Updating libxslt ?

0 views
Skip to first unread message

Tim Daneliuk

unread,
Sep 4, 2025, 11:12:34 AM (3 days ago) Sep 4
to FreeBSD Mailing List
Is there an update for this on the horizon?

The current state of having known security vulnerabilities is
wreaking havoc with portmaster updates.

Not complaining, just trying to understand the state of things.

Best,
T

Daniel Lysfjord

unread,
Sep 4, 2025, 12:21:44 PM (3 days ago) Sep 4
to Tim Daneliuk, FreeBSD Mailing List
Hi,

[0] and [1] doesn't paint a too nice picture for this library. Seems
like it is not maintained, and will be archived "soon".. Another gnome
library left to rot:)

0: https://www.freshports.org/textproc/libxslt/
1: https://gitlab.gnome.org/GNOME/libxslt/-/issues

LuMiWa

unread,
Sep 4, 2025, 12:34:34 PM (3 days ago) Sep 4
to ques...@freebsd.org
And what is the future of Inkscape, GIMP...?


--
“Look back over the past, with its changing empires that rose and fell,
and you can foresee the future too.”

― Marcus Aurelius

Dan Mahoney (Ports)

unread,
Sep 4, 2025, 3:41:15 PM (3 days ago) Sep 4
to LuMiWa, ques...@freebsd.org
LibXSLT (not sure what the right capitalization is, outside of filenames) seems to have a new maintainer now, within the last week…

https://gitlab.gnome.org/GNOME/libxslt/-/issues/150#note_2507409

Rather than bombard this person, it might be good if the maintainer shot them a note?

-Dan

Wis...@proton.me

unread,
Sep 4, 2025, 4:03:52 PM (3 days ago) Sep 4
to lysfjor...@smokepit.net, thron...@gmail.com, freebsd-...@freebsd.org
libxslt is not getting unmaintained upstream, the reason for it being marked depcrecated in freebsd poets, is because currently two knowm vulnerabilities exist for it, one of which is unpatched upstream but disclosed while the other one isn't even disclosed yet, see https://cgit.freebsd.org/ports/commit/?id=dceb46fc8a6eea281dbafc46e6452a9d82550b09 and https://www.freshports.org/vuxml.php?vid=1a2aa04f-3718-11e6-b3c8-14dae9d210b8%7C93167bef-9752-11e9-b61c-b885849ded8e%7Ca96cd659-303e-11f0-94b5-54ee755069b5%7Cb0a3466f-5efc-11f0-ae84-99047d0a6bcc for more info
-------- Original Message --------

Dan Mahoney (Ports)

unread,
Sep 4, 2025, 4:22:00 PM (3 days ago) Sep 4
to Wis...@proton.me, lysfjor...@smokepit.net, thron...@gmail.com, freebsd-...@freebsd.org


> On Sep 4, 2025, at 13:03, Wis...@proton.me wrote:
>
> libxslt is not getting unmaintained upstream,

It was, from about March, until a week ago, as mentioned by the former maintainer. https://discourse.gnome.org/t/stepping-down-as-libxslt-maintainer/27615

> the reason for it being marked depcrecated in freebsd poets, is because currently two knowm vulnerabilities exist for it, one of which is unpatched upstream but disclosed while the other one isn't even disclosed yet, see https://cgit.freebsd.org/ports/commit/?id=dceb46fc8a6eea281dbafc46e6452a9d82550b09 and https://www.freshports.org/vuxml.php?vid=1a2aa04f-3718-11e6-b3c8-14dae9d210b8%7C93167bef-9752-11e9-b61c-b885849ded8e%7Ca96cd659-303e-11f0-94b5-54ee755069b5%7Cb0a3466f-5efc-11f0-ae84-99047d0a6bcc for more info

Having no maintainer *plus* cves active *and* other vulnerabilities known to be on the horizon is probably why it was deprecated. If the new maintainer picks up the reins, maybe that will change.

-Dan
Reply all
Reply to author
Forward
0 new messages