Date: Sun, 31 Aug 2014 19:37:06 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 193142] textproc/apache-poi *UNBREAK* Message-ID: <bug-193142-13-NgwwlFCNAt@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-193142-13@https.bugs.freebsd.org/bugzilla/> References: <bug-193142-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193142 Pedro F. Giffuni <pfg@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pfg@FreeBSD.org --- Comment #2 from Pedro F. Giffuni <pfg@FreeBSD.org> --- Created attachment 146615 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=146615&action=edit Update apache-poi to version 3.10.1 I (independently) also fixed apache-poi by setting MANUAL_PACKAGE_BUILD. The original patch in this PR is probably better for cluster builds, but mine is easier to maintain. Most importantly though, I updated it to version 3.10.1 as there are serious vulnerabilities in the original version: "The Apache POI team is pleased to announce the release of 3.10.1. This release is a bugfix release to fix two security issues with OOXML (CVE-2014-3529 and CVE-2014-3574), relating to external entity expansion and so-called XML bombs in OOXML documents. ..." Both patches add staging support, -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193142-13-NgwwlFCNAt>