diff --git a/devel/viewvc-devel/Makefile b/devel/viewvc-devel/Makefile index 9a6da1938a35..e071c145016c 100644 --- a/devel/viewvc-devel/Makefile +++ b/devel/viewvc-devel/Makefile @@ -1,80 +1,79 @@ PORTNAME= viewvc -DISTVERSION= 1.3.0-20250316 -PORTREVISION= 2 +DISTVERSION= 1.3.0-20251023 CATEGORIES= devel python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} PKGNAMESUFFIX= -devel MAINTAINER= dvl@FreeBSD.org COMMENT= Web-based Version Control Repository Browsing WWW= https://www.viewvc.org/ LICENSE= BSD2CLAUSE USES= cpe python USE_PYTHON= flavors USE_GITHUB= yes GH_ACCOUNT= viewvc -GH_TAGNAME= 6e60e18d5e5388697c5f6cda917c944e6138d3d9 +GH_TAGNAME= f743be3d4f0aeee2ca7ae05e24e17a6620b5c06e USE_RC_SUBR= viewvc NO_BUILD= yes NO_OPTIONS_SORT= yes OPTIONS_DEFINE= APMOD HTPASSWD SUBVERSION WEBSRV OPTIONS_DEFAULT= APACHE SUBVERSION WEBSRV OPTIONS_SINGLE= APMOD WEBSRV OPTIONS_SINGLE_WEBSRV= APACHE LIGHTTPD OPTIONS_SINGLE_APMOD= MODWSGI WEBSRV_DESC= Enable web server support APMOD_DESC= depend on Apache module HTPASSWD_DESC= Use htpasswd feature on standalone server MODWSGI_DESC= Add mod_wsgi to the list of package dependencies APACHE_USES= apache:run HTPASSWD_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}passlib>=1.7.0:security/py-passlib@${PY_FLAVOR} LIGHTTPD_RUN_DEPENDS= lighttpd:www/lighttpd MODWSGI_RUN_DEPENDS= ${APACHE_PKGNAMEPREFIX}${PYTHON_PKGNAMEPREFIX}mod_wsgi>=4.4.13:www/mod_wsgi@${PY_FLAVOR} .if ${WITH_SUBVERSION_VER:U} == LTS SUBVERSION_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}subversion-lts>=0:devel/py-subversion@${PY_FLAVOR} .else SUBVERSION_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}subversion>=0:devel/py-subversion@${PY_FLAVOR} .endif RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}pygments>=1.1:textproc/py-pygments@${PY_FLAVOR} CONFLICTS_INSTALL= viewvc-1.[12].[0-9]* .include SUB_FILES= pkg-message SUB_LIST= PYTHON_CMD=${PYTHON_CMD} \ ECHO=${ECHO} EGREP=${EGREP} TOUCH=${TOUCH} \ CHOWN=${CHOWN} RM=${RM:Q} pre-everything:: .if ${PORT_OPTIONS:MAPMOD} && !${PORT_OPTIONS:MAPACHE} IGNORE= apache module needs Apache server, please re-run 'make config' then choose WEBSRV and APACHE .endif post-patch: .for i in cvsgraph.conf mimetypes.conf viewvc.conf ${MV} ${WRKSRC}/conf/${i}.dist ${WRKSRC}/conf/${i}.sample ${REINPLACE_CMD} -e '/"${i}"/d' ${WRKSRC}/viewvc-install .endfor ${REINPLACE_CMD} -e 's/conf.dist/conf.sample/g' \ ${WRKSRC}/viewvc-install \ ${WRKSRC}/bin/standalone.py # to much files, use own shebangfix ${FIND} ${WRKSRC} -type f | ${GREP} -v -e 'png' -e 'images' \ | ${XARGS} ${SED} -i '' \ -e '1s|^\#![[:space:]]*/usr/bin/env python|\#!${PYTHON_CMD}|' \ -e '1s|^\#![[:space:]]*/usr/bin/python|\#!${PYTHON_CMD}|' do-install: @(cd ${WRKSRC} && ${PYTHON_CMD} viewvc-install --prefix=${PREFIX}/${PORTNAME} --destdir="${STAGEDIR}" --clean-mode=false) .include diff --git a/devel/viewvc-devel/distinfo b/devel/viewvc-devel/distinfo index 6da012ff2f58..ae025f52ea82 100644 --- a/devel/viewvc-devel/distinfo +++ b/devel/viewvc-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742623133 -SHA256 (viewvc-viewvc-1.3.0-20250316-6e60e18d5e5388697c5f6cda917c944e6138d3d9_GH0.tar.gz) = 5927a371bef345c9fe4ba8d28813ec2cc1f1d2f528edc7db85131246995651fe -SIZE (viewvc-viewvc-1.3.0-20250316-6e60e18d5e5388697c5f6cda917c944e6138d3d9_GH0.tar.gz) = 