Bug 245728 - [patch] devel/viewvc update to 1.1.28 or 1.2.1
Summary: [patch] devel/viewvc update to 1.1.28 or 1.2.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Olli Hauer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-18 18:42 UTC by Yasuhito FUTATSUKI
Modified: 2020-04-19 18:25 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (ohauer)


Attachments
patch to update to 1.1.28 (1.34 KB, text/plain)
2020-04-18 18:42 UTC, Yasuhito FUTATSUKI
no flags Details
patch to update to 1.2.1 (14.40 KB, patch)
2020-04-18 18:44 UTC, Yasuhito FUTATSUKI
no flags Details | Diff
patch to update to 1.1.28 (1.34 KB, patch)
2020-04-18 18:47 UTC, Yasuhito FUTATSUKI
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhito FUTATSUKI 2020-04-18 18:42:35 UTC
Created attachment 213544 [details]
patch to update to 1.1.28

ViewVC 1.1.28 and 1.2.1 had been released on 2020-03-26, with security fix for CVS-2020-5283.

I have no idea which is better 1.1.28 or 1.2.1, so I made patch to update both of them.

(I'll attach patch to update to 1.2.1 later.)
Comment 1 Yasuhito FUTATSUKI 2020-04-18 18:44:59 UTC
Created attachment 213545 [details]
patch to update to 1.2.1
Comment 2 Yasuhito FUTATSUKI 2020-04-18 18:47:01 UTC
Created attachment 213546 [details]
patch to update to 1.1.28

update patch, due to content type
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-04-19 15:36:25 UTC
A commit references this bug:

Author: ohauer
Date: Sun Apr 19 15:35:40 UTC 2020
New revision: 532127
URL: https://svnweb.freebsd.org/changeset/ports/532127

Log:
  - update to 1.1.28

   - security fix: escape subdir lastmod file name
   - fix standalone.py first request failure

  PR:		245728
  Submitted by:	Yasuhito FUTATSUKI
  MFH:		2020Q2

Changes:
  head/devel/viewvc/Makefile
  head/devel/viewvc/distinfo
  head/devel/viewvc/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-04-19 15:42:27 UTC
A commit references this bug:

Author: ohauer
Date: Sun Apr 19 15:41:54 UTC 2020
New revision: 532129
URL: https://svnweb.freebsd.org/changeset/ports/532129

Log:
  MFH: r532127

  - update to 1.1.28

   - security fix: escape subdir lastmod file name
   - fix standalone.py first request failure

  PR:		245728
  Submitted by:	Yasuhito FUTATSUKI

  Approved by:	portmgr (blanket)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/devel/viewvc/Makefile
  branches/2020Q2/devel/viewvc/distinfo
  branches/2020Q2/devel/viewvc/pkg-plist
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-04-19 17:50:46 UTC
A commit references this bug:

Author: ohauer
Date: Sun Apr 19 17:49:56 UTC 2020
New revision: 532138
URL: https://svnweb.freebsd.org/changeset/ports/532138

Log:
  - update to 1.2.1
  - set update instruction notes on pkg-message

  ChangeLog v1.2.0:
      bumped minimum supported Python version to 2.4
      implemented support for property diffs (Tigris #383)
      allow user-configurable cvsgraph display (Tigris #336)
      allow rNNNN syntax for Subversion revision numbers (Tigris #441)
      display revision numbers in CVS tag/branch selector (Tigris #546)
      allow roots to have optional context (#58)
      use a more secure temporary file generator (#159)
      fix problems with make-database and special characters (#141, #182)
      fix bogus default ci_when value in cvsdb (#200)
      standalone query interface removed (#206)
      GUI support (--gui) removed from standalone.py

  ChangeLog v1.2.1:
      security fix: escape subdir lastmod file name

  PR:		245728
  Submitted by:	Yasuhito FUTATSUKI

Changes:
  head/devel/viewvc/Makefile
  head/devel/viewvc/distinfo
  head/devel/viewvc/files/pkg-message.in
  head/devel/viewvc/pkg-plist
Comment 6 Olli Hauer freebsd_committer freebsd_triage 2020-04-19 18:25:48 UTC
Thanks for the patch, I haven not noticed that there is a new release!

I've updated the port in two steps so 2020Q2 has the fixed 1.1.28 release
 1.1.27 -> 1.1.28 + merge to 2020Q2
 1.1.28 -> 1.2.1