Bug 255949 - devel/websvn: update to 2.6.1
Summary: devel/websvn: update to 2.6.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Thomas Zander
URL: https://github.com/websvnphp/websvn/c...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2021-05-17 15:27 UTC by Michael Osipov
Modified: 2022-02-26 12:43 UTC (History)
5 users (show)

See Also:
michael.osipov: maintainer-feedback+
michael.osipov: maintainer-feedback+
riggs: merge-quarterly+


Attachments
Patch against main (1.15 KB, patch)
2021-05-17 15:27 UTC, Michael Osipov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2021-05-17 15:27:53 UTC
Created attachment 225033 [details]
Patch against main
Comment 1 Michael Osipov 2021-05-17 15:28:07 UTC
This addresses a security issue
Comment 2 Neel Chauhan freebsd_committer freebsd_triage 2021-05-17 16:39:59 UTC
Is there an CVE for this program? If so, you may want to create a security/vuxml entry.
Comment 3 Michael Osipov 2021-05-17 16:52:24 UTC
(In reply to Neel Chauhan from comment #2)

There is none, we were contacted by someone from the department of homeland security and he will raise a CVE through GitHub. I will leave this to him.
Comment 5 Michael Osipov 2021-09-28 07:39:29 UTC
Can this be merged before the next quartely branch is created?
Comment 6 Andre Rikkert de Koe - ARK-ICT 2021-10-02 09:58:13 UTC
Via my webserver logs I found out that this vulnerability was actually used to get access to my system. So I applied this patch immediately and run portupgrade successfully. Thanks.
Comment 7 Michael Osipov 2021-10-04 08:38:25 UTC
(In reply to Andre Rikkert de Koe - ARK-ICT from comment #6)

This could have been avoided if someone would have grated me commit bits years go.
Comment 8 Michael Osipov 2022-01-11 10:04:26 UTC
Anyone able to commit this patch?
Comment 9 Michael Osipov 2022-02-25 16:02:01 UTC
Anyone?
Comment 10 commit-hook freebsd_committer freebsd_triage 2022-02-26 12:09:55 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=16ed4da8aa442d065a9e8b359e00ca524b451d2c

commit 16ed4da8aa442d065a9e8b359e00ca524b451d2c
Author:     Michael Osipov <michael.osipov@siemens.com>
AuthorDate: 2022-02-26 12:06:04 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-02-26 12:09:23 +0000

    devel/websvn: Update to upstream release 2.6.1

    PR:             255949
    MFH:            2022Q1
    Security:       CVE-2021-32305

 devel/websvn/Makefile             | 2 +-
 devel/websvn/distinfo             | 6 +++---
 devel/websvn/files/pkg-message.in | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 11 commit-hook freebsd_committer freebsd_triage 2022-02-26 12:31:01 UTC
A commit in branch 2022Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bc1bc4330f70117e6e861c0b21cc14d83ea08ba0

commit bc1bc4330f70117e6e861c0b21cc14d83ea08ba0
Author:     Michael Osipov <michael.osipov@siemens.com>
AuthorDate: 2022-02-26 12:06:04 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2022-02-26 12:21:08 +0000

    devel/websvn: Update to upstream release 2.6.1

    PR:             255949
    MFH:            2022Q1
    Security:       CVE-2021-32305
    (cherry picked from commit 16ed4da8aa442d065a9e8b359e00ca524b451d2c)

 devel/websvn/Makefile             | 2 +-
 devel/websvn/distinfo             | 6 +++---
 devel/websvn/files/pkg-message.in | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 12 Thomas Zander freebsd_committer freebsd_triage 2022-02-26 12:43:16 UTC
Thanks for the ping, and sorry for the delay.