Bug 282004 - www/oauth2-proxy: Update to v7.7.1
Summary: www/oauth2-proxy: Update to v7.7.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Robert Clausecker
URL: https://github.com/oauth2-proxy/oauth...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-11 06:35 UTC by Matthias Wolf
Modified: 2024-10-21 09:42 UTC (History)
1 user (show)

See Also:

Attachments
www/oauth2-proxy (57.31 KB, patch)
2024-10-11 06:35 UTC, Matthias Wolf 		freebsd: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Wolf 2024-10-11 06:35:19 UTC 
Created attachment 254150 [details]
www/oauth2-proxy

Upgrade to version 7.7.1.

Tested on 13.4-RELEASE and using make test.

Security fixes (in 7.7.0, https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0):
CVE-2024-24786
CVE-2024-24791
CVE-2024-24790
CVE-2024-24784
CVE-2024-28180
CVE-2023-45288
Comment 1 Robert Clausecker freebsd_committer freebsd_triage 2024-10-18 11:10:16 UTC 
Fun times with all the vulns.  Seem to all be in dependencies though.

On commit, I'll also go ahead and add an entry to the VuXML database.
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-10-21 09:37:49 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0e1957b05c1fa7213ca4cda0bafbdc59be891ac2

commit 0e1957b05c1fa7213ca4cda0bafbdc59be891ac2
Author:     Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2024-10-18 11:08:27 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-10-21 09:36:08 +0000

    www/oauth2-proxy: update to 7.7.1

     - update addresses multiple CVEs in Go dependencies

    Changelog: https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.1

    PR:             282004
    Security:       dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9
    MFH:            2024Q4

 www/oauth2-proxy/Makefile                 | 111 +++---
 www/oauth2-proxy/distinfo                 | 200 +++++-----
 www/oauth2-proxy/files/modules.txt (new)  | 622 ++++++++++++++++++++++++++++++
 www/oauth2-proxy/files/patch-go.mod (new) |  10 +
 4 files changed, 796 insertions(+), 147 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-10-21 09:37:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bc5176c12c42bc3424d5b8b2e9d0bb7f199a1e7f

commit bc5176c12c42bc3424d5b8b2e9d0bb7f199a1e7f
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2024-10-18 11:03:53 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-10-21 09:36:03 +0000

    security/vuxml: document www/oauth2-proxy vulnerabilities

    Reported by:    Matthias Wolf <freebsd@rheinwolf.de>
    PR:             282004

 security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-10-21 09:39:58 UTC 
A commit in branch 2024Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=09d735688b7d25d4738dd0d7b186922e9a7bf690

commit 09d735688b7d25d4738dd0d7b186922e9a7bf690
Author:     Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2024-10-18 11:08:27 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-10-21 09:38:51 +0000

    www/oauth2-proxy: update to 7.7.1

     - update addresses multiple CVEs in Go dependencies

    Changelog: https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.1

    PR:             282004
    Security:       dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9
    MFH:            2024Q4
    (cherry picked from commit 0e1957b05c1fa7213ca4cda0bafbdc59be891ac2)

 www/oauth2-proxy/Makefile                 | 111 +++---
 www/oauth2-proxy/distinfo                 | 200 +++++-----
 www/oauth2-proxy/files/modules.txt (new)  | 622 ++++++++++++++++++++++++++++++
 www/oauth2-proxy/files/patch-go.mod (new) |  10 +
 4 files changed, 796 insertions(+), 147 deletions(-)
Comment 5 Robert Clausecker freebsd_committer freebsd_triage 2024-10-21 09:42:13 UTC 
Thank you for your contribution.