FreeBSD Bugzilla – Attachment 247026 Details for
Bug 275742
www/gitea: update to 1.21.3 (fixes security vulnerabilities)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to update the gitea port to 1.21.2
gitea-1.21.2.patch (text/plain), 2.94 KB, created by
Stefan Bethke
on 2023-12-13 10:47:55 UTC
(
hide
)
Description:
Patch to update the gitea port to 1.21.2
Filename:
MIME Type:
Creator:
Stefan Bethke
Created:
2023-12-13 10:47:55 UTC
Size:
2.94 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml >index 3945aadcb2bf..5e3a229f3692 100644 >--- a/security/vuxml/vuln/2023.xml >+++ b/security/vuxml/vuln/2023.xml >@@ -1,3 +1,34 @@ >+ <vuln vid="482bb980-99a3-11ee-b5f7-6bd56600d90c"> >+ <topic>gitea -- missing permission checks</topic> >+ <affects> >+ <package> >+ <name>gitea</name> >+ <range><lt>1.21.2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The Gitea team reports:</p> >+ <blockquote cite="https://github.com/go-gitea/gitea/pull/28406"> >+ <p>Fix missing check</p> >+ </blockquote> >+ <blockquote cite="https://github.com/go-gitea/gitea/pull/28423"> >+ <p>Do some missing checks</p> >+ </blockquote> >+ <p>By crafting an API request, attackers can access the contents of >+ issues even though the logged-in user does not have access rights to >+ these issues.</p> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/go-gitea/gitea/releases/tag/v1.21.2</url> >+ </references> >+ <dates> >+ <discovery>2023-08-30</discovery> >+ <entry>2023-09-10</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="8eefff69-997f-11ee-8e38-002590c1f29c"> > <topic>FreeBSD -- NFS client data corruption and kernel memory disclosure</topic> > <affects> >diff --git a/www/gitea/Makefile b/www/gitea/Makefile >index 287dba7c6138..b0c08e68ecfc 100644 >--- a/www/gitea/Makefile >+++ b/www/gitea/Makefile >@@ -1,7 +1,6 @@ > PORTNAME= gitea > DISTVERSIONPREFIX= v >-DISTVERSION= 1.21.0 >-PORTREVISION= 1 >+DISTVERSION= 1.21.2 > CATEGORIES= www > MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \ > https://dl.gitea.io/gitea/${DISTVERSION}/ >diff --git a/www/gitea/distinfo b/www/gitea/distinfo >index 011dfb106ba4..ccfd4c39b02e 100644 >--- a/www/gitea/distinfo >+++ b/www/gitea/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1699991932 >-SHA256 (gitea-src-1.21.0.tar.gz) = 69b12778b3b5f24aecff08d8e5122e4edf784bda2e4335b77f2bbd0404a11a93 >-SIZE (gitea-src-1.21.0.tar.gz) = 53744981 >+TIMESTAMP = 1702463449 >+SHA256 (gitea-src-1.21.2.tar.gz) = fb31b8b722634b0a1c2035703a3e1187017b87fe96042386ffa8f80750035dab >+SIZE (gitea-src-1.21.2.tar.gz) = 53795805 >diff --git a/www/gitea/pkg-message b/www/gitea/pkg-message >index e3393b659d24..2bbd58784bc0 100644 >--- a/www/gitea/pkg-message >+++ b/www/gitea/pkg-message >@@ -1,4 +1,19 @@ > [ >+{ type: upgrade >+ maximum_version: 1.20.0 >+ message: <<EOM >+Please make sure to empty or maintain the contents of the >+/usr/local/share/gitea folder between your upgrades of gitea. >+Changes between versions can break the web UI due to residual >+files from earlier versions. >+ >+1.21.0 has a breaking change regarding the public assets folder. In case >+you use a proxying webserver serving the files, you need to update your >+configuration: >+ >+https://github.com/go-gitea/gitea/pull/25907 >+EOM >+} > { type: upgrade > maximum_version: 1.7.6 > message: <<EOM
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=247026">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 275742
: 247026 |
247191