From nobody Sat Feb 17 07:33:43 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TcLBv4L1Xz543cQ for ; Sat, 17 Feb 2024 07:33:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TcLBv0mdJz4dFp for ; Sat, 17 Feb 2024 07:33:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708155223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RJ6oJL+F9ejW5hkJ+OlpU7fnNnNXJfSsl5x7g21rbY8=; b=H6vtcWSEXhXlju+gXojbtsY/YYcter56Oa9HD+X5GwTuksCLyfipYftGq/QNnG5EWRfb7t kh0jMqdk1zV4AQij4sbV6CuRHtBEw8vxYVgwZ0mdAvAWVwkCbTW9jzXu35z0jxNi4zVd6o 7V80Dxbc5DHCLHqZYCyqfiFMgPbK3vz7QH2aeA7zsjN5haDrCaIiBtkOHDlOyPwAtM6fgD sDhMbEDmn/NCUmCH4+DHyaEtpzVLjcMHHH7WX5vmIB7B+4m2KCrCjqUqe9208+I229CAr5 SnbB97P2dLryeMk6SsDRykoGmZV/cvdbSABrUohYDqix03hyPRp2Z1ogvRffEQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708155223; a=rsa-sha256; cv=none; b=Bto9gSiwzSgkV6dvduQB7VsR0YcfRi8WOnsUyHfz38y+kS1la3K/vWmjgAdE4YKquQlzLv 15iXv9WQvtJBq8qCREryK23DkRtFzvLYUnJt3u4wmu+JThJmbANl98/0JdUivJt7/dFPzx 2oAQbc+dkRJHpg04Sd449TsfrLhOLKwyidlukWMaGapM6+/j/WsHrd2uO96sM5kU8LUhCl jPncxvCx6K3ceIMLEEk7b2uOz582OtcI4TM7sVjTLvXiCueDzSO1e5lD4VMTsMQ1krHgqC tcoqXiqjR1hXLquVqfy54SFLoUfNLdEi7dtHCW4ZLCqAL+WX+HamhXaVJbszfg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TcLBt6z1fz10Vs for ; Sat, 17 Feb 2024 07:33:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 41H7XgQ6039935 for ; Sat, 17 Feb 2024 07:33:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 41H7XgCX039934 for ports-bugs@FreeBSD.org; Sat, 17 Feb 2024 07:33:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 277107] mastodon 4.2.7 security fix now out Date: Sat, 17 Feb 2024 07:33:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: doctor@doctor.nl2k.ab.ca X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277107 Bug ID: 277107 Summary: mastodon 4.2.7 security fix now out Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: doctor@doctor.nl2k.ab.ca from https://github.com/mastodon/mastodon/releases/tag/v4.2.7 Warning This release is an important security release fixing a major security issue. Corresponding security releases are available for the 4.1.x branch, the 4.0= .x branch and the 3.5.x branch. Note If you are using nightly builds, do not use this release but update to nightly.2024-02-17-security or newer instead. If you are on the main branch, update to the latest commit. Changelog Fixed Fix OmniAuth tests and edge cases in error handling (ClearlyClaire, ClearlyClaire) Fix new installs by upgrading to the latest release of the nsa gem, ins= tead of a no longer existing commit (mjankowski) Security Fix insufficient checking of remote posts (GHSA-jhrq-qvrm-qr36) Upgrade notes To get the code for v4.2.7, use git fetch && git checkout v4.2.7. Note As always, make sure you have backups of the database before performing any upgrades. If you are using docker-compose, this is how a backup command mig= ht look: docker exec mastodon_db_1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump Dependencies With the exception of Ruby's recommended version, external dependencies have not changed since v4.2.0, the compatible Ruby, PostgreSQL, Node, Elasticsea= rch and Redis versions are the same, that is: Ruby: 3.0 to 3.2 PostgreSQL: 10 or newer Elasticsearch (recommended, for full-text search): 7.x (OpenSearch shou= ld also work) LibreTranslate (optional, for translations): 1.3.3 or newer Redis: 4 or newer Node: 16 or newer ImageMagick: 6.9.7-7 or newer Tip If your uploaded images are broken after the upgrade, it means your install= ed ImageMagick version is older than the new minimum version (6.9.7-7), for example if you are running Ubuntu 18.04. If this happens, you can find more information and ways to fix it on this page. --=20 You are receiving this mail because: You are the assignee for the bug.=