Re: www/sogo 5.12.8 update attempt

Hello, landry@rhaalovely.net (Landry Breuil), 2026.05.15 (Fri) 10:00 (CEST): > Le Wed, May 13, 2026 at 06:06:12PM +0200, Marcus MERIGHI a écrit : > > our SOGo is at 5.12.7. > > 5.12.8: Four major vulnerabilities have been reported and fixed > > (You can find the entire release e-mail below.) > > I've had a go on SOPE-5.12.8.tar.gz, a prerequisite. > > It failed with: > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > if [ -r "STXSaxDriver-Info.plist" ]; then \ > > plmerge STXSaxDriver.sax/Resources/Info-gnustep.plist STXSaxDriver-Info.plist; \ > > fi > > Segmentation fault (core dumped) > > gmake[4]: *** > > [/usr/local/share/GNUstep/Makefiles/Instance/bundle.make:301: > > STXSaxDriver.sax/Resources/Info-gnustep.plist] Error 139 > > [...] > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > thanks for the headsup, builds fine here without that strange plmerge > segfault, but i know nothing to this objc thing... dont you have old > .libs-* pkg installed ? No, no such packages. I thought it might have been because I built with FETCH_PACKAGES=-Dsnap, but the the plmerge segfault happened without it, too. I had another go after removing pobj/*, x11/gnustep/*, packages/amd64/*/*, meta/gnustep and cvs updating afterwards, followed by applying your patch. Still no success, same failure. All on -current as of yesterday evening in europe/vienna timezone. Therefore I could not runtime test your patch on my daily driver, let alone my live SOGo server, that is on 7.8. > diff attached for sogo/sope, with a PLIST update thanks for picking it up, successfully. What is it going to take to get this onto 7.9, once that is out? The bugs sound serious to me: "2 possible XSS injections with malicious mail: fixed. 1 possible SQL injection with specific request: fixed." Thanks, Marcus > ? sope/SOPE-5.12.4-libDOM.so.6.0 > ? sope/SOPE-5.12.4-libEOControl.so.6.0 > ? sope/SOPE-5.12.4-libGDLAccess.so.6.0 > ? sope/SOPE-5.12.4-libNGExtensions.so.6.0 > ? sope/SOPE-5.12.4-libNGLdap.so.6.0 > ? sope/SOPE-5.12.4-libNGMime.so.6.0 > ? sope/SOPE-5.12.4-libNGObjWeb.so.6.0 > ? sope/SOPE-5.12.4-libNGStreams.so.6.0 > ? sope/SOPE-5.12.4-libSBJson.so.6.0 > ? sope/SOPE-5.12.4-libSaxObjC.so.6.0 > ? sope/SOPE-5.12.4-libWEExtensions.so.6.0 > ? sope/SOPE-5.12.4-libWOExtensions.so.6.0 > ? sope/SOPE-5.12.4-libXmlRpc.so.6.0 > ? sope/SOPE-5.12.7-libDOM.so.6.0 > ? sope/SOPE-5.12.7-libEOControl.so.6.0 > ? sope/SOPE-5.12.7-libGDLAccess.so.6.0 > ? sope/SOPE-5.12.7-libNGExtensions.so.6.0 > ? sope/SOPE-5.12.7-libNGLdap.so.6.0 > ? sope/SOPE-5.12.7-libNGMime.so.6.0 > ? sope/SOPE-5.12.7-libNGObjWeb.so.6.0 > ? sope/SOPE-5.12.7-libNGStreams.so.6.0 > ? sope/SOPE-5.12.7-libSBJson.so.6.0 > ? sope/SOPE-5.12.7-libSaxObjC.so.6.0 > ? sope/SOPE-5.12.7-libWEExtensions.so.6.0 > ? sope/SOPE-5.12.7-libWOExtensions.so.6.0 > ? sope/SOPE-5.12.7-libXmlRpc.so.6.0 > ? sogo/sogo-3.2.9.diff > ? sogo/sogo-5.12.4-libGDLContentStore.so.3.1 > ? sogo/sogo-5.12.4-libNGCards.so.3.1 > ? sogo/sogo-5.12.4-libSOGo.so.5.3 > ? sogo/sogo-5.12.4-libSOGoUI.so.2.2 > ? sogo/sogo-5.12.7-libGDLContentStore.so.3.1 > ? sogo/sogo-5.12.7-libNGCards.so.3.1 > ? sogo/sogo-5.12.7-libSOGo.so.5.3 > ? sogo/sogo-5.12.7-libSOGoUI.so.2.2 > ? sogo/patches/patch-Scripts_sql-update-3_2_10_to_4_0_0-mysql_sh > ? sogo/patches/patch-Scripts_sql-update-3_2_10_to_4_0_0_sh > Index: sope/Makefile > =================================================================== > RCS file: /cvs/ports/www/sope/Makefile,v > diff -u -r1.106 Makefile > --- sope/Makefile 6 May 2026 13:26:09 -0000 1.106 > +++ sope/Makefile 15 May 2026 07:57:13 -0000 > @@ -2,7 +2,7 @@ > COMMENT-mysql= SOPE MySQL adaptor > COMMENT-postgres= SOPE PostgreSQL adaptor > > -VERSION = 5.12.7 > +VERSION = 5.12.8 > DISTNAME = SOPE-${VERSION} > PKGNAME-main = sope-${VERSION} > PKGNAME-mysql = sope-mysql-${VERSION} > Index: sope/distinfo > =================================================================== > RCS file: /cvs/ports/www/sope/distinfo,v > diff -u -r1.65 distinfo > --- sope/distinfo 6 May 2026 13:26:09 -0000 1.65 > +++ sope/distinfo 15 May 2026 07:57:13 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (SOPE-5.12.7.tar.gz) = CyfQ15P7yEQmDwqwcCVejdBf5aRdLfFBx6CIgh+Pg/M= > -SIZE (SOPE-5.12.7.tar.gz) = 2307155 > +SHA256 (SOPE-5.12.8.tar.gz) = CyfQ15P7yEQmDwqwcCVejdBf5aRdLfFBx6CIgh+Pg/M= > +SIZE (SOPE-5.12.8.tar.gz) = 2307155 > Index: sogo/Makefile > =================================================================== > RCS file: /cvs/ports/www/sogo/Makefile,v > diff -u -r1.118 Makefile > --- sogo/Makefile 6 May 2026 13:26:09 -0000 1.118 > +++ sogo/Makefile 15 May 2026 07:57:14 -0000 > @@ -1,6 +1,6 @@ > COMMENT = web based groupware server > > -VERSION = 5.12.7 > +VERSION = 5.12.8 > DISTNAME = SOGo-${VERSION} > PKGNAME = sogo-${VERSION} > > Index: sogo/distinfo > =================================================================== > RCS file: /cvs/ports/www/sogo/distinfo,v > diff -u -r1.63 distinfo > --- sogo/distinfo 6 May 2026 13:26:09 -0000 1.63 > +++ sogo/distinfo 15 May 2026 07:57:14 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (SOGo-5.12.7.tar.gz) = xcHvqOE7Ugkc9SfiptoUr/tT7EmgdxjUN7Xg1bxP2ws= > -SIZE (SOGo-5.12.7.tar.gz) = 37847103 > +SHA256 (SOGo-5.12.8.tar.gz) = BfgbYEZR9y3pTIuwEsxeauoX+NMoEWFCP+5vCR3SoOk= > +SIZE (SOGo-5.12.8.tar.gz) = 37848204 > Index: sogo/pkg/PLIST > =================================================================== > RCS file: /cvs/ports/www/sogo/pkg/PLIST,v > diff -u -r1.62 PLIST > --- sogo/pkg/PLIST 20 Mar 2026 10:48:28 -0000 1.62 > +++ sogo/pkg/PLIST 15 May 2026 07:57:14 -0000 > @@ -821,6 +821,8 @@ > lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/AdministrationUI.SOGo/Resources/Hungarian.lproj/ > @@ -919,6 +921,8 @@ > lib/GNUstep/SOGo/Appointments.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/Appointments.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/Appointments.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/Appointments.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/Appointments.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/Appointments.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/Appointments.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/Appointments.SOGo/Resources/Hungarian.lproj/ > @@ -1022,6 +1026,8 @@ > lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/CommonUI.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/CommonUI.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/CommonUI.SOGo/Resources/Hungarian.lproj/ > @@ -1121,6 +1127,8 @@ > lib/GNUstep/SOGo/Contacts.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/Contacts.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/Contacts.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/Contacts.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/Contacts.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/Contacts.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/Contacts.