Bug 246892 - www/gitea: Update to 1.11.6 (fixes security vulnerabilities)
Summary: www/gitea: Update to 1.11.6 (fixes security vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Adam Weinberger
URL: https://github.com/go-gitea/gitea/rel...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2020-05-31 09:19 UTC by stb
Modified: 2020-05-31 11:00 UTC (History)
2 users (show)

See Also:
koobs: merge-quarterly?


Attachments
patch to update gite aport to 1.11.6 (874 bytes, patch)
2020-05-31 09:21 UTC, stb
no flags Details | Diff
vuxml entry for the two security vulnerabilities (1.33 KB, patch)
2020-05-31 09:28 UTC, stb
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description stb 2020-05-31 09:19:54 UTC
Update Gitea to 1.11.6

This release fixes two security issues and 14 bugs.

Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.11.6

And despite /some/ work being done on the invalid Go template syntax for the Wiki pages, the main bug has not been fixed and merged, so the patch still is required.
Comment 1 stb 2020-05-31 09:21:13 UTC
Created attachment 215095 [details]
patch to update gite aport to 1.11.6
Comment 2 stb 2020-05-31 09:28:01 UTC
Created attachment 215096 [details]
vuxml entry for the two security vulnerabilities
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2020-05-31 09:30:15 UTC
Thank you for your report and patches

^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval

Attachment -> Details -> maintainer-approval [+]
Comment 4 commit-hook freebsd_committer 2020-05-31 10:52:06 UTC
A commit references this bug:

Author: adamw
Date: Sun May 31 10:51:55 UTC 2020
New revision: 537149
URL: https://svnweb.freebsd.org/changeset/ports/537149

Log:
  gitea: Update to 1.11.6

  Update Gitea to 1.11.6

  This release fixes two security issues and 14 bugs.

  Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.11.6

  And despite /some/ work being done on the invalid Go template syntax for the
  Wiki pages, the main bug has not been fixed and merged, so the patch still is
  required.

  PR:		246892
  Submitted by:	maintainer
  MFH:		2020Q2
  Relnotes:	https://github.com/go-gitea/gitea/releases/tag/v1.11.6
  Security:	yes, see Relnotes

Changes:
  head/www/gitea/Makefile
  head/www/gitea/distinfo
Comment 5 commit-hook freebsd_committer 2020-05-31 10:54:07 UTC
A commit references this bug:

Author: adamw
Date: Sun May 31 10:53:13 UTC 2020
New revision: 537150
URL: https://svnweb.freebsd.org/changeset/ports/537150

Log:
  VuXML: Add entry for gitea < 1.11.6

  PR:		246892
  Submitted by:	maintainer

Changes:
  head/security/vuxml/vuln.xml
Comment 6 commit-hook freebsd_committer 2020-05-31 10:59:11 UTC
A commit references this bug:

Author: adamw
Date: Sun May 31 10:58:30 UTC 2020
New revision: 537152
URL: https://svnweb.freebsd.org/changeset/ports/537152

Log:
  MFH: r534858 r537149

  gitea: Update to 1.11.5

  This release fixes 22 bugs, and includes two enhancements.

  Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.11.5

  PR:		246353
  Submitted by:	maintainer

  gitea: Update to 1.11.6

  Update Gitea to 1.11.6

  This release fixes two security issues and 14 bugs.

  Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.11.6

  And despite /some/ work being done on the invalid Go template syntax for the
  Wiki pages, the main bug has not been fixed and merged, so the patch still is
  required.

  PR:		246892
  Submitted by:	maintainer
  Relnotes:	https://github.com/go-gitea/gitea/releases/tag/v1.11.6
  Security:	yes, see Relnotes

  Approved by:	portmgr (with hat)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/www/gitea/Makefile
  branches/2020Q2/www/gitea/distinfo
Comment 7 Adam Weinberger freebsd_committer 2020-05-31 11:00:16 UTC
Committed. We both missed resetting PORTREVISION, oops.