Fri Dec 17 01:19:17 2010 UTC ()
Update to 1.7.3.4.  Most importantly:

commit 3017ed62f47ce14a959e2d315c434d4980cf4243
Author: Jakub Narebski <jnareb@gmail.com>
Date:   Wed Dec 15 00:34:01 2010 +0100

    gitweb: Introduce esc_attr to escape attributes of HTML elements

    It is needed only to escape attributes of handcrafted HTML elements,
    and not those generated using CGI.pm subroutines / methods for HTML
    generation.

    While at it, add esc_url and esc_html where needed, and prefer to use
    CGI.pm HTML generating methods than handcrafted HTML code.  Most of
    those are probably unnecessary (could be exploited only by person with
    write access to gitweb config, or at least access to the repository).

    This fixes CVE-2010-3906

    Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it>
    Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org>
    Helped-by: Jonathan Nieder <jrnieder@gmail.com>
    Signed-off-by: Jakub Narebski <jnareb@gmail.com>
    Signed-off-by: Junio C Hamano <gitster@pobox.com>

and lesser changes:

3017ed6 gitweb: Introduce esc_attr to escape attributes of HTML elements
d48b284 perl: bump the required Perl version to 5.8 from 5.6.[21]
d8a9480 gitweb: Don't die_error in git_tag after already printing headers
22e5e58 Typos in code comments, an error message, documentation
497d9c3 gitweb: clarify search results page when no matching commit found
0b45010 gitweb: Fix typo in run() subroutine
7f425db gitweb: allow configurations that change with each request
61bf126 gitweb: move highlight config out of guess_file_syntax()
109988f gitweb: fix esc_url
869d588 gitweb: Move evaluate_gitweb_config out of run_request
7064994 gitweb/Makefile: fix typo in gitweb.min.css rule
5ed2ec1 gitweb: Return or exit after done serving request
ad709ea gitweb: Fix typo in hash key name in %opts in git_header_html
45aa989 gitweb: Run in FastCGI mode if gitweb script has .fcgi extension
18d0532 gitweb: Move static files into seperate subdirectory
04794fd gitweb: Use @diff_opts while using format-patch
a0446e7 gitweb: Add support for FastCGI, using CGI::Fast
c2394fe gitweb: Put all per-connection code in run() subroutine
592ea41 gitweb: Refactor syntax highlighting support
b331fe5 gitweb: Syntax highlighting support
152d943 gitweb: Create install target for gitweb in Makefile
8515392 gitweb: Improve installation instructions in gitweb/INSTALL
ee1d8ee gitweb: Silence 'Variable VAR may be unavailable' warnings
efb2d0c gitweb: Move generating page title to separate subroutine
7a59745 gitweb: Add custom error handler using die_error
c42b00c gitweb: Use nonlocal jump instead of 'exit' in die_error
377bee3 gitweb: href(..., -path_info => 0|1)
8de096b gitweb: simplify gitweb.min.* generation and clean-up rules
e391859 gitweb: update INSTALL to use shorter make target
a8ab675 gitweb: add documentation to INSTALL regarding gitweb.js
bb4bbf7 Gitweb: add autoconfigure support for minifiers
0e6ce21 Gitweb: add support for minifying gitweb.css
890a13a Sync with 1.7.0.4
7a49c25 gitweb: git_get_project_config requires only $git_dir, not also $projec
9be3614 gitweb: Fix project-specific feature override behavior
964ad92 gitweb multiple project roots documentation
1df4876 gitweb: Protect escaping functions against calling on undef
453541f gitweb: esc_html (short) error message in die_error
e6e592d gitweb: Die if there are parsing errors in config file
57017b3 gitweb: Simplify (and fix) chop_str
aa14013 gitweb: Add optional extra parameter to die_error, for extended explanaion
1ee4b4e gitweb: add a "string" variant of print_sort_th
0cf207f gitweb: add a "string" variant of print_local_time
24d4afc gitweb: Check that $site_header etc. are defined before using them
62331ef gitweb: Makefile improvements
b62a1a9 gitweb: Load checking
b2c2e4c gitweb.js: Workaround for IE8 bug


(gdt)
diff -r1.8 -r1.9 pkgsrc/www/gitweb/Makefile
diff -r1.3 -r1.4 pkgsrc/www/gitweb/distinfo
cvs diff -r1.8 -r1.9 pkgsrc/www/gitweb/Makefile (expand / switch to unified diff)

