Bug 258354 - graphics/libpano13: Update to 2.9.20
Summary: graphics/libpano13: Update to 2.9.20
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Daniel Engberg
URL: https://sourceforge.net/projects/pano...
Keywords: security
Depends on:
Blocks:
 
Reported: 2021-09-07 22:16 UTC by Robert Clausecker
Modified: 2021-09-23 21:08 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback? (ports-secteam)
fuz: merge-quarterly?


Attachments
graphics/libpano13: update to 2.9.20 (2.98 KB, patch)
2021-09-07 22:16 UTC, Robert Clausecker
no flags Details | Diff
graphics/libpano13: update to 2.9.20 (14.26 KB, patch)
2021-09-12 15:18 UTC, Robert Clausecker
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clausecker freebsd_committer freebsd_triage 2021-09-07 22:16:35 UTC
Created attachment 227749 [details]
graphics/libpano13: update to 2.9.20

Update graphics/libpano13 to 2.9.20.

This update fixes CVE-2021-20307, a format string vulnerability.
Add a vuxml entry for this vulnerability.
Take over maintainership of this unmaintained port.
Pet portclippy.

Tested with Poudriere on amd64 arm64 armv7 FreeBSD 13.0-RELEASE.

Changes: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/README.txt
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-09-11 23:45:52 UTC
^Triage: Ports Secteam can you take care of this please (currently unmaintained port)
Comment 2 Robert Clausecker freebsd_committer freebsd_triage 2021-09-12 15:18:38 UTC
Created attachment 227857 [details]
graphics/libpano13: update to 2.9.20

Replace patch with updated patch that also changes the build system to cmake and cleans up old dependencies and patches.
Comment 3 Robert Clausecker freebsd_committer freebsd_triage 2021-09-12 22:06:29 UTC
As discovered by Daniel Engbert, there are failing unit tests in graphics/libpano13.  Upstream was informed of this issue and suggests that the test suite might be faulty.  So for now we do not consider the unit test failures to be indicative of a problem with the code base.

https://groups.google.com/g/hugin-ptx/c/leMFlRYImvQ
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-09-20 06:09:45 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b81f505eafc795139b80b8a68bdb860d91337be2

commit b81f505eafc795139b80b8a68bdb860d91337be2
Author:     Robert Clausecker <fuz@fuz.su>
AuthorDate: 2021-09-20 05:57:48 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2021-09-20 06:09:13 +0000

    graphics/libpano13: Update to 2.9.20

    Submitter becomes maintainer
    Upstream have confirmed unit tests to be broken so they're disabled
    for now.

    Changelog: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/

    PR:             258354
    Approved by:    tcberner
    Differential Revision:  https://reviews.freebsd.org/D31925

 graphics/libpano13/Makefile                        | 36 ++++-------
 graphics/libpano13/distinfo                        |  5 +-
 .../libpano13/files/patch-CMakeLists.txt (new)     | 36 +++++++++++
 graphics/libpano13/files/patch-Makefile.am (gone)  | 29 ---------
 graphics/libpano13/files/patch-configure.ac (gone) | 22 -------
 .../files/patch-m4_ax_check_graphics.m4 (gone)     | 74 ----------------------
 .../files/patch-m4_ax_check_java.m4 (gone)         | 21 ------
 .../libpano13/files/patch-tools_Makefile.am (gone) | 28 --------
 graphics/libpano13/pkg-plist                       | 32 ++++++----
 9 files changed, 70 insertions(+), 213 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-09-20 06:31:49 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8917d9a116c8ee08984a2951e8a415f6e06afc76

commit 8917d9a116c8ee08984a2951e8a415f6e06afc76
Author:     Robert Clausecker <fuz@fuz.su>
AuthorDate: 2021-09-20 06:25:59 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2021-09-20 06:26:06 +0000

    security/vuxml: Add entry for libpano13 < 2.9.20

    PR:             258354
    Approved by:    tcberner
    Differential Revision:  https://reviews.freebsd.org/D31980

 security/vuxml/vuln-2021.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
Comment 6 Daniel Engberg freebsd_committer freebsd_triage 2021-09-20 06:35:09 UTC
Committed with some minor changes, thanks!
Comment 7 commit-hook freebsd_committer freebsd_triage 2021-09-23 21:08:46 UTC
A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0d9036a6d38cb7c434eff4d48828cda4db24383e

commit 0d9036a6d38cb7c434eff4d48828cda4db24383e
Author:     Robert Clausecker <fuz@fuz.su>
AuthorDate: 2021-09-20 05:57:48 +0000
Commit:     Joseph Mingrone <jrm@FreeBSD.org>
CommitDate: 2021-09-23 19:43:39 +0000

    graphics/libpano13: Update to 2.9.20

    Submitter becomes maintainer
    Upstream have confirmed unit tests to be broken so they're disabled
    for now.

    Changelog: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/

    PR:             258354
    Approved by:    tcberner
    Differential Revision:  https://reviews.freebsd.org/D31925

    (cherry picked from commit b81f505eafc795139b80b8a68bdb860d91337be2)

 graphics/libpano13/Makefile                        | 36 ++++-------
 graphics/libpano13/distinfo                        |  5 +-
 .../libpano13/files/patch-CMakeLists.txt (new)     | 36 +++++++++++
 graphics/libpano13/files/patch-Makefile.am (gone)  | 29 ---------
 graphics/libpano13/files/patch-configure.ac (gone) | 22 -------
 .../files/patch-m4_ax_check_graphics.m4 (gone)     | 74 ----------------------
 .../files/patch-m4_ax_check_java.m4 (gone)         | 21 ------
 .../libpano13/files/patch-tools_Makefile.am (gone) | 28 --------
 graphics/libpano13/pkg-plist                       | 32 ++++++----
 9 files changed, 70 insertions(+), 213 deletions(-)