FreeBSD Bugzilla – Attachment 243426 Details for
Bug 272538
www/gitea: Update to 1.20.0 (fixes security vulnerabilities)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to bringe the port to 1.20.0
gitea-1.20.0.patch (text/plain), 2.39 KB, created by
Stefan Bethke
on 2023-07-16 21:17:03 UTC
(
hide
)
Description:
patch to bringe the port to 1.20.0
Filename:
MIME Type:
Creator:
Stefan Bethke
Created:
2023-07-16 21:17:03 UTC
Size:
2.39 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml >index aa6f016e3156..9933364b3f5f 100644 >--- a/security/vuxml/vuln/2023.xml >+++ b/security/vuxml/vuln/2023.xml >@@ -1,3 +1,36 @@ >+ <vuln vid="b3f77aae-241c-11ee-9684-c11c23f7b0f9"> >+ <topic>gitea -- multiple issues</topic> >+ <affects> >+ <package> >+ <name>gitea</name> >+ <range><lt>1.20.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The Gitea team reports:</p> >+ <blockquote cite="https://github.com/go-gitea/gitea/pull/22759"> >+ <p>Test if container blob is accessible before mounting.</p> >+ </blockquote> >+ <blockquote cite="https://github.com/go-gitea/gitea/pull/22175"> >+ <p>Set type="password" on all auth_token fields</p> >+ <p>Seen when migrating from other hosting platforms.</p> >+ <p>Prevents exposing the token to screen capture/cameras/eyeballs.</p> >+ <p>Prevents the browser from saving the value in its autocomplete >+ dictionary, which often is not secure.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://blog.gitea.com/release-of-1.20.0</url> >+ <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.0</url> >+ </references> >+ <dates> >+ <discovery>2023-06-08</discovery> >+ <entry>2023-07-05</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75"> > <topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic> > <affects> >diff --git a/www/gitea/Makefile b/www/gitea/Makefile >index 7b07a52bde93..d3396e508f97 100644 >--- a/www/gitea/Makefile >+++ b/www/gitea/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= gitea > DISTVERSIONPREFIX= v >-DISTVERSION= 1.19.4 >+DISTVERSION= 1.20.0 > CATEGORIES= www > MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \ > https://dl.gitea.io/gitea/${DISTVERSION}/ >diff --git a/www/gitea/distinfo b/www/gitea/distinfo >index ec1c92eb90df..599a7ceadec8 100644 >--- a/www/gitea/distinfo >+++ b/www/gitea/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1688548753 >-SHA256 (gitea-src-1.19.4.tar.gz) = bcd30d10a32952854b506c0f3d584b29f1251668c25a06476398b596236cfb19 >-SIZE (gitea-src-1.19.4.tar.gz) = 55781048 >+TIMESTAMP = 1689540982 >+SHA256 (gitea-src-1.20.0.tar.gz) = 304d9961279a1ebbbfef00450665cba5ff5d2a99745abb6b980aa6cf0dfbb6ae >+SIZE (gitea-src-1.20.0.tar.gz) = 49049895
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=243426">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 272538
: 243426