diff options
| author | gdt <gdt@pkgsrc.org> | 2010-12-17 01:19:17 +0000 |
|---|---|---|
| committer | gdt <gdt@pkgsrc.org> | 2010-12-17 01:19:17 +0000 |
| commit | 940db7400128f84d8102b04f94b95a1745b8c135 (patch) | |
| tree | a48d834ad88851e2efe0f07226a95914a85d2f1a /www/gitweb | |
| parent | b934d21893c3ba0a07bda95b0a2330c14577c897 (diff) | |
| download | pkgsrc-940db7400128f84d8102b04f94b95a1745b8c135.tar.gz | |
Update to 1.7.3.4. Most importantly:
commit 3017ed62f47ce14a959e2d315c434d4980cf4243
Author: Jakub Narebski <jnareb@gmail.com>
Date: Wed Dec 15 00:34:01 2010 +0100
gitweb: Introduce esc_attr to escape attributes of HTML elements
It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it>
Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
and lesser changes:
3017ed6 gitweb: Introduce esc_attr to escape attributes of HTML elements
d48b284 perl: bump the required Perl version to 5.8 from 5.6.[21]
d8a9480 gitweb: Don't die_error in git_tag after already printing headers
22e5e58 Typos in code comments, an error message, documentation
497d9c3 gitweb: clarify search results page when no matching commit found
0b45010 gitweb: Fix typo in run() subroutine
7f425db gitweb: allow configurations that change with each request
61bf126 gitweb: move highlight config out of guess_file_syntax()
109988f gitweb: fix esc_url
869d588 gitweb: Move evaluate_gitweb_config out of run_request
7064994 gitweb/Makefile: fix typo in gitweb.min.css rule
5ed2ec1 gitweb: Return or exit after done serving request
ad709ea gitweb: Fix typo in hash key name in %opts in git_header_html
45aa989 gitweb: Run in FastCGI mode if gitweb script has .fcgi extension
18d0532 gitweb: Move static files into seperate subdirectory
04794fd gitweb: Use @diff_opts while using format-patch
a0446e7 gitweb: Add support for FastCGI, using CGI::Fast
c2394fe gitweb: Put all per-connection code in run() subroutine
592ea41 gitweb: Refactor syntax highlighting support
b331fe5 gitweb: Syntax highlighting support
152d943 gitweb: Create install target for gitweb in Makefile
8515392 gitweb: Improve installation instructions in gitweb/INSTALL
ee1d8ee gitweb: Silence 'Variable VAR may be unavailable' warnings
efb2d0c gitweb: Move generating page title to separate subroutine
7a59745 gitweb: Add custom error handler using die_error
c42b00c gitweb: Use nonlocal jump instead of 'exit' in die_error
377bee3 gitweb: href(..., -path_info => 0|1)
8de096b gitweb: simplify gitweb.min.* generation and clean-up rules
e391859 gitweb: update INSTALL to use shorter make target
a8ab675 gitweb: add documentation to INSTALL regarding gitweb.js
bb4bbf7 Gitweb: add autoconfigure support for minifiers
0e6ce21 Gitweb: add support for minifying gitweb.css
890a13a Sync with 1.7.0.4
7a49c25 gitweb: git_get_project_config requires only $git_dir, not also $projec
9be3614 gitweb: Fix project-specific feature override behavior
964ad92 gitweb multiple project roots documentation
1df4876 gitweb: Protect escaping functions against calling on undef
453541f gitweb: esc_html (short) error message in die_error
e6e592d gitweb: Die if there are parsing errors in config file
57017b3 gitweb: Simplify (and fix) chop_str
aa14013 gitweb: Add optional extra parameter to die_error, for extended explanaion
1ee4b4e gitweb: add a "string" variant of print_sort_th
0cf207f gitweb: add a "string" variant of print_local_time
24d4afc gitweb: Check that $site_header etc. are defined before using them
62331ef gitweb: Makefile improvements
b62a1a9 gitweb: Load checking
b2c2e4c gitweb.js: Workaround for IE8 bug
Diffstat (limited to 'www/gitweb')
| -rw-r--r-- | www/gitweb/Makefile | 7 | ||||
| -rw-r--r-- | www/gitweb/distinfo | 8 |
2 files changed, 8 insertions, 7 deletions
diff --git a/www/gitweb/Makefile b/www/gitweb/Makefile index 91ba07de399..49d85d41dad 100644 --- a/www/gitweb/Makefile +++ b/www/gitweb/Makefile @@ -1,11 +1,12 @@ -# $NetBSD: Makefile,v 1.8 2010/12/04 23:50:33 dsainty Exp $ +# $NetBSD: Makefile,v 1.9 2010/12/17 01:19:17 gdt Exp $ # DISTNAME= git-${VERSION} -VERSION= 1.6.6.2 +VERSION= 1.7.3.4 PKGNAME= ${DISTNAME:S/git/gitweb/} CATEGORIES= www MASTER_SITES= http://www.kernel.org/pub/software/scm/git/ +EXTRACT_SUFX= .tar.bz2 MAINTAINER= gdt@NetBSD.org HOMEPAGE= http://git.or.cz/ @@ -44,7 +45,7 @@ INSTALLATION_DIRS= libexec/cgi-bin share/httpd/htdocs \ do-install: ${INSTALL_SCRIPT} ${WRKSRC}/gitweb/gitweb.cgi ${DESTDIR}${GITWEB_CGIBIN} .for f in git-favicon.png git-logo.png gitweb.css - ${INSTALL_DATA} ${WRKSRC}/gitweb/${f} ${DESTDIR}${GITWEB_HTDOCS} + ${INSTALL_DATA} ${WRKSRC}/gitweb/static/${f} ${DESTDIR}${GITWEB_HTDOCS} .endfor ${INSTALL_DATA} ${WRKSRC}/gitweb/README \ ${DESTDIR}${PREFIX}/share/doc/gitweb diff --git a/www/gitweb/distinfo b/www/gitweb/distinfo index 61679e2aa25..6d6f97eda52 100644 --- a/www/gitweb/distinfo +++ b/www/gitweb/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.3 2010/03/05 16:12:07 gdt Exp $ +$NetBSD: distinfo,v 1.4 2010/12/17 01:19:17 gdt Exp $ -SHA1 (git-1.6.6.2.tar.gz) = 13b339a55982162753d414731ff1b28791800209 -RMD160 (git-1.6.6.2.tar.gz) = f0b465000a5b5deee156dda6c87ef3e2c744b226 -Size (git-1.6.6.2.tar.gz) = 2841821 bytes +SHA1 (git-1.7.3.4.tar.bz2) = 8bda6668531fc41a72a680978798deb9ee048846 +RMD160 (git-1.7.3.4.tar.bz2) = 37cdb8b50c802655643a243ef26fe3d50145d29c +Size (git-1.7.3.4.tar.bz2) = 2635522 bytes |