Bug 265526 - www/gitea: Update to 1.16.9 (fixes security vulnerabilities)
Summary: www/gitea: Update to 1.16.9 (fixes security vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Nuno Teixeira
URL: https://github.com/go-gitea/gitea/rel...
Keywords:
Depends on:
Blocks: 265527
  Show dependency treegraph
 
Reported: 2022-07-30 20:47 UTC by Stefan Bethke
Modified: 2022-08-05 18:00 UTC (History)
3 users (show)

See Also:
eduardo: merge-quarterly?

Attachments
patch to bring the port to 1.16.9 (2.03 KB, patch)
2022-07-30 20:47 UTC, Stefan Bethke 		no flags Details | Diff
vuxml.diff (1.17 KB, patch)
2022-08-04 22:48 UTC, Nuno Teixeira 		fluffy: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Bethke 2022-07-30 20:47:27 UTC 
Created attachment 235568 [details]
patch to bring the port to 1.16.9

Update gitea to 1.16.8

This release fixes two security issues and 18 bugs.

Release notes: https://github.com/go-gitea/gitea/releases/tag/v1.16.9

There is also version 1.17.0 that has been just released. I'm suggesting committing this first and MFQ for those users that would like to stay with 1.16 a bit longer, then committing the update to 1.17.0.
Comment 1 Stefan Bethke 2022-07-30 21:26:20 UTC 
See also 265527
Comment 2 Nuno Teixeira freebsd_committer freebsd_triage 2022-07-30 21:29:50 UTC 
Hi,

Could you upload vulxml patch separately so ports-secteam can aprove and also because vulxml commit needs to be committed first.

Thanks
Comment 3 Nuno Teixeira freebsd_committer freebsd_triage 2022-07-30 21:37:41 UTC 
(...)
It could be uploaded to this PR, so no need for opening a new PR.
Comment 4 Nuno Teixeira freebsd_committer freebsd_triage 2022-08-04 22:48:41 UTC 
Created attachment 235683 [details]
vuxml.diff

(from 235568: patch to bring the port to 1.16.9)
Comment 5 Dima Panov freebsd_committer freebsd_triage 2022-08-05 13:55:13 UTC 
Comment on attachment 235683 [details]
vuxml.diff

LGTM
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-08-05 16:37:16 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c15a234456248f4af18d904d4c9a54f01f4d321e

commit c15a234456248f4af18d904d4c9a54f01f4d321e
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2022-08-05 16:33:32 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-08-05 16:36:48 +0000

    security/vuxml: Document Gitea multiple vulnerabilities

     - Add write check for creating Commit status
       https://github.com/go-gitea/gitea/pull/20334

     - Check for permission when fetching user controlled issues
       https://github.com/go-gitea/gitea/pull/20196

    PR:             265526

 security/vuxml/vuln-2022.xml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 7 commit-hook freebsd_committer freebsd_triage 2022-08-05 17:31:23 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2bd42152ca3ba3956f2528cce1e8bf405a5c88e4

commit 2bd42152ca3ba3956f2528cce1e8bf405a5c88e4
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2022-08-05 17:25:57 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-08-05 17:25:57 +0000

    www/gitea: Update to 1.16.9 (fixes security vulnerabilities)

    This release fixes two security issues and 18 bugs

    ChangeLog:      https://github.com/go-gitea/gitea/releases/tag/v1.16.9
    PR:             265526

 www/gitea/Makefile | 3 +--
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 8 commit-hook freebsd_committer freebsd_triage 2022-08-05 17:59:28 UTC 
A commit in branch 2022Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=78231b67e4f25d3234a37429d0b541967ce96f64

commit 78231b67e4f25d3234a37429d0b541967ce96f64
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2022-08-05 17:25:57 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-08-05 17:33:25 +0000

    www/gitea: Update to 1.16.9 (fixes security vulnerabilities)

    This release fixes two security issues and 18 bugs

    ChangeLog:      https://github.com/go-gitea/gitea/releases/tag/v1.16.9
    PR:             265526
    (cherry picked from commit 2bd42152ca3ba3956f2528cce1e8bf405a5c88e4)

 www/gitea/Makefile | 3 +--
 www/gitea/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 9 Nuno Teixeira freebsd_committer freebsd_triage 2022-08-05 18:00:26 UTC 
Committed, thanks!