Created attachment 208516 [details] update ; add CVE patch Built fine in poudriere for: 12/13-amd64 12/13-i386 and 12arm64 Updated to 5.37; Cherry-picked from Github URL listed for CVE-2019-18218 listed here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/90736914
Hold off on this patch, noticed one thing I have to fix in the patch, will fix soon :)
Nervermind, relooking at it, and retesting patch, it does apply correctly after all, so feel free to continue
^Triage: Pending VuXML entry
Created attachment 208539 [details] VuXML entry
Approved, albeit without personally testing. Thanks!
A commit references this bug: Author: rakuco Date: Sat Nov 2 12:19:34 UTC 2019 New revision: 516308 URL: https://svnweb.freebsd.org/changeset/ports/516308 Log: Add entry for heap buffer overflow in sysutils/file. PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: rakuco Date: Sat Nov 2 12:23:41 UTC 2019 New revision: 516311 URL: https://svnweb.freebsd.org/changeset/ports/516311 Log: Update to 5.37 with patch for CVE-2019-18218. PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) MFH: 2019Q4 Security: 381deebb-f5c9-11e9-9c4f-74d435e60b7c Changes: head/sysutils/file/Makefile head/sysutils/file/distinfo head/sysutils/file/files/ head/sysutils/file/files/patch-src_cdf.c head/sysutils/file/files/patch-src_cdf.h
A commit references this bug: Author: rakuco Date: Sat Nov 2 12:26:06 UTC 2019 New revision: 516312 URL: https://svnweb.freebsd.org/changeset/ports/516312 Log: Adjust entry 381deebb-f5c9-11e9-9c4f-74d435e60b7c for sysutils/file. Upstream version 5.37 is vulnerable, but the update to 5.37 in the ports tree was landed with a fix for the CVE entry. PR: 241424 Changes: head/security/vuxml/vuln.xml
Thank you!
A commit references this bug: Author: rakuco Date: Sun Nov 3 11:53:37 UTC 2019 New revision: 516412 URL: https://svnweb.freebsd.org/changeset/ports/516412 Log: MFH: r516311 Update to 5.37 with patch for CVE-2019-18218. PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) Security: 381deebb-f5c9-11e9-9c4f-74d435e60b7c Approved by: ports-secteam (miwi) Changes: _U branches/2019Q4/ branches/2019Q4/sysutils/file/Makefile branches/2019Q4/sysutils/file/distinfo branches/2019Q4/sysutils/file/files/