Bug 273379 - www/gitea: Update to 1.20.3 (fixes security vulnerabilities)
Summary: www/gitea: Update to 1.20.3 (fixes security vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Li-Wen Hsu
URL: https://blog.gitea.com/release-of-1.20.3
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-08-27 08:20 UTC by Stefan Bethke
Modified: 2023-08-28 15:19 UTC (History)
3 users (show)

See Also:
stb: maintainer-feedback+
grahamperrin: merge-quarterly?

Attachments
patch to update port to 1.20.3 plus vuxml entry (2.19 KB, patch)
2023-08-27 08:20 UTC, Stefan Bethke 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Bethke 2023-08-27 08:20:26 UTC 
Created attachment 244378 [details]
patch to update port to 1.20.3 plus vuxml entry

Update gitea to 1.20.3

This release contains one security fix, one breaking change when using [storage] type local and package repositories, as well as a number of enhancements and bug fixes. See the release notes for details.

Release notes: 
* https://blog.gitea.com/release-of-1.20.3
* https://github.com/go-gitea/gitea/releases/tag/v1.20.3
Comment 1 Graham Perrin 2023-08-27 08:46:20 UTC 
<https://github.com/go-gitea/gitea/pull/25097#issue-1743460192> (opening post): 

> … not really a security issue, …

<https://github.com/go-gitea/gitea/pull/25097#issuecomment-1579149601>: 

> I would argue that this _is_ in fact a security issue? …

Any arguments asid, <https://blog.gitea.com/release-of-1.20.3/#changelog> does authoritatively place 25097 (and 26350) under the heading of SECURITY, so, I reckon: 

* Bugzilla keyword security

* affects many people

* maximise the priority, to normal.
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-08-28 15:17:57 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=14812e1ef4915022eeacde6bd035db8ea3d7074c

commit 14812e1ef4915022eeacde6bd035db8ea3d7074c
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2023-08-28 15:16:04 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2023-08-28 15:17:03 +0000

    www/gitea: Update to 1.20.3

    PR:             273379
    Security:       36a37c92-44b1-11ee-b091-6162c1274384

 www/gitea/Makefile | 3 +--
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-08-28 15:17:59 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c9de928254bda56201e2b60055d135c35067eba7

commit c9de928254bda56201e2b60055d135c35067eba7
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2023-08-28 15:13:51 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2023-08-28 15:17:02 +0000

    security/vuxml: Document gitea -- information disclosure

    PR:             273379

 security/vuxml/vuln/2023.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-08-28 15:19:00 UTC 
A commit in branch 2023Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6693d5fa18f48612f3856de7853eeddd53be9a07

commit 6693d5fa18f48612f3856de7853eeddd53be9a07
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2023-08-28 15:16:04 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2023-08-28 15:18:06 +0000

    www/gitea: Update to 1.20.3

    PR:             273379
    Security:       36a37c92-44b1-11ee-b091-6162c1274384
    (cherry picked from commit 14812e1ef4915022eeacde6bd035db8ea3d7074c)

 www/gitea/Makefile | 3 +--
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)