Date: Thu, 02 Apr 2026 11:27:56 +0000 From: Dan Langille <dvl@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 990286bd6e59 - main - devel/viewvc-devel: Update to 1.3.0-20251023 Message-ID: <69ce52bc.1e5d5.230dbfd@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by dvl: URL: https://cgit.FreeBSD.org/ports/commit/?id=990286bd6e5927f9f6d8ef90557e1749fcbc457f commit 990286bd6e5927f9f6d8ef90557e1749fcbc457f Author: Dan Langille <dvl@FreeBSD.org> AuthorDate: 2026-04-01 15:23:30 +0000 Commit: Dan Langille <dvl@FreeBSD.org> CommitDate: 2026-04-02 11:27:46 +0000 devel/viewvc-devel: Update to 1.3.0-20251023 This release corresponds to 1.3.0-beta1 re: https://github.com/viewvc/viewvc/releases/tag/1.3.0-beta1 --- devel/viewvc-devel/Makefile | 5 +- devel/viewvc-devel/distinfo | 6 +- devel/viewvc-devel/files/patch-bin_standalone.py | 74 ---------------------- .../viewvc-devel/files/patch-conf_viewvc.conf.dist | 6 +- devel/viewvc-devel/files/patch-lib_viewvc.py | 39 ------------ devel/viewvc-devel/pkg-plist | 3 +- 6 files changed, 9 insertions(+), 124 deletions(-) diff --git a/devel/viewvc-devel/Makefile b/devel/viewvc-devel/Makefile index 9a6da1938a35..e071c145016c 100644 --- a/devel/viewvc-devel/Makefile +++ b/devel/viewvc-devel/Makefile @@ -1,6 +1,5 @@ PORTNAME= viewvc -DISTVERSION= 1.3.0-20250316 -PORTREVISION= 2 +DISTVERSION= 1.3.0-20251023 CATEGORIES= devel python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} PKGNAMESUFFIX= -devel @@ -15,7 +14,7 @@ USES= cpe python USE_PYTHON= flavors USE_GITHUB= yes GH_ACCOUNT= viewvc -GH_TAGNAME= 6e60e18d5e5388697c5f6cda917c944e6138d3d9 +GH_TAGNAME= f743be3d4f0aeee2ca7ae05e24e17a6620b5c06e USE_RC_SUBR= viewvc NO_BUILD= yes diff --git a/devel/viewvc-devel/distinfo b/devel/viewvc-devel/distinfo index 6da012ff2f58..ae025f52ea82 100644 --- a/devel/viewvc-devel/distinfo +++ b/devel/viewvc-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742623133 -SHA256 (viewvc-viewvc-1.3.0-20250316-6e60e18d5e5388697c5f6cda917c944e6138d3d9_GH0.tar.gz) = 5927a371bef345c9fe4ba8d28813ec2cc1f1d2f528edc7db85131246995651fe -SIZE (viewvc-viewvc-1.3.0-20250316-6e60e18d5e5388697c5f6cda917c944e6138d3d9_GH0.tar.gz) = 346315 +TIMESTAMP = 1775042322 +SHA256 (viewvc-viewvc-1.3.0-20251023-f743be3d4f0aeee2ca7ae05e24e17a6620b5c06e_GH0.tar.gz) = 631638e3bb858a88626382c1b1bd1201dc9edd256b67497e684638a05472e8b0 +SIZE (viewvc-viewvc-1.3.0-20251023-f743be3d4f0aeee2ca7ae05e24e17a6620b5c06e_GH0.tar.gz) = 346634 diff --git a/devel/viewvc-devel/files/patch-bin_standalone.py b/devel/viewvc-devel/files/patch-bin_standalone.py deleted file mode 100644 index 4397053b7391..000000000000 --- a/devel/viewvc-devel/files/patch-bin_standalone.py +++ /dev/null @@ -1,74 +0,0 @@ ---- bin/standalone.py.orig 2025-07-22 12:12:06 UTC -+++ bin/standalone.py -@@ -191,18 +191,17 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - </html>""" - ) - -- def is_viewvc(self): -+ def is_viewvc(self, path): - """Check whether self.path is, or is a child of, the ScriptAlias""" -+ if not path.startswith("/"): -+ return False - if not options.script_alias: -- return 1 -- if self.path == "/" + options.script_alias: -- return 1 -- alias_len = len(options.script_alias) -- if self.path[: (alias_len + 2)] == "/" + options.script_alias + "/": -- return 1 -- if self.path[: (alias_len + 2)] == "/" + options.script_alias + "?": -- return 1 -- return 0 -+ return True -+ if path == "/" + options.script_alias: -+ return True -+ if path.startswith("/" + options.script_alias + "/"): -+ return True -+ return False - - def validate_password(self, htpasswd_file, username, password): - """Compare USERNAME and PASSWORD against HTPASSWD_FILE.""" -@@ -219,8 +218,18 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - # NOTE: Much of this is adapter from Python's standard library - # module CGIHTTPServer. - -+ i = self.path.rfind("?") -+ if i >= 0: -+ path = _unquote(self.path[:i], "utf-8", "surrogateescape") -+ query = self.path[(i + 1) :] -+ else: -+ path = _unquote(self.path) -+ query = "" -+ # normalize path -+ path = os.path.normpath(path) + ("/" if path[-1] == "/" else "") -+ - # Is this request even aimed at ViewVC? If not, complain. -- if not self.is_viewvc(): -+ if not self.is_viewvc(path): - raise NotViewVCLocationException() - - # If htpasswd authentication is enabled, try to