Bug 258354 - graphics/libpano13: Update to 2.9.20
Summary: graphics/libpano13: Update to 2.9.20
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Daniel Engberg
URL: https://sourceforge.net/projects/pano...
Keywords: security
Depends on:
Reported: 2021-09-07 22:16 UTC by Robert Clausecker
Modified: 2021-09-12 22:46 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback? (ports-secteam)
fuz: merge-quarterly?

graphics/libpano13: update to 2.9.20 (2.98 KB, patch)
2021-09-07 22:16 UTC, Robert Clausecker
no flags Details | Diff
graphics/libpano13: update to 2.9.20 (14.26 KB, patch)
2021-09-12 15:18 UTC, Robert Clausecker
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clausecker 2021-09-07 22:16:35 UTC
Created attachment 227749 [details]
graphics/libpano13: update to 2.9.20

Update graphics/libpano13 to 2.9.20.

This update fixes CVE-2021-20307, a format string vulnerability.
Add a vuxml entry for this vulnerability.
Take over maintainership of this unmaintained port.
Pet portclippy.

Tested with Poudriere on amd64 arm64 armv7 FreeBSD 13.0-RELEASE.

Changes: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/README.txt
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-09-11 23:45:52 UTC
^Triage: Ports Secteam can you take care of this please (currently unmaintained port)
Comment 2 Robert Clausecker 2021-09-12 15:18:38 UTC
Created attachment 227857 [details]
graphics/libpano13: update to 2.9.20

Replace patch with updated patch that also changes the build system to cmake and cleans up old dependencies and patches.
Comment 3 Robert Clausecker 2021-09-12 22:06:29 UTC
As discovered by Daniel Engbert, there are failing unit tests in graphics/libpano13.  Upstream was informed of this issue and suggests that the test suite might be faulty.  So for now we do not consider the unit test failures to be indicative of a problem with the code base.