}
 
Index: distinfo
===================================================================
--- distinfo	(revision 316357)
+++ distinfo	(working copy)
@@ -1,2 +1,2 @@
-SHA256 (davmail-src-4.1.0-2042.tgz) = eb0bec08e125b891ab6302ac5b86ac9a5e5b58bbd7fa178a00f5380b62cd58c5
-SIZE (davmail-src-4.1.0-2042.tgz) = 22433512
+SHA256 (davmail-src-4.2.1-2089.tgz) = 03d2a9d19723c03e253218f6de404580664741e9eb0afb7240703241b619af6a
+SIZE (davmail-src-4.2.1-2089.tgz) = 22503303
Index: files/patch-build.xml
===================================================================
--- files/patch-build.xml	(revision 316357)
+++ files/patch-build.xml	(working copy)
@@ -1,11 +1,11 @@
---- ./build.xml.orig	2012-01-13 19:17:31.000000000 -0800
-+++ ./build.xml	2012-01-13 19:46:34.000000000 -0800
-@@ -47,7 +47,7 @@
-     </target>
- 
-     <target name="defaultrelease" unless="is.svn">
--        <property name="release" value="${version}"/>
+--- build.xml.orig	2013-04-23 16:50:41.883412959 +0200
++++ build.xml	2013-04-23 16:51:32.230415374 +0200
+@@ -58,7 +58,7 @@
+     </target>
+ 
+     <target name="defaultrelease" unless="is.svn">
+-        <property name="release" value="${version}"/>
 +	<property name="release" value="${version}-${revision}"/>
-     </target>
- 
-     <target name="init" depends="check-java6, svnrelease, defaultrelease">
+     </target>
+ 
+     <target name="init" depends="check-encoding, check-java6, svnrelease, defaultrelease">
Index: pkg-plist
===================================================================
--- pkg-plist	(revision 316357)
+++ pkg-plist	(working copy)
@@ -6,7 +6,6 @@
 %%JAVASHAREDIR%%/davmail/lib/log4j-1.2.16.jar
 %%JAVASHAREDIR%%/davmail/lib/commons-collections-3.1.jar
 %%JAVASHAREDIR%%/davmail/lib/junit-3.8.1.jar
-%%JAVASHAREDIR%%/davmail/lib/jackrabbit-webdav-1.4.jar
 %%JAVASHAREDIR%%/davmail/lib/commons-codec-1.3.jar
 %%JAVASHAREDIR%%/davmail/lib/libgrowl-0.2.jar
 %%JAVASHAREDIR%%/davmail/lib/mail-1.4.3.jar
@@ -17,13 +16,18 @@
 %%JAVASHAREDIR%%/davmail/lib/jcifs-1.3.14.jar
 %%JAVASHAREDIR%%/davmail/lib/jdom-1.0.jar
 %%JAVASHAREDIR%%/davmail/lib/slf4j-api-1.3.1.jar
-%%JAVASHAREDIR%%/davmail/lib/htmlcleaner-2.1.jar
 %%JAVASHAREDIR%%/davmail/lib/xercesImpl-2.8.1.jar
 %%JAVASHAREDIR%%/davmail/lib/commons-httpclient-3.1.jar
 %%JAVASHAREDIR%%/davmail/lib/winrun4j-0.4.4.jar
 %%JAVASHAREDIR%%/davmail/lib/woodstox-core-asl-4.1.2.jar
 %%JAVASHAREDIR%%/davmail/lib/stax-api-1.0.1.jar
 %%JAVASHAREDIR%%/davmail/lib/stax2-api-3.1.1.jar
+%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/htmlcleaner-2.2.jar
+%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jackrabbit-webdav-2.4.3.jar
+%%JAVASHAREDIR%%/davmail/lib/htmlcleaner-2.2.jar
+%%JAVASHAREDIR%%/davmail/lib/jackrabbit-webdav-2.4.3.jar
+%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/htmlcleaner-2.2.jar
+%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jackrabbit-webdav-2.4.3.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/classes/davmail.properties
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/davmail.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/libgrowl-0.2.jar
@@ -34,10 +38,8 @@
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jdom-1.0.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/log4j-1.2.16.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/slf4j-api-1.3.1.jar
-%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/htmlcleaner-2.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/slf4j-log4j12-1.3.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/xercesImpl-2.8.1.jar
-%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jackrabbit-webdav-1.4.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/commons-collections-3.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/commons-httpclient-3.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jcifs-1.3.14.jar
@@ -54,8 +56,6 @@
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/commons-collections-3.1.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/commons-httpclient-3.1.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/commons-logging-1.0.4.jar
-%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/htmlcleaner-2.1.jar
-%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jackrabbit-webdav-1.4.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jcharset-1.3.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jcifs-1.3.14.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jdom-1.0.jar
--- patch ends here ---
Comment 6 john.c.prather 2013-04-24 00:46:54 UTC
You, gentlemen, are fantastic!  Thanks so much for the contributions, I've
skimmed the PR and it looks like we should roll with the 4.2.1 update,
cr/lf fix, and swt-devel requirement fix covered by Emanuel's patch at
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/178082#reply3 dated Tue,
23 Apr 2013 17:40:20 +0200.

