Bug 238049 - textproc/libxslt: Update to 1.1.33, fix CVE-2019-11068
Summary: textproc/libxslt: Update to 1.1.33, fix CVE-2019-11068
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-gnome (Nobody)
URL: https://gitlab.gnome.org/GNOME/libxsl...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2019-05-22 13:12 UTC by Vinícius Zavam
Modified: 2019-07-16 16:20 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (gnome)
koobs: merge-quarterly?

Attachments
[PATCH] textproc/libxslt: update 1.1.32 to 1.1.33 (7.78 KB, patch)
2019-05-22 13:12 UTC, Vinícius Zavam 		no flags Details | Diff
[PATCH] textproc/libxslt: update to 1.1.33, fix CVE-2019-11068 (8.79 KB, patch)
2019-06-24 10:29 UTC, Vinícius Zavam 		no flags Details | Diff
[VUXML] security/vuxml: add CVE-2019-11068 (1.38 KB, patch)
2019-06-25 14:14 UTC, Vinícius Zavam 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vinícius Zavam freebsd_committer freebsd_triage 2019-05-22 13:12:35 UTC 
Created attachment 204539 [details]
[PATCH] textproc/libxslt: update 1.1.32 to 1.1.33

update to latest stable version [0];
makepatch for few patches;
built fine for 11, 12 and 13 (poudriere);
pet portlint (keeping REFERENCE).

# svn diff --diff-cmd=diff -x -U99999 >ports_r502263_PATCH__textproc_libxslt.diff

testport ran againt the following jails:

  root@gaz:~ # poudriere jails -l | awk '{print $1}'
  JAILNAME
  11amd64
  11i386
  11armv6
  12amd64
  12i386
  12armv6
  13amd64
  13i386

[0] https://gitlab.gnome.org/GNOME/libxslt/commits/v1.1.33
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-01 03:07:03 UTC 
Bugfix release, MFH candidate
Comment 2 Vinícius Zavam freebsd_committer freebsd_triage 2019-06-24 10:29:07 UTC 
Created attachment 205310 [details]
[PATCH] textproc/libxslt: update to 1.1.33, fix CVE-2019-11068

textproc/libxslt: update to 1.1.33, fix CVE-2019-11068

 Makefile
  - update to 1.1.33;
  - while here, pet portlint.

 files/*
  - merged Bug 238522 [0];
  - patched against CVE-2019-11068 [1];

 testport OK for dependent ports, like:
   - textproc/rarian
   - textproc/asciidoc
   - security/xmlsec1

Obtained from: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

[0] https://svnweb.freebsd.org/ports?view=revision&revision=504090
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
Comment 3 Vinícius Zavam freebsd_committer freebsd_triage 2019-06-25 14:14:04 UTC 
Created attachment 205328 [details]
[VUXML] security/vuxml: add CVE-2019-11068
Comment 4 Vinícius Zavam freebsd_committer freebsd_triage 2019-07-16 13:09:15 UTC 
ping?
Comment 5 commit-hook freebsd_committer freebsd_triage 2019-07-16 16:13:18 UTC 
A commit references this bug:

Author: swills
Date: Tue Jul 16 16:12:27 UTC 2019
New revision: 506753
URL: https://svnweb.freebsd.org/changeset/ports/506753

Log:
  document libxslt issue

  PR:		238049
  Submitted by:	egypcio

Changes:
  head/security/vuxml/vuln.xml
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-07-16 16:13:19 UTC 
A commit references this bug:

Author: swills
Date: Tue Jul 16 16:12:40 UTC 2019
New revision: 506755
URL: https://svnweb.freebsd.org/changeset/ports/506755

Log:
  textproc/libxslt: Update to 1.1.33 [1], fix CVE-2019-11068 [2]

  PR:		239166 [1]
  PR:		238049 [2]
  Submitted by:	egypcio [2]
  Exp-run by:	antoine [1]
  Obtained from:	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 [2]

Changes:
  head/textproc/libxslt/Makefile
  head/textproc/libxslt/distinfo
  head/textproc/libxslt/files/patch-libxslt_documents.c
  head/textproc/libxslt/files/patch-libxslt_imports.c
  head/textproc/libxslt/files/patch-libxslt_transform.c
  head/textproc/libxslt/files/patch-libxslt_xslt.c
  head/textproc/libxslt/pkg-plist
Comment 7 Steve Wills freebsd_committer freebsd_triage 2019-07-16 16:20:15 UTC 
Committed, thanks!