Created attachment 241552 [details] libxml2-2.10.4.patch fix: PORTCLIPPY(1) Compliant LIBXML2_SLAVE STRIP shared object files v2.10.4: Apr 11 2023 ### Security - [CVE-2023-29469] Hashing of empty dict strings isn't deterministic - [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK ### Regressions - SAX2: Ignore namespaces in HTML documents - io: Fix "buffer full" error with certain buffer sizes
bug #262613 should be closed.
Created attachment 241722 [details] Reformatted patch (In reply to takefu from comment #0) I have taken your patch and reformatted it more conventionally, so one can cd to /usr/ports and patch -p1 <reformatted-patch and have it apply cleanly. It's still the same patch.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=acd6567eeccaba062051ae4571c3d20c355383ac commit acd6567eeccaba062051ae4571c3d20c355383ac Author: Dima Panov <fluffy@FreeBSD.org> AuthorDate: 2023-04-27 18:07:36 +0000 Commit: Dima Panov <fluffy@FreeBSD.org> CommitDate: 2023-04-27 18:25:56 +0000 textproc/libxml2: update to 2.10.14 security release (+) - [CVE-2023-29469] Hashing of empty dict strings isn't deterministic - [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK - SAX2: Ignore namespaces in HTML documents - io: Fix "buffer full" error with certain buffer sizes PR: 270906 Security: 0bd7f07b-dc22-11ed-bf28-589cfc0f81b0 Sponsored by: Serenity Cybersecurity, LLC textproc/libxml2/Makefile | 22 ++++++++++------------ textproc/libxml2/distinfo | 6 +++--- 2 files changed, 13 insertions(+), 15 deletions(-)
Updated, thanks
Any chance for 2023Q2?
A commit in branch 2023Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=11a2be5f1911d9e357a87eb302d84d3adf16a783 commit 11a2be5f1911d9e357a87eb302d84d3adf16a783 Author: Dima Panov <fluffy@FreeBSD.org> AuthorDate: 2023-04-27 18:07:36 +0000 Commit: Dima Panov <fluffy@FreeBSD.org> CommitDate: 2023-04-27 22:58:04 +0000 textproc/libxml2: update to 2.10.14 security release (+) - [CVE-2023-29469] Hashing of empty dict strings isn't deterministic - [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK - SAX2: Ignore namespaces in HTML documents - io: Fix "buffer full" error with certain buffer sizes PR: 270906 Security: 0bd7f07b-dc22-11ed-bf28-589cfc0f81b0 Sponsored by: Serenity Cybersecurity, LLC (cherry picked from commit acd6567eeccaba062051ae4571c3d20c355383ac) textproc/libxml2/Makefile | 23 +++++++++++------------ textproc/libxml2/distinfo | 6 +++--- 2 files changed, 14 insertions(+), 15 deletions(-)