Date: Fri, 18 Aug 2017 21:33:53 +0200 From: Jan Beich <jbeich@FreeBSD.org> To: Mark Felder <feld@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org, ports-secteam@FreeBSD.org Subject: Re: svn commit: r448094 - branches/2017Q3/devel/git Message-ID: <mv6w-8yce-wny@FreeBSD.org> In-Reply-To: <1503001376.1287709.1076855896.46E0771B@webmail.messagingengine.com> (Mark Felder's message of "Thu, 17 Aug 2017 15:22:56 -0500") References: <201708171315.v7HDFQ6X032157@repo.freebsd.org> <h8x6-3vzy-wny@FreeBSD.org> <1503001376.1287709.1076855896.46E0771B@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--===-=-= Content-Type: text/plain Mark Felder <feld@FreeBSD.org> writes: > On Thu, Aug 17, 2017, at 13:11, Jan Beich wrote: >> Mark Felder <feld@FreeBSD.org> writes: >> >> > Author: feld >> > Date: Thu Aug 17 13:15:25 2017 >> > New Revision: 448094 >> > URL: https://svnweb.freebsd.org/changeset/ports/448094 >> > >> > Log: >> > MFH: r445615 r446083 r447205 r447721 r447759 >> [...] >> > Update devel/git to 2.14.1 >> >> Why did you ignore devel/git-cinnabar regression this causes >> and my patch for 2.13.5 sent to ports-secteam@ ? >> > > For some reason I cannot find this email you're talking about... Attached at the end. > What's the current status of the 2017Q3 branch for devel/git-cinnabar then? Broken. > What is the best solution for resolving the regression? Backporting upstream fix from `master` branch. Simply updating to `master` snapshot is risky due to metadata upgrade which would obviously make a clone incompatible with git-cinnabar from `release` branch. $ pkg install git-cinnabar # 0.5.0.b2_3 $ git clone hg::https://hg.mozilla.org/projects/nss $ pkg upgrade git-cinnabar # master snapshot $ (cd nss; git fetch) ERROR Git-cinnabar metadata needs upgrade. Please run `git cinnabar upgrade`. --===-=-= Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 8bit From: Jan Beich <jbeich@FreeBSD.org> To: Renato Botelho <garga@FreeBSD.org> Cc: ports-secteam@freebsd.org, portmgr@freebsd.org Subject: Re: svn commit: r447721 - head/devel/git References: <201708102043.v7AKhTW4089326@repo.freebsd.org> <378z-6si3-wny@FreeBSD.org> <7eyb-5bzd-wny@FreeBSD.org> X-Draft-From: ("nnmaildir:mail.sent" 3250) Date: Fri, 11 Aug 2017 00:04:55 +0200 In-Reply-To: <7eyb-5bzd-wny@FreeBSD.org> (Jan Beich's message of "Thu, 10 Aug 2017 23:50:14 +0200") Message-ID: <o9rn-3wqg-wny@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Jan Beich <jbeich@FreeBSD.org> writes: > Jan Beich <jbeich@FreeBSD.org> writes: > >> Renato Botelho <garga@FreeBSD.org> writes: >> >>> Author: garga >>> Date: Thu Aug 10 20:43:28 2017 >>> New Revision: 447721 >>> URL: https://svnweb.freebsd.org/changeset/ports/447721 >>> >>> Log: >>> Update devel/git to 2.14.1 >>>=20=20=20 >>> This version fixes a security issue: >>>=20=20=20 >>> A "ssh://..." URL can result in a "ssh" command line with a >>> hostname that begins with a dash "-", which would cause the "ssh" >>> command to instead (mis)treat it as an option. This is now >>> prevented by forbidding such a hostname (which will not be >>> necessary in the real world). >>>=20=20=20 >>> MFH: 2017Q3 >>> Sponsored by: Rubicon Communications, LLC (Netgate) >> >> Hold on on MFH. 2.13.5 also includes security fixes but you've jumped to >> 2.14.1 and broke devel/git-cinnabar. I've asked[1] upstream to backport >> 2.14.* API update but doing so myself is a bit too error-prone. > > How about updating devel/git on 2017Q3 to 2.13.5 instead? I need > approval from both you and ports-secteam/portmgr. Oops, my previous patch missed intermediate commits. --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=git-2.13.5.diff Content-Transfer-Encoding: quoted-printable Content-Description: Update git to 2.13.5 on MFH 2017Q3 From=203307eba031292104e857bc940f6de3618c8066c5 Mon Sep 17 00:00:00 2001 From: garga <garga@35697150-7ecd-e111-bb59-0022644237b5> Date: Wed, 12 Jul 2017 23:38:06 +0000 Subject: [PATCH] MFH: r445615, r446083, r447205 devel/git: update to 2.13.5 (direct commit) This