svn commit: r436562 - in head/www/gitlab: . files
Jason Unovitch
junovitch at FreeBSD.org
Tue Mar 21 02:01:37 UTC 2017
Author: junovitch
Date: Tue Mar 21 02:01:35 2017
New Revision: 436562
URL: https://svnweb.freebsd.org/changeset/ports/436562
Log:
www/gitlab: apply upstream CVE-2017-0882 patch to 8.14.x
Reported by: Brian Neel <brian at gitlab.com>
Approved by: ports-secteam (with hat)
Security: CVE-2017-0882
Added:
head/www/gitlab/files/patch-cve-2017-0882 (contents, props changed)
Modified:
head/www/gitlab/Makefile
Modified: head/www/gitlab/Makefile
==============================================================================
--- head/www/gitlab/Makefile Mon Mar 20 22:36:03 2017 (r436561)
+++ head/www/gitlab/Makefile Tue Mar 21 02:01:35 2017 (r436562)
@@ -4,7 +4,7 @@
PORTNAME= gitlab
PORTVERSION= 8.14.9
DISTVERSIONPREFIX= v
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= www devel
MAINTAINER= tz at FreeBSD.org
Added: head/www/gitlab/files/patch-cve-2017-0882
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/gitlab/files/patch-cve-2017-0882 Tue Mar 21 02:01:35 2017 (r436562)
@@ -0,0 +1,22 @@
+--- app/controllers/projects/issues_controller.rb.orig 2017-02-14 21:48:43 UTC
++++ app/controllers/projects/issues_controller.rb
+@@ -112,7 +112,7 @@ class Projects::IssuesController < Proje
+ end
+
+ format.json do
+- render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
++ render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
+ end
+ end
+
+--- app/controllers/projects/merge_requests_controller.rb.orig 2017-03-21 01:49:52 UTC
++++ app/controllers/projects/merge_requests_controller.rb
+@@ -277,7 +277,7 @@ class Projects::MergeRequestsController
+ @merge_request.target_project, @merge_request])
+ end
+ format.json do
+- render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
++ render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
+ end
+ end
+ else
More information about the svn-ports-all
mailing list