Date: Sun, 22 Jun 2025 17:01:25 GMT From: Charlie Li <vishwin@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 42eb50947ae2 - 2025Q2 - textproc/libxml2: backport upstream commits fixing CVEs Message-ID: <202506221701.55MH1PMH010900@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch 2025Q2 has been updated by vishwin: URL: https://cgit.FreeBSD.org/ports/commit/?id=42eb50947ae2250b300d5d185a9a2625d211f27c commit 42eb50947ae2250b300d5d185a9a2625d211f27c Author: Charlie Li <vishwin@FreeBSD.org> AuthorDate: 2025-06-21 18:55:14 +0000 Commit: Charlie Li <vishwin@FreeBSD.org> CommitDate: 2025-06-22 17:00:00 +0000 textproc/libxml2: backport upstream commits fixing CVEs [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements [CVE-2025-32414] python: Read at most len/4 characters. PR: 287391 (cherry picked from commit fb3e1d5f3dd216ef419a40570c1a97f1ee28a47f) --- textproc/libxml2/Makefile | 7 ++++++- textproc/libxml2/distinfo | 8 +++++++- textproc/py-libxml2/Makefile | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile index 2537d749d3ff..f81197ed93d5 100644 --- a/textproc/libxml2/Makefile +++ b/textproc/libxml2/Makefile @@ -1,10 +1,15 @@ PORTNAME= libxml2 DISTVERSION= 2.11.9 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= textproc gnome MASTER_SITES= GNOME/sources/${PORTNAME}/${DISTVERSION:R}/ DIST_SUBDIR= gnome +PATCH_SITES= https://gitlab.gnome.org/GNOME/${PORTNAME}/-/commit/ +PATCHFILES+= 245b70d7d2768572ae1b05b3668ca858b9ec4ed4.patch:-p1 # CVE-2024-56171 +PATCHFILES+= 858ca26c0689161a6b903a6682cc8a1cc10a0ea8.patch:-p1 # CVE-2025-24928 +PATCHFILES+= d7657811964eac1cb9743bb98649278ad948f0d2.patch:-p1 # CVE-2025-32414 + MAINTAINER= desktop@FreeBSD.org COMMENT?= XML parser library for GNOME WWW= http://xmlsoft.org/ diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo index 4ea4340dc6f1..fc9a1ddad574 100644 --- a/textproc/libxml2/distinfo +++ b/textproc/libxml2/distinfo @@ -1,3 +1,9 @@ -TIMESTAMP = 1725749707 +TIMESTAMP = 1750532030 SHA256 (gnome/libxml2-2.11.9.tar.xz) = 780157a1efdb57188ec474dca87acaee67a3a839c2525b2214d318228451809f SIZE (gnome/libxml2-2.11.9.tar.xz) = 2627500 +SHA256 (gnome/245b70d7d2768572ae1b05b3668ca858b9ec4ed4.patch) = 5fb5bed3c40fee5ecb60dbf96fd6c5071f08a54487f534540c54bc9cb6d5b16e +SIZE (gnome/245b70d7d2768572ae1b05b3668ca858b9ec4ed4.patch) = 1273 +SHA256 (gnome/858ca26c0689161a6b903a6682cc8a1cc10a0ea8.patch) = e3585a9e59f3146a53a1091fd00378e81676a824feab037cd8d71807cea73c73 +SIZE (gnome/858ca26c0689161a6b903a6682cc8a1cc10a0ea8.patch) = 1806 +SHA256 (gnome/d7657811964eac1cb9743bb98649278ad948f0d2.patch) = 3d7e10866d8be511da64bee6a998c4f68785326bf0d403af7be6745830d9bca2 +SIZE (gnome/d7657811964eac1cb9743bb98649278ad948f0d2.patch) = 2526 diff --git a/textproc/py-libxml2/Makefile b/textproc/py-libxml2/Makefile index 7633fdebb4a1..a9ff9bf0a9c7 100644 --- a/textproc/py-libxml2/Makefile +++ b/textproc/py-libxml2/Makefile @@ -1,4 +1,4 @@ -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= textproc gnome python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506221701.55MH1PMH010900>