346315 +TIMESTAMP = 1775042322 +SHA256 (viewvc-viewvc-1.3.0-20251023-f743be3d4f0aeee2ca7ae05e24e17a6620b5c06e_GH0.tar.gz) = 631638e3bb858a88626382c1b1bd1201dc9edd256b67497e684638a05472e8b0 +SIZE (viewvc-viewvc-1.3.0-20251023-f743be3d4f0aeee2ca7ae05e24e17a6620b5c06e_GH0.tar.gz) = 346634 diff --git a/devel/viewvc-devel/files/patch-bin_standalone.py b/devel/viewvc-devel/files/patch-bin_standalone.py deleted file mode 100644 index 4397053b7391..000000000000 --- a/devel/viewvc-devel/files/patch-bin_standalone.py +++ /dev/null @@ -1,74 +0,0 @@ ---- bin/standalone.py.orig 2025-07-22 12:12:06 UTC -+++ bin/standalone.py -@@ -191,18 +191,17 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - """ - ) - -- def is_viewvc(self): -+ def is_viewvc(self, path): - """Check whether self.path is, or is a child of, the ScriptAlias""" -+ if not path.startswith("/"): -+ return False - if not options.script_alias: -- return 1 -- if self.path == "/" + options.script_alias: -- return 1 -- alias_len = len(options.script_alias) -- if self.path[: (alias_len + 2)] == "/" + options.script_alias + "/": -- return 1 -- if self.path[: (alias_len + 2)] == "/" + options.script_alias + "?": -- return 1 -- return 0 -+ return True -+ if path == "/" + options.script_alias: -+ return True -+ if path.startswith("/" + options.script_alias + "/"): -+ return True -+ return False - - def validate_password(self, htpasswd_file, username, password): - """Compare USERNAME and PASSWORD against HTPASSWD_FILE.""" -@@ -219,8 +218,18 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - # NOTE: Much of this is adapter from Python's standard library - # module CGIHTTPServer. - -+ i = self.path.rfind("?") -+ if i >= 0: -+ path = _unquote(self.path[:i], "utf-8", "surrogateescape") -+ query = self.path[(i + 1) :] -+ else: -+ path = _unquote(self.path) -+ query = "" -+ # normalize path -+ path = os.path.normpath(path) + ("/" if path[-1] == "/" else "") -+ - # Is this request even aimed at ViewVC? If not, complain. -- if not self.is_viewvc(): -+ if not self.is_viewvc(path): - raise NotViewVCLocationException() - - # If htpasswd authentication is enabled, try to authenticate the user. -@@ -245,12 +254,7 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - - scriptname = options.script_alias and "/" + options.script_alias or "" - -- rest = self.path[len(scriptname) :] -- i = rest.rfind("?") -- if i >= 0: -- rest, query = rest[:i], rest[(i + 1) :] -- else: -- query = "" -+ rest = path[len(scriptname) :] - - # Since we're going to modify the env in the parent, provide empty - # values to override previously set values -@@ -274,8 +278,7 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe - env["SERVER_PROTOCOL"] = self.protocol_version - env["SERVER_PORT"] = str(self.server.server_port) - env["REQUEST_METHOD"] = self.command -- uqrest = _unquote(rest, "utf-8", "surrogateescape") -- env["PATH_INFO"] = uqrest -+ env["PATH_INFO"] = rest - env["SCRIPT_NAME"] = scriptname - if query: - env["QUERY_STRING"] = query diff --git a/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist b/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist index c5cf0c8649cf..9ff0f708da9d 100644 --- a/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist +++ b/devel/viewvc-devel/files/patch-conf_viewvc.conf.dist @@ -1,13 +1,13 @@ ---- conf/viewvc.conf.dist.orig 2020-11-25 18:40:53 UTC +--- conf/viewvc.conf.dist.orig 2026-04-01 13:33:42 UTC +++ conf/viewvc.conf.dist -@@ -331,6 +331,10 @@ +@@ -335,6 +335,10 @@ ## diff: Location of the GNU diff program, used for showing file ## version differences. ## +## If you want to use side-by-side diff or full colored diff on FreeBSD 12 -+## or later, it is need to install GNU diff via diffutils packge and to ++## or later, you need to install GNU diff via diffutils packge and to +## specify it here. +## ## Example: ## diff = /usr/bin/diff ## diff --git a/devel/viewvc-devel/files/patch-lib_viewvc.py b/devel/viewvc-devel/files/patch-lib_viewvc.py deleted file mode 100644 index 739d60e1a50a..000000000000 --- a/devel/viewvc-devel/files/patch-lib_viewvc.py +++ /dev/null @@ -1,39 +0,0 @@ ---- lib/viewvc.py.orig 2025-07-22 12:12:06 UTC -+++ lib/viewvc.py -@@ -193,6 +193,10 @@ class Request: - # TODO: we might want to redirect to the cleaned up URL - path_parts = _path_parts(path_info) - -+ # Protect against directory traversal attacks. -+ if ".." in path_parts: -+ raise ViewVCException("An illegal path was provided.", "400 Bad Request") -+ - if path_parts: - # handle docroot magic path prefixes - if path_parts[0] == docroot_magic_path: -@@ -3401,10 +3405,8 @@ def view_doc(request): - # Stat the file to get content length and last-modified date. - try: - info = os.stat(filename) -- except OSError as v: -- raise ViewVCException( -- 'Static file "%s" not available (%s)' % (document, str(v)), "404 Not Found" -- ) -+ except OSError: -+ raise ViewVCException('Static file "%s" not available' % (document), "404 Not Found") - content_length = str(info[stat.ST_SIZE]) - last_modified = info[stat.ST_MTIME] - -@@ -3414,10 +3416,8 @@ def view_doc(request): - - try: - fp = open(filename, "rb") -- except IOError as v: -- raise ViewVCException( -- 'Static file "%s" not available (%s)' % (document, str(v)), "404 Not Found" -- ) -+ except IOError: -+ raise ViewVCException('Static file "%s" not available' % (document), "404 Not Found") - - if document[-3:] == "png": - mime_type = "image/png" diff --git a/devel/viewvc-devel/pkg-plist b/devel/viewvc-devel/pkg-plist index e7ec935b8792..5ad06e5c1bdf 100644 --- a/devel/viewvc-devel/pkg-plist +++ b/devel/viewvc-devel/pkg-plist @@ -1,168 +1,167 @@ viewvc/bin/cgi/viewvc.cgi viewvc/bin/db/cvsdbadmin viewvc/bin/db/loginfo-handler viewvc/bin/db/make-database viewvc/bin/db/schema_0.sql viewvc/bin/db/schema_1.sql viewvc/bin/db/schema_2.sql viewvc/bin/db/svndbadmin viewvc/bin/standalone.py +viewvc/bin/cgi/iis/viewvc.cgi viewvc/bin/wsgi/viewvc.fcgi viewvc/bin/wsgi/viewvc.wsgi @sample viewvc/cvsgraph.conf.sample viewvc/lib/__pycache__/accept%%PYTHON_TAG%%.pyc -viewvc/lib/__pycache__/blame%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/common%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/config%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/cvsdb%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/dbi%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/ezt%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/idiff%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/popen%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/sapi%%PYTHON_TAG%%.pyc