Bug 238049

Summary: textproc/libxslt: Update to 1.1.33, fix CVE-2019-11068
Product: Ports & Packages Reporter: Vinícius Zavam <egypcio>
Component: Individual Port(s)Assignee: freebsd-gnome (Nobody) <gnome>
Status: Closed FIXED    
Severity: Affects Only Me CC: egypcio, swills
Priority: --- Keywords: patch, security
Version: LatestFlags: bugzilla: maintainer-feedback? (gnome)
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238522
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239166
Attachments:
Description Flags
[PATCH] textproc/libxslt: update 1.1.32 to 1.1.33
none
[PATCH] textproc/libxslt: update to 1.1.33, fix CVE-2019-11068
none
[VUXML] security/vuxml: add CVE-2019-11068 none

Description Vinícius Zavam freebsd_committer freebsd_triage 2019-05-22 13:12:35 UTC 
Created attachment 204539 [details]
[PATCH] textproc/libxslt: update 1.1.32 to 1.1.33

update to latest stable version [0];
makepatch for few patches;
built fine for 11, 12 and 13 (poudriere);
pet portlint (keeping REFERENCE).

# svn diff --diff-cmd=diff -x -U99999 >ports_r502263_PATCH__textproc_libxslt.diff

testport ran againt the following jails:

  root@gaz:~ # poudriere jails -l | awk '{print $1}'
  JAILNAME
  11amd64
  11i386
  11armv6
  12amd64
  12i386
  12armv6
  13amd64
  13i386

[0] https://gitlab.gnome.org/GNOME/libxslt/commits/v1.1.33
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-01 03:07:03 UTC 
Bugfix release, MFH candidate
Comment 2 Vinícius Zavam freebsd_committer freebsd_triage 2019-06-24 10:29:07 UTC 
Created attachment 205310 [details]
[PATCH] textproc/libxslt: update to 1.1.33, fix CVE-2019-11068

textproc/libxslt: update to 1.1.33, fix CVE-2019-11068

 Makefile
  - update to 1.1.33;
  - while here, pet portlint.

 files/*
  - merged Bug 238522 [0];
  - patched against CVE-2019-11068 [1];

 testport OK for dependent ports, like:
   - textproc/rarian
   - textproc/asciidoc
   - security/xmlsec1

Obtained from: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

[0] https://svnweb.freebsd.org/ports?view=revision&revision=504090
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
Comment 3 Vinícius Zavam freebsd_committer freebsd_triage 2019-06-25 14:14:04 UTC 
Created attachment 205328 [details]
[VUXML] security/vuxml: add CVE-2019-11068
Comment 4 Vinícius Zavam freebsd_committer freebsd_triage 2019-07-16 13:09:15 UTC 
ping?
Comment 5 commit-hook freebsd_committer freebsd_triage 2019-07-16 16:13:18 UTC 
A commit references this bug:

Author: swills
Date: Tue Jul 16 16:12:27 UTC 2019
New revision: 506753
URL: https://svnweb.freebsd.org/changeset/ports/506753

Log:
  document libxslt issue

  PR:		238049
  Submitted by:	egypcio

Changes:
  head/security/vuxml/vuln.xml
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-07-16 16:13:19 UTC 
A commit references this bug:

Author: swills
Date: Tue Jul 16 16:12:40 UTC 2019
New revision: 506755
URL: https://svnweb.freebsd.org/changeset/ports/506755

Log:
  textproc/libxslt: Update to 1.1.33 [1], fix CVE-2019-11068 [2]

  PR:		239166 [1]
  PR:		238049 [2]
  Submitted by:	egypcio [2]
  Exp-run by:	antoine [1]
  Obtained from:	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 [2]

Changes:
  head/textproc/libxslt/Makefile
  head/textproc/libxslt/distinfo
  head/textproc/libxslt/files/patch-libxslt_documents.c
  head/textproc/libxslt/files/patch-libxslt_imports.c
  head/textproc/libxslt/files/patch-libxslt_transform.c
  head/textproc/libxslt/files/patch-libxslt_xslt.c
  head/textproc/libxslt/pkg-plist
Comment 7 Steve Wills freebsd_committer freebsd_triage 2019-07-16 16:20:15 UTC 
Committed, thanks!