Update port to Gitea 1.9.5. This release fixes six security issues, a large number of bugs, and adds a large number of features. Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.11.0
Patch forthcoming, but there is an issue with the simple upgrade to the new version that I need to investigate first. At least the web interface appears to be broken...
With 1.11, Gitea change the build from one that is more or less pure Go to a gmake based build that includes building JS and CSS using an NPM-based toolset. It might take me a moment to rework the port to support that.
I managed to convert the build from Go to gmake, but the npm install issue blocks progress. I've opened an issue upstream: https://github.com/go-gitea/gitea/issues/10253
Version 1.11.1 has been released, with the source tarball containing the node modules and also a pre-built vresion of the CSS and JS files. I'll try and get a patch up for that in the next couple of days. Since it's a bit easier and less disruptive, I might open a separate PR for the update to 1.10.4, which also was just released. I don't think the two release lines merit separate ports, as Gitea is pretty quick to abandon the previous release line. I would not expect them to release another 1.10 release.
I agree that there's no need for a gitea110 port. At the end of the day, it may come down to needing to produce a tarball of the node deps ourselves. I don't know of any other way around it, if gitea goes back to not bundling pre-built stuff. How's the 1.11.1 patch coming along?
Oh, upstream has already added the deps to their source tarball. I just haven't had a chance finish adjusting the port yet. I hope I can do that the next couple of days.
Created attachment 212219 [details] Patch to update gitea port to 1.11.2
Created attachment 212220 [details] vuxml entry for fixed vulns
Updated info: Update port to Gitea 1.11.2 This release fixes fourteen security issues and numerous bugs, and adds many features. Release notes: * https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/ * https://blog.gitea.io/2020/02/gitea-1.11.1-is-released/ * https://blog.gitea.io/2020/02/gitea-1.11.2-is-released/
(In reply to stb from comment #9) The `DEPENDS= git-lfs:devel/git-lfs` line won't do anything... there's no such variable. Do you intend for that to be a hard dependency or optional? Instead of the BINDATA PLIST_SUB block, just set `OPTIONS_SUB= yes`. You generally shouldn't be passing `-j1` in manually. Does `MAKE_JOBS_UNSAFE= yes` do what you want instead? Instead of `if ! ${PORT_OPTIONS:MBINDATA}`, the proper construct is `if empty(PORT_OPTIONS:MBINDATA)`. But the most proper approach there is to put it in a `post-install-BINDATA-on:` target.
Thanks for the pointers, I'll work them in asap. With respect to > Instead of the BINDATA PLIST_SUB block, just set `OPTIONS_SUB= yes`. The logic of the option is reversed: by activating BINDATA, the plist gets shortened, as the files are being built into the executable. Is there a way to express that, or should the meaning of the option be reversed to NOBINDATA to make the Makefile more readable?
(In reply to stb from comment #11) Ah, you're totally right! I'd missed that. You're correct, there's no other way to express that.
Then I'll stick to the current logic, since I find negative options really confusing.
Created attachment 212223 [details] v2 of patch to update Gitea to 1.11.2
The BINDATA stuff in do-install has been reversed. Now, those three dirs will get installed if BINDATA is *ON*. I think you want them only installed when it's off, correct? I'll fix it up in the commit.
(In reply to Adam Weinberger from comment #15) Yes, you are correct, thanks for spotting it!
A commit references this bug: Author: adamw Date: Sat Mar 7 18:30:05 UTC 2020 New revision: 527958 URL: https://svnweb.freebsd.org/changeset/ports/527958 Log: gitea: Update to 1.11.2, contains security fixes https://blog.gitea.io/2020/02/gitea-1.11.0-is-released https://blog.gitea.io/2020/02/gitea-1.11.1-is-released https://blog.gitea.io/2020/02/gitea-1.11.2-is-released PR: 244025 Submitted by: maintainer MFH: 2020Q1 Security: yes (see links above) Changes: head/www/gitea/Makefile head/www/gitea/distinfo head/www/gitea/files/patch-vendor_golang.org_x_sys_unix_ztypes__freebsd__arm64.go head/www/gitea/pkg-plist
A commit references this bug: Author: adamw Date: Sat Mar 7 18:31:08 UTC 2020 New revision: 527959 URL: https://svnweb.freebsd.org/changeset/ports/527959 Log: Add entry for www/gitea PR: 244025 Submitted by: maintainer Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: adamw Date: Sat Mar 7 18:42:57 UTC 2020 New revision: 527962 URL: https://svnweb.freebsd.org/changeset/ports/527962 Log: MFH: r526626 r527958 www/gitea: Update to 1.10.4 Changes: https://github.com/go-gitea/gitea/releases/tag/v1.10.4 PR: 244246 Submitted by: stb@lassitu.de (maintainer) gitea: Update to 1.11.2, contains security fixes https://blog.gitea.io/2020/02/gitea-1.11.0-is-released https://blog.gitea.io/2020/02/gitea-1.11.1-is-released https://blog.gitea.io/2020/02/gitea-1.11.2-is-released PR: 244025 Submitted by: maintainer Security: yes (see links above) Approved by: portmgr (with hat) Changes: _U branches/2020Q1/ branches/2020Q1/www/gitea/Makefile branches/2020Q1/www/gitea/distinfo branches/2020Q1/www/gitea/files/patch-vendor_golang.org_x_sys_unix_ztypes__freebsd__arm64.go branches/2020Q1/www/gitea/pkg-plist
Ok, everything's committed and it's been merged to quarterly (for the security fixes). Thanks for all your work on this!