authenticate the user. -@@ -245,12 +254,7 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - - scriptname = options.script_alias and "/" + options.script_alias or "" - -- rest = self.path[len(scriptname) :] -- i = rest.rfind("?") -- if i >= 0: -- rest, query = rest[:i], rest[(i + 1) :] -- else: -- query = "" -+ rest = path[len(scriptname) :] - - # Since we're going to modify the env in the parent, provide empty - # values to override previously set values -@@ -274,8 +278,7 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - env["SERVER_PROTOCOL"] = self.protocol_version - env["SERVER_PORT"] = str(self.server.server_port) - env["REQUEST_METHOD"] = self.command -- uqrest = _unquote(rest, "utf-8", "surrogateescape") -- env["PATH_INFO"] = uqrest -+ env["PATH_INFO"] = rest - env["SCRIPT_NAME"] = scriptname - if query: - env["QUERY_STRING"] = query diff --git a/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist b/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist index c5cf0c8649cf..9ff0f708da9d 100644 --- a/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist +++ b/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist @@ -1,11 +1,11 @@ ---- conf/viewvc.conf.dist.orig 2020-11-25 18:40:53 UTC +--- conf/viewvc.conf.dist.orig 2026-04-01 13:33:42 UTC +++ conf/viewvc.conf.dist -@@ -331,6 +331,10 @@ +@@ -335,6 +335,10 @@ ## diff: Location of the GNU diff program, used for showing file ## version differences. ## +## If you want to use side-by-side diff or full colored diff on FreeBSD 12 -+## or later, it is need to install GNU diff via diffutils packge and to ++## or later, you need to install GNU diff via diffutils packge and to +## specify it here. +## ## Example: diff --git a/devel/viewvc-devel/files/patch-lib_viewvc.py b/devel/viewvc-devel/files/patch-lib_viewvc.py deleted file mode 100644 index 739d60e1a50a..000000000000 --- a/devel/viewvc-devel/files/patch-lib_viewvc.py +++ /dev/null @@ -1,39 +0,0 @@ ---- lib/viewvc.py.orig 2025-07-22 12:12:06 UTC -+++ lib/viewvc.py -@@ -193,6 +193,10 @@ class Request: - # TODO: we might want to redirect to the cleaned up URL - path_parts = _path_parts(path_info) - -+ # Protect against directory traversal attacks. -+ if ".." in path_parts: -+ raise ViewVCException("An illegal path was provided.", "400 Bad Request") -+ - if path_parts: - # handle docroot magic path prefixes - if path_parts[0] == docroot_magic_path: -@@ -3401,10 +3405,8 @@ def view_doc(request): - # Stat the file to get content length and last-modified date. - try: - info = os.stat(filename) -- except OSError as v: -- raise ViewVCException( -- 'Static file "%s" not available (%s)' % (document, str(v)), "404 Not Found" -- ) -+ except OSError: -+ raise ViewVCException('Static file "%s" not available' % (document), "404 Not Found") - content_length = str(info[stat.ST_SIZE]) - last_modified = info[stat.ST_MTIME] - -@@ -3414,10 +3416,8 @@ def view_doc(request): - - try: - fp = open(filename, "rb") -- except IOError as v: -- raise ViewVCException( -- 'Static file "%s" not available (%s)' % (document, str(v)), "404 Not Found" -- ) -+ except IOError: -+ raise ViewVCException('Static file "%s" not available' % (document), "404 Not Found") - - if document[-3:] == "png": - mime_type = "image/png" diff --git a/devel/viewvc-devel/pkg-plist b/devel/viewvc-devel/pkg-plist index e7ec935b8792..5ad06e5c1bdf 100644 --- a/devel/viewvc-devel/pkg-plist +++ b/devel/viewvc-devel/pkg-plist @@ -7,11 +7,11 @@ viewvc/bin/db/schema_1.sql viewvc/bin/db/schema_2.sql viewvc/bin/db/svndbadmin viewvc/bin/standalone.py +viewvc/bin/cgi/iis/viewvc.cgi viewvc/bin/wsgi/viewvc.fcgi viewvc/bin/wsgi/viewvc.wsgi @sample viewvc/cvsgraph.conf.sample viewvc/lib/__pycache__/accept%%PYTHON_TAG%%.pyc -viewvc/lib/__pycache__/blame%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/common%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/config%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/cvsdb%%PYTHON_TAG%%.pyc @@ -22,7 +22,6 @@ viewvc/lib/__pycache__/popen%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/sapi%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/viewvc%%PYTHON_TAG%%.pyc viewvc/lib/accept.py -viewvc/lib/blame.py viewvc/lib/common.py viewvc/lib/config.py viewvc/lib/cvsdb.pyhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69ce52bc.1e5d5.230dbfd>