Bug 253828 - security/vuxml: Update vulnerabilities in ruby, jruby
Summary: security/vuxml: Update vulnerabilities in ruby, jruby
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-24 21:54 UTC by Thomas Hurst
Modified: 2021-02-25 04:33 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
Incomplete patch, modifying 3 entries and adding 1 (3.57 KB, patch)
2021-02-24 21:54 UTC, Thomas Hurst
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Hurst 2021-02-24 21:54:30 UTC
Created attachment 222802 [details]
Incomplete patch, modifying 3 entries and adding 1

Some Ruby-only entries also needed to apply to JRuby.  A Ruby entry was also missing.

The patch is incomplete - in particular the ruby versions likely need tweaking to match the port versions.  Sadly I'm a bit stuck because I can't get pkg to parse it and make validate hangs with:

/usr/local/bin/xmllint --valid --noout /usr/local/poudriere/ports/default/security/vuxml/vuln-flat.xml
/usr/local/share/xml/catalog.ports:1: parser error : Start tag expected, '<' not found
PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-

A plain parse-only xmllint passes fine so I'm not really sure what's going on.
Comment 1 Li-Wen Hsu freebsd_committer 2021-02-25 04:33:33 UTC
Also add maintainers because everyone is welcomed to update vuxml, and more encouraged by the maintainers.