viewvc/lib/__pycache__/viewvc%%PYTHON_TAG%%.pyc viewvc/lib/accept.py -viewvc/lib/blame.py viewvc/lib/common.py viewvc/lib/config.py viewvc/lib/cvsdb.py viewvc/lib/dbi.py viewvc/lib/ezt.py viewvc/lib/idiff.py viewvc/lib/popen.py viewvc/lib/sapi.py viewvc/lib/vcauth/__init__.py viewvc/lib/vcauth/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vcauth/forbidden/__init__.py viewvc/lib/vcauth/forbidden/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vcauth/forbiddenre/__init__.py viewvc/lib/vcauth/forbiddenre/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vcauth/svnauthz/__init__.py viewvc/lib/vcauth/svnauthz/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vclib/__init__.py viewvc/lib/vclib/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/__init__.py viewvc/lib/vclib/ccvs/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/__pycache__/bincvs%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/__pycache__/blame%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/__pycache__/ccvs%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/bincvs.py viewvc/lib/vclib/ccvs/blame.py viewvc/lib/vclib/ccvs/ccvs.py viewvc/lib/vclib/ccvs/rcsparse/__init__.py viewvc/lib/vclib/ccvs/rcsparse/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/rcsparse/__pycache__/common%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/rcsparse/__pycache__/debug%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/rcsparse/__pycache__/default%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/rcsparse/__pycache__/parse_rcs_file%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/rcsparse/__pycache__/run-tests%%PYTHON_TAG%%.pyc viewvc/lib/vclib/ccvs/rcsparse/common.py viewvc/lib/vclib/ccvs/rcsparse/debug.py viewvc/lib/vclib/ccvs/rcsparse/default.py viewvc/lib/vclib/ccvs/rcsparse/parse_rcs_file.py viewvc/lib/vclib/ccvs/rcsparse/run-tests.py viewvc/lib/vclib/ccvs/rcsparse/test-data/default,v viewvc/lib/vclib/ccvs/rcsparse/test-data/default.out viewvc/lib/vclib/ccvs/rcsparse/test-data/empty-file,v viewvc/lib/vclib/ccvs/rcsparse/test-data/empty-file.out viewvc/lib/vclib/svn/__init__.py viewvc/lib/vclib/svn/__pycache__/__init__%%PYTHON_TAG%%.pyc viewvc/lib/vclib/svn/__pycache__/svn_ra%%PYTHON_TAG%%.pyc viewvc/lib/vclib/svn/__pycache__/svn_repos%%PYTHON_TAG%%.pyc viewvc/lib/vclib/svn/svn_ra.py viewvc/lib/vclib/svn/svn_repos.py viewvc/lib/viewvc.py @sample viewvc/mimetypes.conf.sample viewvc/templates/classic/_diff_display.ezt viewvc/templates/classic/_diff_form.ezt viewvc/templates/classic/_dir_footer.ezt viewvc/templates/classic/_dir_header.ezt viewvc/templates/classic/_file_header.ezt viewvc/templates/classic/_footer.ezt viewvc/templates/classic/_header.ezt viewvc/templates/classic/_log_footer.ezt viewvc/templates/classic/_log_header.ezt viewvc/templates/classic/_paging.ezt viewvc/templates/classic/_pathrev_form.ezt viewvc/templates/classic/_props.ezt viewvc/templates/classic/_sort.ezt viewvc/templates/classic/diff.ezt viewvc/templates/classic/dir_new.ezt viewvc/templates/classic/directory.ezt viewvc/templates/classic/docroot/help.css viewvc/templates/classic/docroot/help_dirview.html viewvc/templates/classic/docroot/help_log.html viewvc/templates/classic/docroot/help_rootview.html viewvc/templates/classic/docroot/images/annotate.png