Update port to Gitea 1.9.2. Gitea 1.9.2 fixes two security issues and four bugs, and includes one enhancement and one build fix. Release notes: https://blog.gitea.io/2019/08/gitea-1.9.2-is-released/
Created attachment 206801 [details] patch to update gitea port to 1.9.2
Created attachment 206802 [details] vuxml entry for the two vulns fixed in gitea 1.9.2
Forgot to mention: As suggested in #240033, change the git dependency to git-lite, which provides all the functionality Gitea requires. Applying this patch should close #240033.
I've updated the patch to remove the change to git dependencies because git-lite conflicts with git (on the package level), and upgrading will force removing git and switching to git-lite. I think that violates POLA.
Created attachment 206803 [details] patch to update gitea port to 1.9.2
Per comment 3, attachment 206803 [details] no longer blocks/closes bug 240033
A commit references this bug: Author: kai Date: Fri Aug 23 21:16:53 UTC 2019 New revision: 509659 URL: https://svnweb.freebsd.org/changeset/ports/509659 Log: security/vuxml: Document www/gitea issues PR: 240046 Submitted by: stb@lassitu.de (maintainer) Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: kai Date: Sat Aug 24 07:36:15 UTC 2019 New revision: 509712 URL: https://svnweb.freebsd.org/changeset/ports/509712 Log: www/gitea: Update to 1.9.2 Changelog: https://blog.gitea.io/2019/08/gitea-1.9.2-is-released/ PR: 240046 Submitted by: stb@lassitu.de (maintainer) MFH: 2019Q3 Security: e7392840-c520-11e9-a4ef-0800274e5f20 Changes: head/www/gitea/Makefile head/www/gitea/distinfo
(In reply to stb from comment #0) Committed to the head branch, thank you for the patch, Stefan! Still waiting for approval from the ports-secteam to commit the changes to the 2019Q3 branch. One small note/question: The "# Created by:" line was removed in the attached diffs. I have restored that line because it wasn't mentioned in the bug description or any other comments of this PR. I can still remove that line with an additional commit, if it was really intended.
A commit references this bug: Author: kai Date: Sun Aug 25 08:07:18 UTC 2019 New revision: 509776 URL: https://svnweb.freebsd.org/changeset/ports/509776 Log: MFH: r509712 www/gitea: Update to 1.9.2 Changelog: https://blog.gitea.io/2019/08/gitea-1.9.2-is-released/ PR: 240046 Submitted by: stb@lassitu.de (maintainer) Security: e7392840-c520-11e9-a4ef-0800274e5f20 Approved by: ports-secteam (miwi) Changes: _U branches/2019Q3/ branches/2019Q3/www/gitea/Makefile branches/2019Q3/www/gitea/distinfo
Committed to the 2019Q3 branch, all done! P.S.: Stefan, for the case if you want me to remove the "# Created by" line as noted in comment #9 just write a short feedback in this PR.