# update soft libxml2 FAILED Applying FreeBSD patch-CVE-2019-20388



## bagas (Jul 9, 2021)

Hello.
Updating programs on the server.
An incomprehensible situation for me.
my system FreeBSD 11.4-RELEASE-p10 amd64
I updated ports, created indexes to ports.

```
root@test:/usr/ports/textproc/libxslt # make reinstall clean
===>  Deinstalling for libxslt
===>   Deinstalling libxslt-1.1.34_1
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
    libxslt: 1.1.34_1

Number of packages to be removed: 1

The operation will free 1 MiB.
[test] [1/1] Deinstalling libxslt-1.1.34_1...
[test] [1/1] Deleting files for libxslt-1.1.34_1: 100%
===>  License MIT accepted by the user
===>   libxslt-1.1.34_2 depends on file: /usr/local/sbin/pkg - found
=> libxslt-1.1.34.tar.gz doesn't seem to exist in /usr/ports/distfiles/gnome2.
=> Attempting to fetch [URL]http://xmlsoft.org/sources/libxslt-1.1.34.tar.gz[/URL]
libxslt-1.1.34.tar.gz                                 3469 kB   10 MBps    01s
===> Fetching all distfiles required by libxslt-1.1.34_2 for building
===>  Extracting for libxslt-1.1.34_2
=> SHA256 Checksum OK for gnome2/libxslt-1.1.34.tar.gz.
===>  Patching for libxslt-1.1.34_2
===>  Applying FreeBSD patches for libxslt-1.1.34_2 from /usr/ports/textproc/libxslt/files
===>   libxslt-1.1.34_2 depends on package: gmake>=4.3 - found
===>   libxslt-1.1.34_2 depends on package: pkgconf>=1.3.0_1 - found
===>   libxslt-1.1.34_2 depends on shared library: libgcrypt.so - found (/usr/local/lib/libgcrypt.so)
===>   libxslt-1.1.34_2 depends on shared library: libgpg-error.so - found (/usr/local/lib/libgpg-error.so)
===>   libxslt-1.1.34_2 depends on shared library: libxml2.so - not found
===>  Deinstalling for libxml2
===>   libxml2 not installed, skipping
===>  Patching for libxml2-2.9.12
===>  Applying FreeBSD patches for libxml2-2.9.12 from /usr/ports/textproc/libxml2/files
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to xmlschemas.c.rej
===>  FAILED Applying FreeBSD patch-CVE-2019-20388
===> FAILED to apply cleanly FreeBSD patch(es)  patch-CVE-2019-20388
*** Error code 1

Stop.
make[5]: stopped in /usr/ports/textproc/libxml2
*** Error code 1

Stop.
make[4]: stopped in /usr/ports/textproc/libxml2
*** Error code 1

Stop.
make[3]: stopped in /usr/ports/textproc/libxml2
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/textproc/libxslt
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/textproc/libxslt
*** Error code 1

Stop.
make: stopped in /usr/ports/textproc/libxslt
```
How to fix it?

```
===>  Patching for libxml2-2.9.12
===>  Applying FreeBSD patches for libxml2-2.9.12 from /usr/ports/textproc/libxml2/files
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to xmlschemas.c.rej
===>  FAILED Applying FreeBSD patch-CVE-2019-20388
===> FAILED to apply cleanly FreeBSD patch(es)  patch-CVE-2019-20388
```


----------



## SirDice (Jul 9, 2021)

How are you updating your ports tree? Those files should have been removed:




__





						ports - FreeBSD ports tree
					






					cgit.freebsd.org


----------



## bagas (Jul 9, 2021)

SirDice said:


> How are you updating your ports tree? Those files should have been removed:


portupgrade -arR


----------



## SirDice (Jul 9, 2021)

That's how you upgrade the ports themselves, I'm asking how you update your ports tree.


----------



## bagas (Jul 9, 2021)

SirDice said:


> That's how you upgrade the ports themselves, I'm asking how you update your ports tree.


gitup ports
and
cd /usr/ports/ && make index



> nano /usr/local/etc/gitup.conf
> # $FreeBSD$
> #
> # Default configuration options for gitup.conf.
> ...


----------



## SirDice (Jul 9, 2021)

Right, it seems like gitup(1) fails to remove files when they're deleted from git. Simplest solution is to remove /usr/ports/* and do a fresh checkout.


----------



## bagas (Jul 9, 2021)

SirDice said:


> Right, it seems like gitup(1) fails to remove files when they're deleted from git. Simplest solution is to remove /usr/ports/* and do a fresh checkout.


Remove all ports completely? 
And clone them again from the git repository?


----------



## SirDice (Jul 9, 2021)

Yes, there's no telling what more files it kept that should have been removed. So to be sure you have a good, clean ports tree I would just wipe it and do a fresh checkout.


----------



## bagas (Jul 9, 2021)

SirDice said:


> Yes, there's no telling what more files it kept that should have been removed. So to be sure you have a good, clean ports tree I would just wipe it and do a fresh checkout.


And in the future be like?
Each time to remove all of the ports tree is not the case.


----------



## bagas (Jul 9, 2021)

rm -rf /usr/ports/*
gitup ports


> gitup: build_repair_command: There are too many files to repair -- please re-clone the repository: Argument list too long


It is better to install the full git port rather than gitup.


----------



## bagas (Jul 9, 2021)

> gitup: build_repair_command: There are too many files to repair -- please re-clone the repository: Argument list too long


Did so.
gitup -c ports


----------