Thanks!!!

-john





On Tue, Apr 23, 2013 at 6:10 AM, Edwin Groothuis <edwin@freebsd.org> wrote:

> Maintainer of mail/davmail,
>
> Please note that PR ports/178082 has just been submitted.
>
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
>
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/178082
>
> --
> Edwin Groothuis via the GNATS Auto Assign Tool
> edwin@FreeBSD.org
>
Comment 7 Emanuel Haupt freebsd_committer freebsd_triage 2013-04-24 01:02:20 UTC
State Changed
From-To: feedback->open

Feedback received.
Comment 8 dfilter service freebsd_committer freebsd_triage 2013-04-24 01:08:44 UTC
Author: ehaupt
Date: Wed Apr 24 00:08:36 2013
New Revision: 316399
URL: http://svnweb.freebsd.org/changeset/ports/316399

Log:
  - Update to 4.2.1
  - Remove CR/LF from build.xml
  - Use x11-toolkits/swt-devel which does not depend on vulnerable libxul version
  - Get rid of CR/LF's
  
  PR:		178082
  Approved by:	John Prather <john.c.prather@gmail.com> (maintainer)

Modified:
  head/mail/davmail/Makefile
  head/mail/davmail/distinfo
  head/mail/davmail/files/patch-build.xml
  head/mail/davmail/pkg-plist

Modified: head/mail/davmail/Makefile
==============================================================================
--- head/mail/davmail/Makefile	Tue Apr 23 22:37:59 2013	(r316398)
+++ head/mail/davmail/Makefile	Wed Apr 24 00:08:36 2013	(r316399)
@@ -1,9 +1,8 @@
 # Created by: John Prather
-#
 # $FreeBSD$
 
 PORTNAME=	davmail
-PORTVERSION=	4.1.0
+PORTVERSION=	4.2.1
 CATEGORIES=	mail java
 MASTER_SITES=	SF/davmail/davmail/${PORTVERSION}
 DISTNAME=	${PORTNAME}-src-${PORTVERSION}-${REVISION}
@@ -14,15 +13,17 @@ COMMENT=	POP/IMAP/SMTP/Caldav/Carddav/LD
 
 LICENSE=	GPLv2
 
-RUN_DEPENDS=	swt>=3.5:${PORTSDIR}/x11-toolkits/swt
+RUN_DEPENDS=	${JAVALIBDIR}/swt-devel.jar:${PORTSDIR}/x11-toolkits/swt-devel
 
+USE_DOS2UNIX=	build.xml
 USE_ANT=	yes
 USE_JAVA=	yes
 JAVA_VERSION=	1.6+
 ALL_TARGET=	release
-REVISION=	2042
+REVISION=	2089
 # port build number, same as on DISTNAME
 MAKE_ARGS=	-Drevision=${REVISION}
+MAKE_ENV+=	"ANT_OPTS=-Dfile.encoding=UTF-8"
 
 DATADIR=	${JAVASHAREDIR}/${PORTNAME}
 

Modified: head/mail/davmail/distinfo
==============================================================================
--- head/mail/davmail/distinfo	Tue Apr 23 22:37:59 2013	(r316398)
+++ head/mail/davmail/distinfo	Wed Apr 24 00:08:36 2013	(r316399)
@@ -1,2 +1,2 @@
-SHA256 (davmail-src-4.1.0-2042.tgz) = eb0bec08e125b891ab6302ac5b86ac9a5e5b58bbd7fa178a00f5380b62cd58c5
-SIZE (davmail-src-4.1.0-2042.tgz) = 22433512
+SHA256 (davmail-src-4.2.1-2089.tgz) = 03d2a9d19723c03e253218f6de404580664741e9eb0afb7240703241b619af6a
+SIZE (davmail-src-4.2.1-2089.tgz) = 22503303