viewvc/templates/classic/docroot/images/back.png viewvc/templates/classic/docroot/images/back_small.png viewvc/templates/classic/docroot/images/binary.png viewvc/templates/classic/docroot/images/broken.png viewvc/templates/classic/docroot/images/chalk.jpg viewvc/templates/classic/docroot/images/cvsgraph_16x16.png viewvc/templates/classic/docroot/images/cvsgraph_32x32.png viewvc/templates/classic/docroot/images/diff.png viewvc/templates/classic/docroot/images/dir.png viewvc/templates/classic/docroot/images/down.png viewvc/templates/classic/docroot/images/download.png viewvc/templates/classic/docroot/images/favicon.ico viewvc/templates/classic/docroot/images/feed-icon-16x16.jpg viewvc/templates/classic/docroot/images/forward.png viewvc/templates/classic/docroot/images/image.png viewvc/templates/classic/docroot/images/list.png viewvc/templates/classic/docroot/images/lock.png viewvc/templates/classic/docroot/images/log.png viewvc/templates/classic/docroot/images/text.png viewvc/templates/classic/docroot/images/up.png viewvc/templates/classic/docroot/images/view.png viewvc/templates/classic/docroot/images/viewvc-logo.png viewvc/templates/classic/docroot/styles.css viewvc/templates/classic/error.ezt viewvc/templates/classic/file.ezt viewvc/templates/classic/graph.ezt viewvc/templates/classic/log.ezt viewvc/templates/classic/log_table.ezt viewvc/templates/classic/query_form.ezt viewvc/templates/classic/query_results.ezt viewvc/templates/classic/revision.ezt viewvc/templates/classic/roots.ezt viewvc/templates/classic/rss.ezt viewvc/templates/default/_diff_display.ezt viewvc/templates/default/_diff_form.ezt viewvc/templates/default/_footer.ezt viewvc/templates/default/_header.ezt viewvc/templates/default/_pathrev_form.ezt viewvc/templates/default/_props.ezt viewvc/templates/default/diff.ezt viewvc/templates/default/directory.ezt viewvc/templates/default/docroot/help.css viewvc/templates/default/docroot/help_dirview.html viewvc/templates/default/docroot/help_log.html viewvc/templates/default/docroot/help_rootview.html viewvc/templates/default/docroot/images/back.png viewvc/templates/default/docroot/images/back_small.png viewvc/templates/default/docroot/images/binary.png viewvc/templates/default/docroot/images/broken.png viewvc/templates/default/docroot/images/cvs-logo.png viewvc/templates/default/docroot/images/dir.png viewvc/templates/default/docroot/images/down.png viewvc/templates/default/docroot/images/feed-icon-16x16.jpg viewvc/templates/default/docroot/images/forward.png viewvc/templates/default/docroot/images/image.png viewvc/templates/default/docroot/images/lock-icon.gif viewvc/templates/default/docroot/images/svn-logo.png viewvc/templates/default/docroot/images/text.png viewvc/templates/default/docroot/images/up.png viewvc/templates/default/docroot/images/viewvc-logo.png viewvc/templates/default/docroot/scripts.js viewvc/templates/default/docroot/styles.css viewvc/templates/default/error.ezt viewvc/templates/default/file.ezt viewvc/templates/default/graph.ezt viewvc/templates/default/log.ezt viewvc/templates/default/query_form.ezt viewvc/templates/default/query_results.ezt viewvc/templates/default/revision.ezt viewvc/templates/default/roots.ezt viewvc/templates/default/rss.ezt @sample viewvc/viewvc.conf.sample