Bug 255949 - devel/websvn: update to 2.6.1
Summary: devel/websvn: update to 2.6.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Thomas Zander
URL: https://github.com/websvnphp/websvn/c...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2021-05-17 15:27 UTC by Michael Osipov
Modified: 2022-02-26 12:43 UTC (History)
5 users (show)

See Also:
michael.osipov: maintainer-feedback+
michael.osipov: maintainer-feedback+
riggs: merge-quarterly+

Attachments
Patch against main (1.15 KB, patch)
2021-05-17 15:27 UTC, Michael Osipov 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2021-05-17 15:27:53 UTC 
Created attachment 225033 [details]
Patch against main
Comment 1 Michael Osipov 2021-05-17 15:28:07 UTC 
This addresses a security issue
Comment 2 Neel Chauhan freebsd_committer freebsd_triage 2021-05-17 16:39:59 UTC 
Is there an CVE for this program? If so, you may want to create a security/vuxml entry.
Comment 3 Michael Osipov 2021-05-17 16:52:24 UTC 
(In reply to Neel Chauhan from comment #2)

There is none, we were contacted by someone from the department of homeland security and he will raise a CVE through GitHub. I will leave this to him.
Comment 5 Michael Osipov 2021-09-28 07:39:29 UTC 
Can this be merged before the next quartely branch is created?
Comment 6 Andre Rikkert de Koe - ARK-ICT 2021-10-02 09:58:13 UTC 
Via my webserver logs I found out that this vulnerability was actually used to get access to my system. So I applied this patch immediately and run portupgrade successfully. Thanks.
Comment 7 Michael Osipov 2021-10-04 08:38:25 UTC 
(In reply to Andre Rikkert de Koe - ARK-ICT from comment #6)

This could have been avoided if someone would have grated me commit bits years go.
Comment 8 Michael Osipov 2022-01-11 10:04:26 UTC 
Anyone able to commit this patch?
Comment 9 Michael Osipov 2022-02-25 16:02:01 UTC 
Anyone?
Comment 10 commit-hook freebsd_committer freebsd_triage 2022-02-26 12:09:55 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=16ed4da8aa442d065a9e8b359e00ca524b451d2c

commit 16ed4da8aa442d065a9e8b359e00ca524b451d2c
Author:     Michael Osipov <michael.osipov@siemens.com>
AuthorDate: 2022-02-26 12:06:04 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-02-26 12:09:23 +0000

    devel/websvn: Update to upstream release 2.6.1

    PR:             255949
    MFH:            2022Q1
    Security:       CVE-2021-32305

 devel/websvn/Makefile             | 2 +-
 devel/websvn/distinfo             | 6 +++---
 devel/websvn/files/pkg-message.in | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 11 commit-hook freebsd_committer freebsd_triage 2022-02-26 12:31:01 UTC 
A commit in branch 2022Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bc1bc4330f70117e6e861c0b21cc14d83ea08ba0

commit bc1bc4330f70117e6e861c0b21cc14d83ea08ba0
Author:     Michael Osipov <michael.osipov@siemens.com>
AuthorDate: 2022-02-26 12:06:04 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-02-26 12:21:08 +0000

    devel/websvn: Update to upstream release 2.6.1

    PR:             255949
    MFH:            2022Q1
    Security:       CVE-2021-32305
    (cherry picked from commit 16ed4da8aa442d065a9e8b359e00ca524b451d2c)

 devel/websvn/Makefile             | 2 +-
 devel/websvn/distinfo             | 6 +++---
 devel/websvn/files/pkg-message.in | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 12 Thomas Zander freebsd_committer freebsd_triage 2022-02-26 12:43:16 UTC 
Thanks for the ping, and sorry for the delay.