Bug 272538

Summary: www/gitea: Update to 1.20.0 (fixes security vulnerabilities)
Product: Ports & Packages Reporter: Stefan Bethke <stb>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Many People CC: fernape, ports-secteam
Priority: --- Flags: fernape: merge-quarterly+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://blog.gitea.com/release-of-1.20.0
Attachments:
Description Flags
patch to bringe the port to 1.20.0 none

Description Stefan Bethke 2023-07-16 21:17:03 UTC 
Created attachment 243426 [details]
patch to bringe the port to 1.20.0

Update port and vuxml

Update gitea to 1.20.0

This release contains two security fixes, many breaking changes, as well as a large number of enhancements and bug fixes. See the release notes for details.

Release notes: 
* https://blog.gitea.com/release-of-1.20.0
* https://github.com/go-gitea/gitea/releases/tag/v1.20.0
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2023-07-17 06:54:32 UTC 
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.

^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval.
--
Attachment -> Details -> maintainer-approval [+]


Thanks!
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-07-17 12:02:54 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=26433938a88c26e618d0512acc3a354dc8eae0a7

commit 26433938a88c26e618d0512acc3a354dc8eae0a7
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2023-07-17 06:56:04 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-07-17 12:01:41 +0000

    www/gitea: Update to 1.20.0 (fixes security vulnerabilities)

    ChangeLog: https://blog.gitea.com/release-of-1.20.0

    PR:             272538
    Reported by:    stb@lassitu.de (maintainer)
    MFH:            2023Q3 (security fixes)

 www/gitea/Makefile | 2 +-
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-07-17 12:29:58 UTC 
A commit in branch 2023Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6386242910c2ed5b66fe7fd54ee294348a07497d

commit 6386242910c2ed5b66fe7fd54ee294348a07497d
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2023-07-17 06:56:04 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-07-17 12:28:10 +0000

    www/gitea: Update to 1.20.0 (fixes security vulnerabilities)

    ChangeLog: https://blog.gitea.com/release-of-1.20.0

    PR:             272538
    Reported by:    stb@lassitu.de (maintainer)
    MFH:            2023Q3 (security fixes)

    (cherry picked from commit 26433938a88c26e618d0512acc3a354dc8eae0a7)

 www/gitea/Makefile | 2 +-
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-07-17 13:08:07 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=878a79c79f8dadaa2f3b2fd38dd8fbaebe80a5f4

commit 878a79c79f8dadaa2f3b2fd38dd8fbaebe80a5f4
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-07-17 06:58:44 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-07-17 13:07:12 +0000

    security/vuxml: record www/gitea vulnerabilities

     * Test if container blob is accessible before mounting
     * Set type="password" on all auth_token fields

    PR:     272538

 security/vuxml/vuln/2023.xml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2023-07-17 13:08:25 UTC 
Committed,

Thank you very much for the VuXML entry!