Bug 230361 - devel/cgit: Update to 1.2.1 (Fixes CVE-2018-14912)
Summary: devel/cgit: Update to 1.2.1 (Fixes CVE-2018-14912)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Thomas Zander
URL:
Keywords: needs-qa, security
Depends on: 230360
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-04 20:00 UTC by Yasuhiro Kimura
Modified: 2018-08-12 17:55 UTC (History)
3 users (show)

See Also:
mt-bugs: maintainer-feedback+
yasu: merge-quarterly?


Attachments
patch file (1.37 KB, patch)
2018-08-04 20:00 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-08-04 20:00:33 UTC
Created attachment 195855 [details]
patch file

Update to 1.2.2, fixes directory traversal vulnerability (CVE-2018-14912).

CVE-2018-14912 is documented in bug #230360. So please commit it together.
Comment 1 Marko Turk 2018-08-05 16:24:15 UTC
Hi,

thanks for the patch.

This should be merged to all available tracks since the security bug is quite nasty.

BR/Marko
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-08-12 17:09:50 UTC
A commit references this bug:

Author: riggs
Date: Sun Aug 12 17:09:04 UTC 2018
New revision: 477003
URL: https://svnweb.freebsd.org/changeset/ports/477003

Log:
  Update to upstream release 1.2.1 (Fixes CVE-2018-14912)

  PR:		230361
  Submitted by:	yasu@utahime.org
  Approved by:	mt@markoturk.info (maintainer)
  Security:	CVE-2018-14912

Changes:
  head/devel/cgit/Makefile
  head/devel/cgit/distinfo
  head/devel/cgit/pkg-plist
Comment 3 Thomas Zander freebsd_committer freebsd_triage 2018-08-12 17:31:44 UTC
MFH test builds in progress. Stay tuned...
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-08-12 17:50:38 UTC
A commit references this bug:

Author: riggs
Date: Sun Aug 12 17:50:13 UTC 2018
New revision: 477033
URL: https://svnweb.freebsd.org/changeset/ports/477033

Log:
  MFH: r474007 r474079 r474827 r477003

  - Update included git to 2.17.1

  PR:		227536

  devel/cgit: Fix patch

  PR:		227536

  devel/cgit: update 1.1 -> 1.2

  - among other things, update to git 2.18

  PR:		229841
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Approved by:	Marko Turk <mt@markoturk.info> (maintainer)
  Relnotes:	https://lists.zx2c4.com/pipermail/cgit/2018-July/004160.html

  Update to upstream release 1.2.1 (Fixes CVE-2018-14912)

  PR:		230361
  Submitted by:	yasu@utahime.org
  Approved by:	mt@markoturk.info (maintainer)
  Security:	CVE-2018-14912

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/devel/cgit/Makefile
  branches/2018Q3/devel/cgit/distinfo
  branches/2018Q3/devel/cgit/files/patch-git-2.12.0
  branches/2018Q3/devel/cgit/files/patch-git-2.13.1
  branches/2018Q3/devel/cgit/files/patch-git-2.14
  branches/2018Q3/devel/cgit/files/patch-git-2.16
  branches/2018Q3/devel/cgit/files/patch-ui-snapshot.c
  branches/2018Q3/devel/cgit/pkg-plist