Summary: | www/gitea: Update to 1.8.0 (fixes security vulnerabilities) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Stefan Bethke <stb> | ||||||||
Component: | Individual Port(s) | Assignee: | Jochen Neumeister <joneum> | ||||||||
Status: | Closed FIXED | ||||||||||
Severity: | Affects Only Me | CC: | adamw, joneum, swills | ||||||||
Priority: | --- | ||||||||||
Version: | Latest | ||||||||||
Hardware: | Any | ||||||||||
OS: | Any | ||||||||||
Attachments: |
|
Description
Stefan Bethke
2019-05-03 15:43:44 UTC
Created attachment 204195 [details]
Patch to update Gitea to 1.8.0
Created attachment 204196 [details]
vuln.xml entry for the security vulnerabilities fixed in 1.8.0
Please also add the following entry to UPDATING: 20190503: AFFECTS: users of www/gitea AUTHOR: stb@lassitu.de Gitea requires the addition of another secret to the config file in order to start up. Either manually add JWT_SECRET to the ${PREFIX}/etc/gitea/conf/app.ini config file (see app.ini.example), or allow Gitea to make the change for you by making the config file writable to the git user. Sorry, make that: 20190503: AFFECTS: users of www/gitea AUTHOR: stb@lassitu.de Gitea requires the addition of another secret to the config file in order to start up. Either manually add JWT_SECRET to the ${PREFIX}/etc/gitea/conf/app.ini config file (see app.ini.sample), or allow Gitea to make the change for you by making the config file writable to the git user. (app.ini.sample is correct) Created attachment 204214 [details]
Update port to 1.8.0
Added a pig-message to inform users about the necessary change to the config file.
A commit references this bug: Author: joneum Date: Mon May 6 08:47:08 UTC 2019 New revision: 500901 URL: https://svnweb.freebsd.org/changeset/ports/500901 Log: Add entry for www/gitea PR: 237734 Sponsored by: Netzkommune GmbH Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: joneum Date: Mon May 6 08:51:37 UTC 2019 New revision: 500902 URL: https://svnweb.freebsd.org/changeset/ports/500902 Log: www/gitea: Update to 1.8.0 Changelog: https://blog.gitea.io/2019/04/gitea-1.8.0-is-released/ - Add UPDATING PR: 237734 Submitted by: stb@lassitu.de (maintainer) MFH: 2019Q2 Security: a1de4ae9-6fda-11e9-9ba0-4c72b94353b5 Sponsored by: Netzkommune GmbH Changes: head/UPDATING head/www/gitea/Makefile head/www/gitea/distinfo head/www/gitea/files/app.ini.sample.in head/www/gitea/pkg-message head/www/gitea/pkg-plist A commit references this bug: Author: joneum Date: Mon May 6 09:09:37 UTC 2019 New revision: 500904 URL: https://svnweb.freebsd.org/changeset/ports/500904 Log: Update to 1.8.0 Changelog: https://blog.gitea.io/2019/04/gitea-1.8.0-is-released/ PR: 237734 Submitted by: stb@lassitu.de (maintainer) Approved by: ports-secteam (joneum) Security: a1de4ae9-6fda-11e9-9ba0-4c72b94353b5 Sponsored by: Netzkommune GmbH Changes: branches/2019Q2/www/gitea/Makefile branches/2019Q2/www/gitea/distinfo branches/2019Q2/www/gitea/files/app.ini.sample.in branches/2019Q2/www/gitea/pkg-message branches/2019Q2/www/gitea/pkg-plist All done. Thx :-) I'm getting some strange errors running this. It appears from the first line that it's looking for app.ini in the wrong directory. Is it doing this for you too? 019/05/06 04:38:26 [W] Custom config '/usr/local/sbin/custom/conf/app.ini' not found, ignore this if you're running first time 2019/05/06 04:38:26 [T] AppPath: /usr/local/sbin/gitea 2019/05/06 04:38:26 [T] AppWorkPath: /usr/local/sbin 2019/05/06 04:38:26 [T] Custom path: /usr/local/sbin/custom 2019/05/06 04:38:26 [T] Log path: /usr/local/sbin/log 2019/05/06 04:38:26 [I] Gitea v1.8.0 built with go1.12.4 2019/05/06 04:38:26 [I] Log Mode: Console(Info) 2019/05/06 04:38:26 [I] XORM Log Mode: Console(Info) 2019/05/06 04:38:26 [I] Cache Service Enabled 2019/05/06 04:38:26 [I] Session Service Enabled 2019/05/06 04:38:26 [I] SQLite3 Supported 2019/05/06 04:38:26 [I] Run Mode: Development panic: fail to set message file(en-US): open conf/locale/locale_en-US.ini: no such file or directory goroutine 1 [running]: code.gitea.io/gitea/vendor/github.com/go-macaron/i18n.initLocales(0xc00013ab35, 0x0, 0x53bf87, 0xb, 0xc00029a690, 0x549e08, 0x12, 0xc000118420, 0x16, 0x16, ...) /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/github.com/go-macaron/i18n/i18n.go:57 +0x6de code.gitea.io/gitea/vendor/github.com/go-macaron/i18n.I18n(0xc000540300, 0x1, 0x1, 0x0, 0x0) /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/github.com/go-macaron/i18n/i18n.go:158 +0xed code.gitea.io/gitea/routers/routes.NewMacaron(0xc0001c7900) /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/routers/routes/routes.go:126 +0x7af code.gitea.io/gitea/cmd.runWeb(0xc0001c7900, 0x0, 0x0) /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/cmd/web.go:125 +0xae code.gitea.io/gitea/vendor/github.com/urfave/cli.HandleAction(0x31c280, 0x59aed0, 0xc0001c7900, 0xc0006dafc0, 0x0) /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:471 +0xad code.gitea.io/gitea/vendor/github.com/urfave/cli.(*App).Run(0xc0000e69c0, 0xc0000b4170, 0x1, 0x1, 0x0, 0x0) /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:246 +0x574 main.main() /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/main.go:57 +0x426 (In reply to Adam Weinberger from comment #10) Are you trying to run the Gitea binary directly from the command line? That only works if you supply the command line parameters pretty much the same way the start script does. It would be nice if Gitea would be changed to behave more like a regular daemon, but I haven't had the time to work out any patches, and it seems to me it's not really a priority for the dev team; they're much more interested in the way Docker runs an application (foregruound, log stdout, etc.) `service gitea start` just dumps right back to the command-line and gitea doesn't start. That output came from running what the rc script does: /usr/sbin/daemon -S -l daemon -s debug -T gitea -u git -p /var/run/gitea.pid /usr/bin/env -i GITEA_WORK_DIR=/usr/local/share/gitea GITEA_CUSTOM=/usr/local/etc/gitea HOME=/home/git PATH=/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin USER=git /usr/local/sbin/gitea web Ignore the above. I rebooted and it's happy now. Sorry for the noise. |