[Bug 241420] textproc/libxslt: Fix CVE-2019-18197
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Oct 27 06:58:39 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241420
--- Comment #7 from Ting-Wei Lan <lantw44 at gmail.com> ---
Comment on attachment 208586
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=208586
CVE-2019-18197 patch
>--- a/textproc/libxslt/Makefile
>+++ b/textproc/libxslt/Makefile
>@@ -3,9 +3,10 @@
>
> PORTNAME= libxslt
> PORTVERSION= 1.1.33
>+PORTREVISION= 1
> CATEGORIES?= textproc gnome
>-MASTER_SITES= http://xmlsoft.org/sources/ \
>- https://mirror.umd.edu/xbmc/build-deps/sources/
>+MASTER_SITES= https://ftp.osuosl.org/pub/blfs/conglomeration/libxslt/ \
>+ ftp://xmlsoft.org/libxslt/
I still don't understand why we want to prefer an unofficial site to the
official site. I don't think HTTPS can give any extra security when it is not
an official site. Also, FreeBSD ports disable certificate verification by
default. I guess the only benefit is that it is less likely to be blocked by
firewalls.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
More information about the freebsd-gnome
mailing list