254930 – www/gitea: Update to 1.13.7 (fixes security vulnerabilities)

Bug 254930 - www/gitea: Update to 1.13.7 (fixes security vulnerabilities)

Summary: www/gitea: Update to 1.13.7 (fixes security vulnerabilities)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Adam Weinberger

URL:
Keywords:	needs-qa, security

Depends on:
Blocks:

Reported:	2021-04-09 21:50 UTC by Stefan Bethke
Modified:	2021-04-10 02:09 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	koobs: merge-quarterly+

Attachments
Entry for gitea 1.13.7 (1.23 KB, patch) 2021-04-09 21:53 UTC, Stefan Bethke	no flags	Details \| Diff
Update gite port to 1.13.7 (895 bytes, patch) 2021-04-09 21:54 UTC, Stefan Bethke	stb: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Bethke 2021-04-09 21:50:10 UTC

Release 1.13.7 fixes two security issues, and five bugs.

Release notes:

https://blog.gitea.io/2021/04/gitea-1.13.7-is-released/

Comment 1 Stefan Bethke 2021-04-09 21:52:06 UTC

$ make validate
/bin/sh /usr/home/vagrant/vuxml/files/tidy.sh "/usr/home/vagrant/vuxml/files/tidy.xsl" "/usr/home/vagrant/vuxml/vuln-flat.xml" > "/usr/home/vagrant/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/home/vagrant/vuxml/vuln-flat.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python3.7 /usr/home/vagrant/vuxml/files/extra-validation.py /usr/home/vagrant/vuxml/vuln-flat.xml
Warning: description too long (6137 chars, 5000 is warning threshold): f00b65d8-7ccb-11eb-b3be-e09467587c17)

Comment 2 Stefan Bethke 2021-04-09 21:53:10 UTC

Created attachment 223960 [details]
Entry for gitea 1.13.7

Comment 3 Stefan Bethke 2021-04-09 21:54:36 UTC

Created attachment 223961 [details]
Update gite port to 1.13.7

Comment 4 commit-hook freebsd_committer

2021-04-09 22:10:21 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b3cd19559e13396d1f4da829fb2f2f6a8cd043eb

commit b3cd19559e13396d1f4da829fb2f2f6a8cd043eb
Author:     Adam Weinberger <adamw@FreeBSD.org>
AuthorDate: 2021-04-09 22:08:57 +0000
Commit:     Adam Weinberger <adamw@FreeBSD.org>
CommitDate: 2021-04-09 22:08:57 +0000

    security/vuxml: Add entry for gitea < 1.13.7

    PR:     254930
    Submitted by:   Stefan Bethke

 security/vuxml/vuln.xml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

Comment 5 commit-hook freebsd_committer

2021-04-09 22:10:22 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1b3c61ca16dede523580c3919427e7c09e5c6660

commit 1b3c61ca16dede523580c3919427e7c09e5c6660
Author:     Adam Weinberger <adamw@FreeBSD.org>
AuthorDate: 2021-04-09 22:06:40 +0000
Commit:     Adam Weinberger <adamw@FreeBSD.org>
CommitDate: 2021-04-09 22:06:40 +0000

    www/gitea: Update to 1.13.7

    PR:     254930
    Submitted by:   maintainer

 www/gitea/Makefile | 2 +-
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 6 commit-hook freebsd_committer

2021-04-09 22:12:23 UTC

A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=78ba3b7c50e7f26ba87866cb611ea81d0fee7989

commit 78ba3b7c50e7f26ba87866cb611ea81d0fee7989
Author:     Adam Weinberger <adamw@FreeBSD.org>
AuthorDate: 2021-04-09 22:06:40 +0000
Commit:     Adam Weinberger <adamw@FreeBSD.org>
CommitDate: 2021-04-09 22:11:51 +0000

    www/gitea: Update to 1.13.7

    PR:     254930
    Submitted by:   maintainer

 www/gitea/Makefile | 2 +-
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 7 Adam Weinberger freebsd_committer

2021-04-09 22:15:07 UTC

This is committed and merged to quarterly.