Bug 238049 - textproc/libxslt: Update to 1.1.33, fix CVE-2019-11068
Summary: textproc/libxslt: Update to 1.1.33, fix CVE-2019-11068
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-gnome mailing list
URL: https://gitlab.gnome.org/GNOME/libxsl...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2019-05-22 13:12 UTC by Vinícius Zavam
Modified: 2019-07-16 16:20 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (gnome)
koobs: merge-quarterly?


Attachments
[PATCH] textproc/libxslt: update 1.1.32 to 1.1.33 (7.78 KB, patch)
2019-05-22 13:12 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] textproc/libxslt: update to 1.1.33, fix CVE-2019-11068 (8.79 KB, patch)
2019-06-24 10:29 UTC, Vinícius Zavam
no flags Details | Diff
[VUXML] security/vuxml: add CVE-2019-11068 (1.38 KB, patch)
2019-06-25 14:14 UTC, Vinícius Zavam
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Vinícius Zavam freebsd_committer 2019-05-22 13:12:35 UTC
Created attachment 204539 [details]
[PATCH] textproc/libxslt: update 1.1.32 to 1.1.33

update to latest stable version [0];
makepatch for few patches;
built fine for 11, 12 and 13 (poudriere);
pet portlint (keeping REFERENCE).

# svn diff --diff-cmd=diff -x -U99999 >ports_r502263_PATCH__textproc_libxslt.diff

testport ran againt the following jails:

  root@gaz:~ # poudriere jails -l | awk '{print $1}'
  JAILNAME
  11amd64
  11i386
  11armv6
  12amd64
  12i386
  12armv6
  13amd64
  13i386

[0] https://gitlab.gnome.org/GNOME/libxslt/commits/v1.1.33
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-01 03:07:03 UTC
Bugfix release, MFH candidate
Comment 2 Vinícius Zavam freebsd_committer 2019-06-24 10:29:07 UTC
Created attachment 205310 [details]
[PATCH] textproc/libxslt: update to 1.1.33, fix CVE-2019-11068

textproc/libxslt: update to 1.1.33, fix CVE-2019-11068

 Makefile
  - update to 1.1.33;
  - while here, pet portlint.

 files/*
  - merged Bug 238522 [0];
  - patched against CVE-2019-11068 [1];

 testport OK for dependent ports, like:
   - textproc/rarian
   - textproc/asciidoc
   - security/xmlsec1

Obtained from: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

[0] https://svnweb.freebsd.org/ports?view=revision&revision=504090
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
Comment 3 Vinícius Zavam freebsd_committer 2019-06-25 14:14:04 UTC
Created attachment 205328 [details]
[VUXML] security/vuxml: add CVE-2019-11068
Comment 4 Vinícius Zavam freebsd_committer 2019-07-16 13:09:15 UTC
ping?
Comment 5 commit-hook freebsd_committer 2019-07-16 16:13:18 UTC
A commit references this bug:

Author: swills
Date: Tue Jul 16 16:12:27 UTC 2019
New revision: 506753
URL: https://svnweb.freebsd.org/changeset/ports/506753

Log:
  document libxslt issue

  PR:		238049
  Submitted by:	egypcio

Changes:
  head/security/vuxml/vuln.xml
Comment 6 commit-hook freebsd_committer 2019-07-16 16:13:19 UTC
A commit references this bug:

Author: swills
Date: Tue Jul 16 16:12:40 UTC 2019
New revision: 506755
URL: https://svnweb.freebsd.org/changeset/ports/506755

Log:
  textproc/libxslt: Update to 1.1.33 [1], fix CVE-2019-11068 [2]

  PR:		239166 [1]
  PR:		238049 [2]
  Submitted by:	egypcio [2]
  Exp-run by:	antoine [1]
  Obtained from:	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 [2]

Changes:
  head/textproc/libxslt/Makefile
  head/textproc/libxslt/distinfo
  head/textproc/libxslt/files/patch-libxslt_documents.c
  head/textproc/libxslt/files/patch-libxslt_imports.c
  head/textproc/libxslt/files/patch-libxslt_transform.c
  head/textproc/libxslt/files/patch-libxslt_xslt.c
  head/textproc/libxslt/pkg-plist
Comment 7 Steve Wills freebsd_committer 2019-07-16 16:20:15 UTC
Committed, thanks!