Release 1.13.3 and 1.13.4 fix two security issues, and 22 bugs. Release notes: - https://blog.gitea.io/2021/03/gitea-1.13.3-is-released/ - https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/
[vagrant@porttest-13 ~/vuxml]$ make validate /bin/sh /usr/home/vagrant/vuxml/files/tidy.sh "/usr/home/vagrant/vuxml/files/tidy.xsl" "/usr/home/vagrant/vuxml/vuln-flat.xml" > "/usr/home/vagrant/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/home/vagrant/vuxml/vuln-flat.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python3.7 /usr/home/vagrant/vuxml/files/extra-validation.py /usr/home/vagrant/vuxml/vuln-flat.xml Warning: description too long (6137 chars, 5000 is warning threshold): f00b65d8-7ccb-11eb-b3be-e09467587c17) The warning concerns an older, pre-existing entry.
Created attachment 223089 [details] Update Gitea port to 1.13.4
Created attachment 223090 [details] VuXML entry for Gitea before 1.13.4
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field. ^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval. -- Attachment -> Details -> maintainer-approval [+] Thanks!
A commit references this bug: Author: nc Date: Wed Mar 10 18:45:25 UTC 2021 New revision: 568030 URL: https://svnweb.freebsd.org/changeset/ports/568030 Log: Document vulnerabilities in www/gitea < 1.13.4 PR: 254130 Submitted by: stb AT lassitu DOT de (maintainer) Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: nc Date: Wed Mar 10 18:48:44 UTC 2021 New revision: 568031 URL: https://svnweb.freebsd.org/changeset/ports/568031 Log: www/gitea: Update to 1.13.4 This update fixes security vulnerabilities * https://blog.gitea.io/2021/03/gitea-1.13.3-is-released/ * https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/ PR: 254130 Submitted by: stb AT lassitu DOT de (maintainer) MFH: 2021Q1 Security: 502ba001-7ffa-11eb-911c-0800278d94f Changes: head/www/gitea/Makefile head/www/gitea/distinfo
Committed and MFH'd!
A commit references this bug: Author: nc Date: Wed Mar 10 18:49:37 UTC 2021 New revision: 568032 URL: https://svnweb.freebsd.org/changeset/ports/568032 Log: MFH: r568031 www/gitea: Update to 1.13.4 This update fixes security vulnerabilities * https://blog.gitea.io/2021/03/gitea-1.13.3-is-released/ * https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/ PR: 254130 Submitted by: stb AT lassitu DOT de (maintainer) Security: 502ba001-7ffa-11eb-911c-0800278d94f Approved by: portmgr (security blanket) Changes: _U branches/2021Q1/ branches/2021Q1/www/gitea/Makefile branches/2021Q1/www/gitea/distinfo
Looks like there is a typo in the VuXML patch: minimum fixed version is erroneously 1.13.24 instead of 1.13.4. That causes the updated port being mistakenly flagged as vulnerable.
(In reply to Cluboq from comment #9) You are correct, thanks for spotting that! Neel, do I need to update the patch, or can you fix the line in the vuxml directly? Instead of <range><lt>1.13.24</lt></range> it should be <range><lt>1.13.4</lt></range> Stefan
A commit references this bug: Author: fernape Date: Thu Mar 11 14:01:40 UTC 2021 New revision: 568095 URL: https://svnweb.freebsd.org/changeset/ports/568095 Log: security/vuxml: Fix www/gitea entry. s/1.13.24/1.13.4 PR: 254130 Reported by: clubok@gmx.net Changes: head/security/vuxml/vuln.xml
Entry fixed. Thanks!