Differential D9550

Update www/tt-rss to 454292b2
ClosedPublic
Actions

Authored by dereks_lifeofadishwasher.com on Feb 12 2017, 7:23 AM.

Details

Reviewers

thierry

Commits

rP434054: - Address a possible XSS attack from commit 829d478f1 and 3891782cf

Summary

Address a possible XSS attack from commit 829d478f1 and 3891782cf
- A CVE has been requested for 829d478f1
A lot of other updates: https://tt-rss.org/gitlab/fox/tt-rss/compare/db92edd1...454292b2

Test Plan

testport, bulk, install
confirm ttrssd starts and web UI loads

Diff Detail

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 7371
Build 7536: arc lint + arc unit

Event Timeline

dereks_lifeofadishwasher.com updated this revision to Diff 25036.Feb 12 2017, 7:23 AM

dereks_lifeofadishwasher.com retitled this revision from to Update www/tt-rss to 2187322c.

dereks_lifeofadishwasher.com updated this object.

dereks_lifeofadishwasher.com edited the test plan for this revision. (Show Details)

dereks_lifeofadishwasher.com added a reviewer: thierry.

Looks like there was another update to that fixes more window.opener issues. Going to update this commit to reflect that.

Update to 454292b29 to include more window.opener fixes

Excluded previous commit - included here.

dereks_lifeofadishwasher.com retitled this revision from Update www/tt-rss to 2187322c to Update www/tt-rss to 454292b2.Feb 13 2017, 6:00 AM

dereks_lifeofadishwasher.com updated this object.

Closed by commit rP434054: - Address a possible XSS attack from commit 829d478f1 and 3891782cf (authored by thierry). · Explain WhyFeb 13 2017, 9:26 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

www/

tt-rss/

Makefile

4 lines

distinfo

6 lines

pkg-plist

360 lines

Diff 25036

View Options

www/tt-rss/Makefile

	#			#
				emasteUnsubmitted Not Done Inline Actions maybe remove this one too? emaste: maybe remove this one too?
	#

	#
	# Example devd configuration file for automatically			# Example devd configuration file for automatically
	# loading what modules we can based on nomatch			# loading what modules we can based on nomatch
	# events.			# events.
	#			#

				#
				# Ignore those devices that can't possibly match. When there's neither a
				# location, nor a pnpinfo string, we know that there's nothing devmatch can
				# match on. When it's only a location, it'd debateable, but for nomatch
				# events, we can't disambiguate between the two reliably.
				#
				nomatch 101 {
				match "_" " +at +on .*";
				};

				#
				# Ignore ACPI devices whose _HID is none. These cannot tell us what to load,
				# since 'none' is not a valid id. There's no need to call devvmatch for these either.
				#
				nomatch 101 {
				match "_HID" "none";
				match "bus" "acpi[0-9]+";
				};

				#
	# Generic NOMATCH event			# Generic NOMATCH event
				#
				# Note: It would be better to have some internal-to-devd action that will do
				# what devmatch does without re-parsing loader.hints for each invocation
				#
	nomatch 100 {			nomatch 100 {
	action "service devmatch quietstart '?'$_";			action "service devmatch quietstart $*";
	};			};

	# Add the following to devd.conf to prevent this from running:			# Add the following to devd.conf to prevent this from running:
	# nomatch 1000 {			# nomatch 1000 {
	# action "true";			# action "true";
	# };			# };
	# it replaces the generic event with one of higher priority that			# it replaces the generic event with one of higher priority that
	# does nothing. You can also set 'devmatch_enable=NO' in /etc/rc.conf			# does nothing. You can also set 'devmatch_enable=NO' in /etc/rc.conf

View Options

www/tt-rss/distinfo

View Options

Update www/tt-rss to 454292b2ClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 25036

www/tt-rss/Makefile

www/tt-rss/distinfo

www/tt-rss/pkg-plist

Update www/tt-rss to 454292b2
ClosedPublic
Actions

Revision Contents
Changeset List