Bug 230361 - devel/cgit: Update to 1.2.1 (Fixes CVE-2018-14912)
Summary: devel/cgit: Update to 1.2.1 (Fixes CVE-2018-14912)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Thomas Zander
URL:
Keywords: needs-qa, security
Depends on: 230360
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-04 20:00 UTC by Yasuhiro Kimura
Modified: 2018-08-12 17:55 UTC (History)
3 users (show)

See Also:
mt-bugs: maintainer-feedback+
yasu: merge-quarterly?

Attachments
patch file (1.37 KB, patch)
2018-08-04 20:00 UTC, Yasuhiro Kimura 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2018-08-04 20:00:33 UTC 
Created attachment 195855 [details]
patch file

Update to 1.2.2, fixes directory traversal vulnerability (CVE-2018-14912).

CVE-2018-14912 is documented in bug #230360. So please commit it together.
Comment 1 Marko Turk 2018-08-05 16:24:15 UTC 
Hi,

thanks for the patch.

This should be merged to all available tracks since the security bug is quite nasty.

BR/Marko
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-08-12 17:09:50 UTC 
A commit references this bug:

Author: riggs
Date: Sun Aug 12 17:09:04 UTC 2018
New revision: 477003
URL: https://svnweb.freebsd.org/changeset/ports/477003

Log:
  Update to upstream release 1.2.1 (Fixes CVE-2018-14912)

  PR:		230361
  Submitted by:	yasu@utahime.org
  Approved by:	mt@markoturk.info (maintainer)
  Security:	CVE-2018-14912

Changes:
  head/devel/cgit/Makefile
  head/devel/cgit/distinfo
  head/devel/cgit/pkg-plist
Comment 3 Thomas Zander freebsd_committer freebsd_triage 2018-08-12 17:31:44 UTC 
MFH test builds in progress. Stay tuned...
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-08-12 17:50:38 UTC 
A commit references this bug:

Author: riggs
Date: Sun Aug 12 17:50:13 UTC 2018
New revision: 477033
URL: https://svnweb.freebsd.org/changeset/ports/477033

Log:
  MFH: r474007 r474079 r474827 r477003

  - Update included git to 2.17.1

  PR:		227536

  devel/cgit: Fix patch

  PR:		227536

  devel/cgit: update 1.1 -> 1.2

  - among other things, update to git 2.18

  PR:		229841
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Approved by:	Marko Turk <mt@markoturk.info> (maintainer)
  Relnotes:	https://lists.zx2c4.com/pipermail/cgit/2018-July/004160.html

  Update to upstream release 1.2.1 (Fixes CVE-2018-14912)

  PR:		230361
  Submitted by:	yasu@utahime.org
  Approved by:	mt@markoturk.info (maintainer)
  Security:	CVE-2018-14912

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/devel/cgit/Makefile
  branches/2018Q3/devel/cgit/distinfo
  branches/2018Q3/devel/cgit/files/patch-git-2.12.0
  branches/2018Q3/devel/cgit/files/patch-git-2.13.1
  branches/2018Q3/devel/cgit/files/patch-git-2.14
  branches/2018Q3/devel/cgit/files/patch-git-2.16
  branches/2018Q3/devel/cgit/files/patch-ui-snapshot.c
  branches/2018Q3/devel/cgit/pkg-plist