[Bug 287391] textproc/libxml2: security patches for 2.11.9

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 21 Jun 2025 14:11:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391

--- Comment #25 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=a18dfb61a2c96a01f9536d70ad0f69390981833d

commit a18dfb61a2c96a01f9536d70ad0f69390981833d
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2025-06-21 12:38:19 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2025-06-21 14:09:31 +0000

    textproc/libxml2: Update to 2.14.4

    Fixes multiple CVEs:
    CVE-2025-32415
    CVE-2025-32414
    CVE-2025-27113
    CVE-2025-24928
    CVE-2024-56171

    Changelog: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.4

    Backport upstream commits:
    19de8b47b1fe4b87b06bc6b89f5ee9697870a0ad
    5700d989cc18889e1601c651ad69a41af8b32073
    d3e33dc214276498e73b61188be02b2863c9670a
    cf52139b4170be13b51b62da11c208dc66e6eff0
    356542324fa439de544b5e419b91ae68d42c306c

    References:
   
https://gitlab.gnome.org/GNOME/libxml2/-/commit/19de8b47b1fe4b87b06bc6b89f5ee9697870a0ad
   
https://gitlab.gnome.org/GNOME/libxml2/-/commit/5700d989cc18889e1601c651ad69a41af8b32073
   
https://gitlab.gnome.org/GNOME/libxml2/-/commit/d3e33dc214276498e73b61188be02b2863c9670a
   
https://gitlab.gnome.org/GNOME/libxml2/-/commit/cf52139b4170be13b51b62da11c208dc66e6eff0
   
https://gitlab.gnome.org/GNOME/libxml2/-/commit/356542324fa439de544b5e419b91ae68d42c306c

    PR:             279705, 287391
    Approved by:    ports-sec (tz) via PR 287391
    Exp-runs by:    antoine (previous iterations)

 textproc/libxml2/Makefile                          | 21 +++----
 textproc/libxml2/distinfo                          |  6 +-
 textproc/libxml2/files/patch-CMakeLists.txt (gone) | 33 ----------
 ...-19de8b47b1fe4b87b06bc6b89f5ee9697870a0ad (new) | 25 ++++++++
 ...-5700d989cc18889e1601c651ad69a41af8b32073 (new) | 39 ++++++++++++
 ...-d3e33dc214276498e73b61188be02b2863c9670a (new) | 25 ++++++++
 ...-cf52139b4170be13b51b62da11c208dc66e6eff0 (new) | 46 ++++++++++++++
 ...-356542324fa439de544b5e419b91ae68d42c306c (new) | 27 +++++++++
 textproc/libxml2/pkg-plist                         | 70 +---------------------
 textproc/py-libxml2/Makefile                       | 15 ++---
 10 files changed, 181 insertions(+), 126 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.