version fixes a security issue: A "ssh://..." URL can result in a "ssh" command line with a hostname that begins with a dash "-", which would cause the "ssh" command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which will not be necessary in the real world). Approved by: ??? (maintainer) Approved by: ports-secteam (???) =2D-- devel/git-cinnabar/Makefile | 2 +- devel/git/Makefile | 11 +++++++++-- devel/git/distinfo | 14 +++++++------- devel/git/pkg-plist | 13 +++++++++++-- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/devel/git-cinnabar/Makefile b/devel/git-cinnabar/Makefile index 357e0dad2781..f50b94b38820 100644 =2D-- a/devel/git-cinnabar/Makefile +++ b/devel/git-cinnabar/Makefile @@ -2,7 +2,7 @@ =20 PORTNAME=3D git-cinnabar DISTVERSION=3D 0.5.0b2 =2DPORTREVISION=3D 1 +PORTREVISION=3D 2 CATEGORIES=3D devel =20 MAINTAINER=3D jbeich@FreeBSD.org diff --git a/devel/git/Makefile b/devel/git/Makefile index 82e0ad5b579d..353d1bb9e188 100644 =2D-- a/devel/git/Makefile +++ b/devel/git/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ =20 PORTNAME=3D git =2DDISTVERSION=3D 2.13.2 +DISTVERSION=3D 2.13.5 CATEGORIES=3D devel MASTER_SITES=3D KERNEL_ORG/software/scm/git DISTFILES=3D ${DISTNAME}${EXTRACT_SUFX} \ @@ -42,7 +42,6 @@ SHEBANG_FILES=3D *.perl */*.perl */*/*.perl */*.pl */*/*.= pl */*/*/*.pl \ contrib/remote-helpers/git-remote-bzr \ contrib/remote-helpers/git-remote-hg \ contrib/credential/netrc/git-credential-netrc \ =2D contrib/diff-highlight/diff-highlight \ contrib/buildsystems/generate contrib/contacts/git-contacts \ contrib/svn-fe/svnrdump_sim.py TEST_TARGET=3D test @@ -155,6 +154,10 @@ post-patch: .endfor @${REINPLACE_CMD} -e 's|share/man/man3|man/man3|' ${WRKSRC}/perl/Makefile= .PL =20 +post-patch-CONTRIB-on: + @${REINPLACE_CMD} -e "s,/usr/bin/perl,${PERL}," \ + ${WRKSRC}/contrib/diff-highlight/Makefile + post-patch-CVS-off: @${REINPLACE_CMD} -e '/git-cvsexportcommit.perl/d; \ /git-cvsimport.perl/d; \ @@ -180,6 +183,10 @@ post-build: @${FIND} ${WRKSRC} -name "*.bak" -delete .endif =20 +post-build-CONTRIB-on: + ${SETENV} ${MAKE_ENV} ${MAKE_CMD} -C ${WRKSRC}/contrib/diff-highlight + ${RM} ${WRKSRC}/contrib/diff-highlight/shebang.perl + post-install: (cd ${WRKDIR}/man1/ && ${COPYTREE_SHARE} . ${STAGEDIR}${MANPREFIX}/man/ma= n1) (cd ${WRKDIR}/man5/ && ${COPYTREE_SHARE} . ${STAGEDIR}${MANPREFIX}/man/ma= n5) diff --git a/devel/git/distinfo b/devel/git/distinfo index be33e63cdbf2..3bb98a22475b 100644 =2D-- a/devel/git/distinfo +++ b/devel/git/distinfo @@ -1,7 +1,7 @@ =2DTIMESTAMP =3D 1498482405 =2DSHA256 (git-2.13.2.tar.xz) =3D 0d10ac3751466f81652b62cbda83cc8d8ffd01491= 1462138e039f176e413dde5 =2DSIZE (git-2.13.2.tar.xz) =3D 4751380 =2DSHA256 (git-manpages-2.13.2.tar.xz) =3D 30e1e1313000eb81f0e348e5083758a3= 3703941a60ab111057b46c3dad968b6e =2DSIZE (git-manpages-2.13.2.tar.xz) =3D 407684 =2DSHA256 (git-htmldocs-2.13.2.tar.xz) =3D 54f0d36d375e7f71441994e60c18b6e2= cc43581d5827e806e0bddb6904e17dfc =2DSIZE (git-htmldocs-2.13.2.tar.xz) =3D 1109048 +TIMESTAMP =3D 1502308395 +SHA256 (git-2.13.5.tar.xz) =3D 21c9e29caac86d244ac7af78bc3422746dabb903cb3= 952a1ceefd801020ad1a1 +SIZE (git-2.13.5.tar.xz) =3D 4756436 +SHA256 (git-manpages-2.13.5.tar.xz) =3D 1dde688dda9162605ae27e4ad1b55c65c0= 56b3e7cd70972b7e1d6bd2b743394d +SIZE (git-manpages-2.13.5.tar.xz) =3D 407640 +SHA256 (git-htmldocs-2.13.5.tar.xz) =3D f5f10d821544446547dc91798772f36d75= 15a824c9a28f22521f0094e1a4dc08 +SIZE (git-htmldocs-2.13.5.tar.xz) =3D 1110236 diff --git a/devel/git/pkg-plist b/devel/git/pkg-plist index 7ca57e1570f2..34cf03c648f9 100644 =2D-- a/devel/git/pkg-plist +++ b/devel/git/pkg-plist @@ -626,16 +626,22 @@ man/man7/gitworkflows.7.gz %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.10.1.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.10.2.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.10.3.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.10.4.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.11.0.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.11.1.