Bug 245728 - [patch] devel/viewvc update to 1.1.28 or 1.2.1
Summary: [patch] devel/viewvc update to 1.1.28 or 1.2.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Olli Hauer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-18 18:42 UTC by Yasuhito FUTATSUKI
Modified: 2020-04-19 18:25 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (ohauer)

Attachments
patch to update to 1.1.28 (1.34 KB, text/plain)
2020-04-18 18:42 UTC, Yasuhito FUTATSUKI 		no flags Details
patch to update to 1.2.1 (14.40 KB, patch)
2020-04-18 18:44 UTC, Yasuhito FUTATSUKI 		no flags Details | Diff
patch to update to 1.1.28 (1.34 KB, patch)
2020-04-18 18:47 UTC, Yasuhito FUTATSUKI 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhito FUTATSUKI 2020-04-18 18:42:35 UTC 
Created attachment 213544 [details]
patch to update to 1.1.28

ViewVC 1.1.28 and 1.2.1 had been released on 2020-03-26, with security fix for CVS-2020-5283.

I have no idea which is better 1.1.28 or 1.2.1, so I made patch to update both of them.

(I'll attach patch to update to 1.2.1 later.)
Comment 1 Yasuhito FUTATSUKI 2020-04-18 18:44:59 UTC 
Created attachment 213545 [details]
patch to update to 1.2.1
Comment 2 Yasuhito FUTATSUKI 2020-04-18 18:47:01 UTC 
Created attachment 213546 [details]
patch to update to 1.1.28

update patch, due to content type
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-04-19 15:36:25 UTC 
A commit references this bug:

Author: ohauer
Date: Sun Apr 19 15:35:40 UTC 2020
New revision: 532127
URL: https://svnweb.freebsd.org/changeset/ports/532127

Log:
  - update to 1.1.28

   - security fix: escape subdir lastmod file name
   - fix standalone.py first request failure

  PR:		245728
  Submitted by:	Yasuhito FUTATSUKI
  MFH:		2020Q2

Changes:
  head/devel/viewvc/Makefile
  head/devel/viewvc/distinfo
  head/devel/viewvc/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-04-19 15:42:27 UTC 
A commit references this bug:

Author: ohauer
Date: Sun Apr 19 15:41:54 UTC 2020
New revision: 532129
URL: https://svnweb.freebsd.org/changeset/ports/532129

Log:
  MFH: r532127

  - update to 1.1.28

   - security fix: escape subdir lastmod file name
   - fix standalone.py first request failure

  PR:		245728
  Submitted by:	Yasuhito FUTATSUKI

  Approved by:	portmgr (blanket)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/devel/viewvc/Makefile
  branches/2020Q2/devel/viewvc/distinfo
  branches/2020Q2/devel/viewvc/pkg-plist
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-04-19 17:50:46 UTC 
A commit references this bug:

Author: ohauer
Date: Sun Apr 19 17:49:56 UTC 2020
New revision: 532138
URL: https://svnweb.freebsd.org/changeset/ports/532138

Log:
  - update to 1.2.1
  - set update instruction notes on pkg-message

  ChangeLog v1.2.0:
      bumped minimum supported Python version to 2.4
      implemented support for property diffs (Tigris #383)
      allow user-configurable cvsgraph display (Tigris #336)
      allow rNNNN syntax for Subversion revision numbers (Tigris #441)
      display revision numbers in CVS tag/branch selector (Tigris #546)
      allow roots to have optional context (#58)
      use a more secure temporary file generator (#159)
      fix problems with make-database and special characters (#141, #182)
      fix bogus default ci_when value in cvsdb (#200)
      standalone query interface removed (#206)
      GUI support (--gui) removed from standalone.py

  ChangeLog v1.2.1:
      security fix: escape subdir lastmod file name

  PR:		245728
  Submitted by:	Yasuhito FUTATSUKI

Changes:
  head/devel/viewvc/Makefile
  head/devel/viewvc/distinfo
  head/devel/viewvc/files/pkg-message.in
  head/devel/viewvc/pkg-plist
Comment 6 Olli Hauer freebsd_committer freebsd_triage 2020-04-19 18:25:48 UTC 
Thanks for the patch, I haven not noticed that there is a new release!

I've updated the port in two steps so 2020Q2 has the fixed 1.1.28 release
 1.1.27 -> 1.1.28 + merge to 2020Q2
 1.1.28 -> 1.2.1