Created attachment 188988 [details] patch file * Add patches to fix following security vulnerabilities. ** CVE-2017-16548 ** CVE-2017-17433 ** CVE-2017-17434 * Bump PORTREVISION. * Move position of PORTREVISION in Makefile to fix portlint warning.
I submitted bug #224478 that adds entry for these security vulnerabilities to security/vuxml. So please commit it too. And FYI patches are obtained from Debian.
A commit references this bug: Author: ehaupt Date: Wed Dec 20 14:18:21 UTC 2017 New revision: 456798 URL: https://svnweb.freebsd.org/changeset/ports/456798 Log: - Add patches [1] to fix following security vulnerabilities: * CVE-2017-16548 * CVE-2017-17433 * CVE-2017-17434 - Bump PORTREVISION - Move position of PORTREVISION in Makefile to fix portlint warning PR: 224477 Submitted by: yasu@utahime.org Obtained from: debian MFH: 2017Q4 (blanket) Changes: head/net/rsync/Makefile head/net/rsync/files/patch-CVE-2017-16548 head/net/rsync/files/patch-CVE-2017-17433 head/net/rsync/files/patch-CVE-2017-17434-1 head/net/rsync/files/patch-CVE-2017-17434-2
A commit references this bug: Author: ehaupt Date: Wed Dec 20 14:19:35 UTC 2017 New revision: 456800 URL: https://svnweb.freebsd.org/changeset/ports/456800 Log: MFH: r456798 - Add patches [1] to fix following security vulnerabilities: * CVE-2017-16548 * CVE-2017-17433 * CVE-2017-17434 - Bump PORTREVISION - Move position of PORTREVISION in Makefile to fix portlint warning PR: 224477 Submitted by: yasu@utahime.org Obtained from: debian Approved by: ports-secteam (blanket) Changes: _U branches/2017Q4/ branches/2017Q4/net/rsync/Makefile branches/2017Q4/net/rsync/files/patch-CVE-2017-16548 branches/2017Q4/net/rsync/files/patch-CVE-2017-17433 branches/2017Q4/net/rsync/files/patch-CVE-2017-17434-1 branches/2017Q4/net/rsync/files/patch-CVE-2017-17434-2
Thank you very much for this high quality patch. I've committed the patch to head and 2017Q4. I've also taken care of the VuXML entry.