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/Contacts.SOGo/Resources/Hungarian.lproj/ > @@ -1219,6 +1227,8 @@ > lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/ContactsUI.SOGo/Resources/Hungarian.lproj/ > @@ -1318,6 +1328,8 @@ > lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/MailPartViewers.SOGo/Resources/Hungarian.lproj/ > @@ -1416,6 +1428,8 @@ > lib/GNUstep/SOGo/Mailer.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/Mailer.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/Mailer.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/Mailer.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/Mailer.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/Mailer.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/Mailer.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/Mailer.SOGo/Resources/Hungarian.lproj/ > @@ -1791,6 +1805,8 @@ > lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/MailerUI.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/MailerUI.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/MailerUI.SOGo/Resources/Hungarian.lproj/ > @@ -1907,6 +1923,9 @@ > lib/GNUstep/SOGo/MainUI.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/MainUI.SOGo/Resources/German.lproj/Locale > lib/GNUstep/SOGo/MainUI.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/MainUI.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/MainUI.SOGo/Resources/Greek.lproj/Locale > +lib/GNUstep/SOGo/MainUI.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/MainUI.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/MainUI.SOGo/Resources/Hebrew.lproj/Locale > lib/GNUstep/SOGo/MainUI.SOGo/Resources/Hebrew.lproj/Localizable.strings > @@ -2048,6 +2067,8 @@ > lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/PreferencesUI.SOGo/Resources/Hungarian.lproj/ > @@ -2146,6 +2167,8 @@ > lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Galician.lproj/Localizable.strings > lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/German.lproj/ > lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/German.lproj/Localizable.strings > +lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Greek.lproj/ > +lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Greek.lproj/Localizable.strings > lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Hebrew.lproj/ > lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Hebrew.lproj/Localizable.strings > lib/GNUstep/SOGo/SchedulerUI.SOGo/Resources/Hungarian.lproj/ > @@ -2318,6 +2341,9 @@ > lib/GNUstep/SOGo/Templates/SOGoACLGermanAdditionAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoACLGermanModificationAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoACLGermanRemovalAdvisory.wox > +lib/GNUstep/SOGo/Templates/SOGoACLGreekAdditionAdvisory.wox > +lib/GNUstep/SOGo/Templates/SOGoACLGreekModificationAdvisory.wox > +lib/GNUstep/SOGo/Templates/SOGoACLGreekRemovalAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoACLHebrewAdditionAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoACLHebrewModificationAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoACLHebrewRemovalAdvisory.wox > @@ -2433,6 +2459,8 @@ > lib/GNUstep/SOGo/Templates/SOGoFolderGalicianRemovalAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoFolderGermanAdditionAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoFolderGermanRemovalAdvisory.wox > +lib/GNUstep/SOGo/Templates/SOGoFolderGreekAdditionAdvisory.wox > +lib/GNUstep/SOGo/Templates/SOGoFolderGreekRemovalAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoFolderHebrewAdditionAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoFolderHebrewRemovalAdvisory.wox > lib/GNUstep/SOGo/Templates/SOGoFolderHungarianAdditionAdvisory.wox