Bug 282004

Summary: www/oauth2-proxy: Update to v7.7.1
Product: Ports & Packages Reporter: Matthias Wolf <freebsd>
Component: Individual Port(s)Assignee: Robert Clausecker <fuz>
Status: Closed FIXED    
Severity: Affects Only Me CC: fuz
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.1
Attachments:
Description Flags
www/oauth2-proxy freebsd: maintainer-approval+

Description Matthias Wolf 2024-10-11 06:35:19 UTC 
Created attachment 254150 [details]
www/oauth2-proxy

Upgrade to version 7.7.1.

Tested on 13.4-RELEASE and using make test.

Security fixes (in 7.7.0, https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0):
CVE-2024-24786
CVE-2024-24791
CVE-2024-24790
CVE-2024-24784
CVE-2024-28180
CVE-2023-45288
Comment 1 Robert Clausecker freebsd_committer freebsd_triage 2024-10-18 11:10:16 UTC 
Fun times with all the vulns.  Seem to all be in dependencies though.

On commit, I'll also go ahead and add an entry to the VuXML database.
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-10-21 09:37:49 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0e1957b05c1fa7213ca4cda0bafbdc59be891ac2

commit 0e1957b05c1fa7213ca4cda0bafbdc59be891ac2
Author:     Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2024-10-18 11:08:27 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-10-21 09:36:08 +0000

    www/oauth2-proxy: update to 7.7.1

     - update addresses multiple CVEs in Go dependencies

    Changelog: https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.1

    PR:             282004
    Security:       dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9
    MFH:            2024Q4

 www/oauth2-proxy/Makefile                 | 111 +++---
 www/oauth2-proxy/distinfo                 | 200 +++++-----
 www/oauth2-proxy/files/modules.txt (new)  | 622 ++++++++++++++++++++++++++++++
 www/oauth2-proxy/files/patch-go.mod (new) |  10 +
 4 files changed, 796 insertions(+), 147 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-10-21 09:37:51 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bc5176c12c42bc3424d5b8b2e9d0bb7f199a1e7f

commit bc5176c12c42bc3424d5b8b2e9d0bb7f199a1e7f
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2024-10-18 11:03:53 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-10-21 09:36:03 +0000

    security/vuxml: document www/oauth2-proxy vulnerabilities

    Reported by:    Matthias Wolf <freebsd@rheinwolf.de>
    PR:             282004

 security/vuxml/vuln/2024.xml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-10-21 09:39:58 UTC 
A commit in branch 2024Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=09d735688b7d25d4738dd0d7b186922e9a7bf690

commit 09d735688b7d25d4738dd0d7b186922e9a7bf690
Author:     Matthias Wolf <freebsd@rheinwolf.de>
AuthorDate: 2024-10-18 11:08:27 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-10-21 09:38:51 +0000

    www/oauth2-proxy: update to 7.7.1

     - update addresses multiple CVEs in Go dependencies

    Changelog: https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.1

    PR:             282004
    Security:       dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9
    MFH:            2024Q4
    (cherry picked from commit 0e1957b05c1fa7213ca4cda0bafbdc59be891ac2)

 www/oauth2-proxy/Makefile                 | 111 +++---
 www/oauth2-proxy/distinfo                 | 200 +++++-----
 www/oauth2-proxy/files/modules.txt (new)  | 622 ++++++++++++++++++++++++++++++
 www/oauth2-proxy/files/patch-go.mod (new) |  10 +
 4 files changed, 796 insertions(+), 147 deletions(-)
Comment 5 Robert Clausecker freebsd_committer freebsd_triage 2024-10-21 09:42:13 UTC 
Thank you for your contribution.