Modified: head/mail/davmail/files/patch-build.xml
==============================================================================
--- head/mail/davmail/files/patch-build.xml	Tue Apr 23 22:37:59 2013	(r316398)
+++ head/mail/davmail/files/patch-build.xml	Wed Apr 24 00:08:36 2013	(r316399)
@@ -1,11 +1,11 @@
---- ./build.xml.orig	2012-01-13 19:17:31.000000000 -0800
-+++ ./build.xml	2012-01-13 19:46:34.000000000 -0800
-@@ -47,7 +47,7 @@
-     </target>
- 
-     <target name="defaultrelease" unless="is.svn">
--        <property name="release" value="${version}"/>
+--- build.xml.orig	2013-04-23 16:50:41.883412959 +0200
++++ build.xml	2013-04-23 16:51:32.230415374 +0200
+@@ -58,7 +58,7 @@
+     </target>
+ 
+     <target name="defaultrelease" unless="is.svn">
+-        <property name="release" value="${version}"/>
 +	<property name="release" value="${version}-${revision}"/>
-     </target>
- 
-     <target name="init" depends="check-java6, svnrelease, defaultrelease">
+     </target>
+ 
+     <target name="init" depends="check-encoding, check-java6, svnrelease, defaultrelease">

Modified: head/mail/davmail/pkg-plist
==============================================================================
--- head/mail/davmail/pkg-plist	Tue Apr 23 22:37:59 2013	(r316398)
+++ head/mail/davmail/pkg-plist	Wed Apr 24 00:08:36 2013	(r316399)
@@ -6,7 +6,6 @@ etc/davmail.properties.sample
 %%JAVASHAREDIR%%/davmail/lib/log4j-1.2.16.jar
 %%JAVASHAREDIR%%/davmail/lib/commons-collections-3.1.jar
 %%JAVASHAREDIR%%/davmail/lib/junit-3.8.1.jar
-%%JAVASHAREDIR%%/davmail/lib/jackrabbit-webdav-1.4.jar
 %%JAVASHAREDIR%%/davmail/lib/commons-codec-1.3.jar
 %%JAVASHAREDIR%%/davmail/lib/libgrowl-0.2.jar
 %%JAVASHAREDIR%%/davmail/lib/mail-1.4.3.jar
@@ -17,13 +16,18 @@ etc/davmail.properties.sample
 %%JAVASHAREDIR%%/davmail/lib/jcifs-1.3.14.jar
 %%JAVASHAREDIR%%/davmail/lib/jdom-1.0.jar
 %%JAVASHAREDIR%%/davmail/lib/slf4j-api-1.3.1.jar
-%%JAVASHAREDIR%%/davmail/lib/htmlcleaner-2.1.jar
 %%JAVASHAREDIR%%/davmail/lib/xercesImpl-2.8.1.jar
 %%JAVASHAREDIR%%/davmail/lib/commons-httpclient-3.1.jar
 %%JAVASHAREDIR%%/davmail/lib/winrun4j-0.4.4.jar
 %%JAVASHAREDIR%%/davmail/lib/woodstox-core-asl-4.1.2.jar
 %%JAVASHAREDIR%%/davmail/lib/stax-api-1.0.1.jar
 %%JAVASHAREDIR%%/davmail/lib/stax2-api-3.1.1.jar
+%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/htmlcleaner-2.2.jar
+%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jackrabbit-webdav-2.4.3.jar
+%%JAVASHAREDIR%%/davmail/lib/htmlcleaner-2.2.jar
+%%JAVASHAREDIR%%/davmail/lib/jackrabbit-webdav-2.4.3.jar
+%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/htmlcleaner-2.2.jar
+%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jackrabbit-webdav-2.4.3.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/classes/davmail.properties
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/davmail.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/libgrowl-0.2.jar
@@ -34,10 +38,8 @@ etc/davmail.properties.sample
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jdom-1.0.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/log4j-1.2.16.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/slf4j-api-1.3.1.jar
-%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/htmlcleaner-2.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/slf4j-log4j12-1.3.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/xercesImpl-2.8.1.jar
-%%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jackrabbit-webdav-1.4.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/commons-collections-3.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/commons-httpclient-3.1.jar
 %%JAVASHAREDIR%%/davmail/web/WEB-INF/lib/jcifs-1.3.14.jar
@@ -54,8 +56,6 @@ etc/davmail.properties.sample
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/commons-collections-3.1.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/commons-httpclient-3.1.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/commons-logging-1.0.4.jar
-%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/htmlcleaner-2.1.jar
-%%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jackrabbit-webdav-1.4.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jcharset-1.3.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jcifs-1.3.14.jar
 %%JAVASHAREDIR%%/davmail/DavMail.app/Contents/Resources/Java/jdom-1.0.jar
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 9 Emanuel Haupt freebsd_committer freebsd_triage 2013-04-24 01:10:14 UTC
State Changed
From-To: open->closed

Committed, thank you very much for the quick and friendly response!