Bug 281949 - www/gitea: update to 1.22.3 (fixes security vulnerability)
Summary: www/gitea: update to 1.22.3 (fixes security vulnerability)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Vladimir Druzenko
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-09 06:55 UTC by Stefan Bethke
Modified: 2024-10-09 22:38 UTC (History)
1 user (show)

See Also:
stb: maintainer-feedback+
vvd: merge-quarterly+

Attachments
patch to update port plus vuxml entry (2.43 KB, patch)
2024-10-09 06:55 UTC, Stefan Bethke 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Bethke 2024-10-09 06:55:32 UTC 
Created attachment 254102 [details]
patch to update port plus vuxml entry

Update port to 1.22.3

Release notes: https://github.com/go-gitea/gitea/releases

Also fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281264
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-10-09 22:10:55 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=83ec241c5420ce9ccf1195c0f8db95e87cd1f31b

commit 83ec241c5420ce9ccf1195c0f8db95e87cd1f31b
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-10-09 22:08:03 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-09 22:08:03 +0000

    security/vuxml: Add record for www/gitea: Fix bug when a token is given public only

    PR:     281949

 security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
Comment 2 commit-hook freebsd_committer freebsd_triage 2024-10-09 22:30:59 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c1cc8c5f75f6e85e544498d7dc52e6fe5e2be8e0

commit c1cc8c5f75f6e85e544498d7dc52e6fe5e2be8e0
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-10-09 22:25:16 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-09 22:29:50 +0000

    www/gitea: Update 1.22.2 → 1.22.3 (fixes security vulnerability)

    Changelog:
    https://github.com/go-gitea/gitea/releases/tag/v1.22.3

    `su -m` cause checking authorized_keys in wrong place - replace it with `su`.

    PR:     281949 281264
    MFH:    2024Q4

 www/gitea/Makefile       | 2 +-
 www/gitea/distinfo       | 6 +++---
 www/gitea/files/gitea.in | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-10-09 22:37:00 UTC 
A commit in branch 2024Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=85650cc5aa90190d9bc5865d83921a0915abddda

commit 85650cc5aa90190d9bc5865d83921a0915abddda
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-10-09 22:25:16 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-09 22:35:44 +0000

    www/gitea: Update 1.22.2 → 1.22.3 (fixes security vulnerability)

    Changelog:
    https://github.com/go-gitea/gitea/releases/tag/v1.22.3

    `su -m` cause checking authorized_keys in wrong place - replace it with `su`.

    PR:     281949 281264
    MFH:    2024Q4
    (cherry picked from commit c1cc8c5f75f6e85e544498d7dc52e6fe5e2be8e0)

 www/gitea/Makefile       | 2 +-
 www/gitea/distinfo       | 6 +++---
 www/gitea/files/gitea.in | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 4 Vladimir Druzenko freebsd_committer freebsd_triage 2024-10-09 22:38:20 UTC 
Thanks.