--- pkgsrc/www/gitweb/Makefile 2010/12/04 23:50:33 1.8
+++ pkgsrc/www/gitweb/Makefile 2010/12/17 01:19:17 1.9
@@ -1,21 +1,22 @@ @@ -1,21 +1,22 @@
1# $NetBSD: Makefile,v 1.8 2010/12/04 23:50:33 dsainty Exp $ 1# $NetBSD: Makefile,v 1.9 2010/12/17 01:19:17 gdt Exp $
2# 2#
3 3
4DISTNAME= git-${VERSION} 4DISTNAME= git-${VERSION}
5VERSION= 1.6.6.2 5VERSION= 1.7.3.4
6PKGNAME= ${DISTNAME:S/git/gitweb/} 6PKGNAME= ${DISTNAME:S/git/gitweb/}
7CATEGORIES= www 7CATEGORIES= www
8MASTER_SITES= http://www.kernel.org/pub/software/scm/git/ 8MASTER_SITES= http://www.kernel.org/pub/software/scm/git/
 9EXTRACT_SUFX= .tar.bz2
9 10
10MAINTAINER= gdt@NetBSD.org 11MAINTAINER= gdt@NetBSD.org
11HOMEPAGE= http://git.or.cz/ 12HOMEPAGE= http://git.or.cz/
12COMMENT= Web interface for GIT repositories 13COMMENT= Web interface for GIT repositories
13 14
14PKG_DESTDIR_SUPPORT= user-destdir 15PKG_DESTDIR_SUPPORT= user-destdir
15 16
16#DEPENDS+= apache{,2,22}-[0-9]*:../../www/apache22 17#DEPENDS+= apache{,2,22}-[0-9]*:../../www/apache22
17DEPENDS+= scmgit-base>=${VERSION}:../../devel/scmgit-base 18DEPENDS+= scmgit-base>=${VERSION}:../../devel/scmgit-base
18 19
19#EXTRACT_USING= gtar 20#EXTRACT_USING= gtar
20USE_TOOLS+= gmake perl:run 21USE_TOOLS+= gmake perl:run
21 22
@@ -34,20 +35,20 @@ GITWEB_CGIBIN= ${PREFIX}/libexec/cgi-bin @@ -34,20 +35,20 @@ GITWEB_CGIBIN= ${PREFIX}/libexec/cgi-bin
34GITWEB_HTDOCS= ${PREFIX}/share/examples/gitweb/htdocs 35GITWEB_HTDOCS= ${PREFIX}/share/examples/gitweb/htdocs
35GITWEB_EGDIR= ${PREFIX}/share/examples/gitweb 36GITWEB_EGDIR= ${PREFIX}/share/examples/gitweb
36 37
37CONF_FILES= ${GITWEB_EGDIR}/gitweb.conf ${PKG_SYSCONFDIR}/gitweb.conf 38CONF_FILES= ${GITWEB_EGDIR}/gitweb.conf ${PKG_SYSCONFDIR}/gitweb.conf
38MESSAGE_SUBST+= CONFFILE=${PKG_SYSCONFDIR}/gitweb.conf 39MESSAGE_SUBST+= CONFFILE=${PKG_SYSCONFDIR}/gitweb.conf
39 40
40INSTALLATION_DIRS= libexec/cgi-bin share/httpd/htdocs \ 41INSTALLATION_DIRS= libexec/cgi-bin share/httpd/htdocs \
41 share/doc/gitweb \ 42 share/doc/gitweb \
42 ${GITWEB_EGDIR} ${GITWEB_HTDOCS} 43 ${GITWEB_EGDIR} ${GITWEB_HTDOCS}
43 44
44do-install: 45do-install:
45 ${INSTALL_SCRIPT} ${WRKSRC}/gitweb/gitweb.cgi ${DESTDIR}${GITWEB_CGIBIN} 46 ${INSTALL_SCRIPT} ${WRKSRC}/gitweb/gitweb.cgi ${DESTDIR}${GITWEB_CGIBIN}
46.for f in git-favicon.png git-logo.png gitweb.css 47.for f in git-favicon.png git-logo.png gitweb.css
47 ${INSTALL_DATA} ${WRKSRC}/gitweb/${f} ${DESTDIR}${GITWEB_HTDOCS} 48 ${INSTALL_DATA} ${WRKSRC}/gitweb/static/${f} ${DESTDIR}${GITWEB_HTDOCS}
48.endfor 49.endfor
49 ${INSTALL_DATA} ${WRKSRC}/gitweb/README \ 50 ${INSTALL_DATA} ${WRKSRC}/gitweb/README \
50 ${DESTDIR}${PREFIX}/share/doc/gitweb 51 ${DESTDIR}${PREFIX}/share/doc/gitweb
51 ${INSTALL_DATA} ${FILESDIR}/gitweb.conf ${DESTDIR}${GITWEB_EGDIR} 52 ${INSTALL_DATA} ${FILESDIR}/gitweb.conf ${DESTDIR}${GITWEB_EGDIR}
52 53
53.include "../../mk/bsd.pkg.mk" 54.include "../../mk/bsd.pkg.mk"
cvs diff -r1.3 -r1.4 pkgsrc/www/gitweb/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/www/gitweb/Attic/distinfo 2010/03/05 16:12:07 1.3
+++ pkgsrc/www/gitweb/Attic/distinfo 2010/12/17 01:19:17 1.4
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.3 2010/03/05 16:12:07 gdt Exp $ 1$NetBSD: distinfo,v 1.4 2010/12/17 01:19:17 gdt Exp $
2 2
3SHA1 (git-1.6.6.2.tar.gz) = 13b339a55982162753d414731ff1b28791800209 3SHA1 (git-1.7.3.4.tar.bz2) = 8bda6668531fc41a72a680978798deb9ee048846
4RMD160 (git-1.6.6.2.tar.gz) = f0b465000a5b5deee156dda6c87ef3e2c744b226 4RMD160 (git-1.7.3.4.tar.bz2) = 37cdb8b50c802655643a243ef26fe3d50145d29c
5Size (git-1.6.6.2.tar.gz) = 2841821 bytes 5Size (git-1.7.3.4.tar.bz2) = 2635522 bytes