Date: Tue, 21 Mar 2017 02:01:35 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r436562 - in head/www/gitlab: . files Message-ID: <201703210201.v2L21ZWG041621@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Tue Mar 21 02:01:35 2017 New Revision: 436562 URL: https://svnweb.freebsd.org/changeset/ports/436562 Log: www/gitlab: apply upstream CVE-2017-0882 patch to 8.14.x Reported by: Brian Neel <brian@gitlab.com> Approved by: ports-secteam (with hat) Security: CVE-2017-0882 Added: head/www/gitlab/files/patch-cve-2017-0882 (contents, props changed) Modified: head/www/gitlab/Makefile Modified: head/www/gitlab/Makefile ============================================================================== --- head/www/gitlab/Makefile Mon Mar 20 22:36:03 2017 (r436561) +++ head/www/gitlab/Makefile Tue Mar 21 02:01:35 2017 (r436562) @@ -4,7 +4,7 @@ PORTNAME= gitlab PORTVERSION= 8.14.9 DISTVERSIONPREFIX= v -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= www devel MAINTAINER= tz@FreeBSD.org Added: head/www/gitlab/files/patch-cve-2017-0882 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/gitlab/files/patch-cve-2017-0882 Tue Mar 21 02:01:35 2017 (r436562) @@ -0,0 +1,22 @@ +--- app/controllers/projects/issues_controller.rb.orig 2017-02-14 21:48:43 UTC ++++ app/controllers/projects/issues_controller.rb +@@ -112,7 +112,7 @@ class Projects::IssuesController < Proje + end + + format.json do +- render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short]) ++ render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short]) + end + end + +--- app/controllers/projects/merge_requests_controller.rb.orig 2017-03-21 01:49:52 UTC ++++ app/controllers/projects/merge_requests_controller.rb +@@ -277,7 +277,7 @@ class Projects::MergeRequestsController + @merge_request.target_project, @merge_request]) + end + format.json do +- render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short]) ++ render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short]) + end + end + else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703210201.v2L21ZWG041621>