Bug 253828 - security/vuxml: Update vulnerabilities in ruby, jruby
Summary: security/vuxml: Update vulnerabilities in ruby, jruby
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-24 21:54 UTC by Thomas Hurst
Modified: 2024-02-12 14:04 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
Incomplete patch, modifying 3 entries and adding 1 (3.57 KB, patch)
2021-02-24 21:54 UTC, Thomas Hurst
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Hurst 2021-02-24 21:54:30 UTC
Created attachment 222802 [details]
Incomplete patch, modifying 3 entries and adding 1

Some Ruby-only entries also needed to apply to JRuby.  A Ruby entry was also missing.

The patch is incomplete - in particular the ruby versions likely need tweaking to match the port versions.  Sadly I'm a bit stuck because I can't get pkg to parse it and make validate hangs with:

/usr/local/bin/xmllint --valid --noout /usr/local/poudriere/ports/default/security/vuxml/vuln-flat.xml
/usr/local/share/xml/catalog.ports:1: parser error : Start tag expected, '<' not found
PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-

A plain parse-only xmllint passes fine so I'm not really sure what's going on.
Comment 1 Li-Wen Hsu freebsd_committer freebsd_triage 2021-02-25 04:33:33 UTC
Also add maintainers because everyone is welcomed to update vuxml, and more encouraged by the maintainers.
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2022-04-27 10:18:53 UTC
^Triage Reset assignee (timeout; 14 months), leave in CC (port maintainer)

@Thomas Does this still need addressing (it hasnt been correctly elsewhere in the meantime?)
Comment 3 Thomas Hurst 2022-04-27 14:29:49 UTC
(In reply to Kubilay Kocak from comment #2)

None of these have been applied in other forms, no.  At this point they're more of historic interest.
Comment 4 Jochen Neumeister freebsd_committer freebsd_triage 2024-02-12 13:00:07 UTC
Is this PR still relevant or can it be closed?
Comment 5 Thomas Hurst 2024-02-12 14:04:12 UTC
It's an old issue in EOL Ruby, on a gem nobody should be using in a production context anyway.  Probably not worth the effort of applying at this point.