Bug 259590 - graphics/libemf: update to 1.0.13
Summary: graphics/libemf: update to 1.0.13
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: FreeBSD Office Team
URL: https://sourceforge.net/projects/libe...
Keywords: security
Depends on:
Blocks:
 
Reported: 2021-11-01 12:54 UTC by Robert Clausecker
Modified: 2021-11-02 19:11 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (office)
fuz: merge-quarterly?

Attachments
graphics/libemf: update to 1.0.13 (21.34 KB, patch)
2021-11-01 12:54 UTC, Robert Clausecker 		fuz: maintainer-approval? (office)
 Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clausecker freebsd_committer freebsd_triage 2021-11-01 12:54:58 UTC 
Created attachment 229190 [details]
graphics/libemf: update to 1.0.13

This update fixes a number of vulnerabilities:

CVE-2020-13999 (fixed in 1.0.13)
CVE-2020-11863 (fixed in 1.0.12)
CVE-2020-11864 (fixed in 1.0.12)
CVE-2020-11865 (fixed in 1.0.12)
CVE-2020-11866 (fixed in 1.0.12)

While there, hooked up the test suite and took maintainership
of this unmaintained port.

Tested with Poudriere on armv6 arm64 i386 amd64 FreeBSD 13.
Tested that the dependent ports still build (except for
science/chemtool-devel which is marked as BROKEN).

Please MFH as this is a security update.
Comment 1 Dima Panov freebsd_committer freebsd_triage 2021-11-02 17:16:38 UTC 
(In reply to Robert Clausecker from comment #0)

Moin!

Thanks for report, mini-exp-run is running on my buildbox, update will be committed soon.

BTW, why you decide to clause port as 'unmaintained'? It belonged to office@ team and maintaned as our small team free time allows to keep it fresh.

Dima, on behalf of office@ team
Comment 2 Robert Clausecker freebsd_committer freebsd_triage 2021-11-02 17:18:57 UTC 
(In reply to Dima Panov from comment #1)

Hi Dima,

I'm sorry for the mistake.  I was under the impression that office@ was one of these catch-all maintainer lists.  Please ignore my request to take maintainership then.

Let me know if you have any further questions.
Comment 3 commit-hook freebsd_committer freebsd_triage 2021-11-02 19:08:02 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=ebe5436797c8854e0ca72cd029642d9f589ee66a

commit ebe5436797c8854e0ca72cd029642d9f589ee66a
Author:     Dima Panov <fluffy@FreeBSD.org>
AuthorDate: 2021-11-02 19:04:41 +0000
Commit:     Dima Panov <fluffy@FreeBSD.org>
CommitDate: 2021-11-02 19:07:27 +0000

    graphics/libemf: update to 1.0.13 release

    This update fixes a number of vulnerabilities:

    CVE-2020-13999 (fixed in 1.0.13)
    CVE-2020-11863 (fixed in 1.0.12)
    CVE-2020-11864 (fixed in 1.0.12)
    CVE-2020-11865 (fixed in 1.0.12)
    CVE-2020-11866 (fixed in 1.0.12)

    PR:     259590
    MFH:    2021Q4

 graphics/libemf/Makefile                           |   7 +-
 graphics/libemf/distinfo                           |   5 +-
 .../files/patch-include_libEMF_wine_winnt.h (gone) | 202 ----------------
 .../libemf/files/patch-libemf_libemf.cpp (new)     |  12 +
 graphics/libemf/pkg-plist                          | 258 +++++++++++++++++++++
 5 files changed, 277 insertions(+), 207 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-11-02 19:10:03 UTC 
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=17fe24e924610af7afc08d1953687913cc7d803b

commit 17fe24e924610af7afc08d1953687913cc7d803b
Author:     Dima Panov <fluffy@FreeBSD.org>
AuthorDate: 2021-11-02 19:04:41 +0000
Commit:     Dima Panov <fluffy@FreeBSD.org>
CommitDate: 2021-11-02 19:09:25 +0000

    graphics/libemf: update to 1.0.13 release

    This update fixes a number of vulnerabilities:

    CVE-2020-13999 (fixed in 1.0.13)
    CVE-2020-11863 (fixed in 1.0.12)
    CVE-2020-11864 (fixed in 1.0.12)
    CVE-2020-11865 (fixed in 1.0.12)
    CVE-2020-11866 (fixed in 1.0.12)

    PR:     259590
    MFH:    2021Q4
    (cherry picked from commit ebe5436797c8854e0ca72cd029642d9f589ee66a)

 graphics/libemf/Makefile                           |   7 +-
 graphics/libemf/distinfo                           |   5 +-
 .../files/patch-include_libEMF_wine_winnt.h (gone) | 202 ----------------
 .../libemf/files/patch-libemf_libemf.cpp (new)     |  12 +
 graphics/libemf/pkg-plist                          | 258 +++++++++++++++++++++
 5 files changed, 277 insertions(+), 207 deletions(-)
Comment 5 Dima Panov freebsd_committer freebsd_triage 2021-11-02 19:11:01 UTC 
Pushed, thanks!