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.11.2.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.11.3.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.12.0.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.12.1.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.12.2.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.12.3.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.12.4.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.13.0.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.13.1.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.13.2.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.13.3.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.13.4.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.13.5.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.2.0.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.2.1.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.2.2.txt @@ -685,17 +691,20 @@ man/man7/gitworkflows.7.gz %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.7.3.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.7.4.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.7.5.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.7.6.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.8.0.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.8.1.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.8.2.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.8.3.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.8.4.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.8.5.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.8.6.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.9.0.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.9.1.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.9.2.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.9.3.txt %%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.9.4.txt +%%HTMLDOCS%%%%DOCSDIR%%/RelNotes/2.9.5.txt %%HTMLDOCS%%%%DOCSDIR%%/blame-options.txt %%HTMLDOCS%%%%DOCSDIR%%/cmds-ancillaryinterrogators.txt %%HTMLDOCS%%%%DOCSDIR%%/cmds-ancillarymanipulators.txt @@ -1227,7 +1236,6 @@ share/emacs/site-lisp/git/git.el %%CONTRIB%%share/git-core/contrib/completion/git-completion.tcsh %%CONTRIB%%share/git-core/contrib/completion/git-completion.zsh %%CONTRIB%%share/git-core/contrib/completion/git-prompt.sh =2D@comment share/git-core/contrib/contacts/.gitignore %%CONTRIB%%share/git-core/contrib/contacts/Makefile %%CONTRIB%%share/git-core/contrib/contacts/git-contacts %%CONTRIB%%share/git-core/contrib/contacts/git-contacts.txt @@ -1248,8 +1256,9 @@ share/emacs/site-lisp/git/git.el %%CONTRIB%%share/git-core/contrib/credential/wincred/git-credential-wincre= d.c %%CONTRIB%%share/git-core/contrib/diff-highlight/Makefile %%CONTRIB%%share/git-core/contrib/diff-highlight/README +%%CONTRIB%%share/git-core/contrib/diff-highlight/DiffHighlight.pm +%%CONTRIB%%share/git-core/contrib/diff-highlight/diff-highlight.perl %%CONTRIB%%share/git-core/contrib/diff-highlight/diff-highlight =2D@comment share/git-core/contrib/diff-highlight/t/.gitignore %%CONTRIB%%share/git-core/contrib/diff-highlight/t/Makefile %%CONTRIB%%share/git-core/contrib/diff-highlight/t/t9400-diff-highlight.sh %%CONTRIB%%share/git-core/contrib/emacs/.gitignore --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJZjNiOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bTkgIAMaUxqRphiP6Ap+rASX3WBzv 9cDT+d3swrUJYgvt11xzomfNwb0vh8CO3zV9PPE8+zdlIb2Xr2JmIbRW+pb1UCHw /JD2AMvAfH1RSYcwC8b0c8S131eZHfrisaQdmqytY5B1c/tgQLjLF9wFogKa47IF +ymK0N6L+lQl5QKoTjKNKzmbfyr5z8/pvhqpSQzxBafS4KVDk74tceLK2HxBMYVd v0YePzBvxmnWE0FzB/cqbVehsebBMxNmvsfBafFPBvJQ7MStLB6LimHnwJIr8Q0y FxsMWT9ke5lNFj6q07Vp1Vu9ZgqeI0qIpAvVm3fzJ4EVZJgg37JXTZ3hz+hXKXE= =jiVv -----END PGP SIGNATURE----- --==-=-=-- --===-=-= Content-Type: text/plain -- [1] https://github.com/glandium/git-cinnabar/commit/0fad12ddedc5#commitcomment-23507145 --===-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?mv6w-8yce-wny>