282387 – www/forgejo: Update 9.0.0 → 9.0.1 (fixes security vulnerabilities)

Bug 282387 - www/forgejo: Update 9.0.0 → 9.0.1 (fixes security vulnerabilities)

Summary: www/forgejo: Update 9.0.0 → 9.0.1 (fixes security vulnerabilities)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Vladimir Druzenko

URL:	https://codeberg.org/forgejo/forgejo/...
Keywords:

Depends on:
Blocks:

Reported:	2024-10-28 16:23 UTC by Stefan Bethke
Modified:	2024-10-29 18:26 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	stb: maintainer-feedback+ vvd: merge-quarterly+

Attachments
update port to 9.0.1 including vuxml entry (3.03 KB, patch) 2024-10-28 16:23 UTC, Stefan Bethke	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Bethke 2024-10-28 16:23:41 UTC

Created attachment 254597 [details]
update port to 9.0.1 including vuxml entry

Release notes: https://codeberg.org/forgejo/forgejo/milestone/8544

Comment 1 commit-hook freebsd_committer

2024-10-29 15:27:19 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=43e383b8b4bd5d8325a83ac4daa1617b8fcae4e0

commit 43e383b8b4bd5d8325a83ac4daa1617b8fcae4e0
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-10-29 15:24:02 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-29 15:24:02 +0000

    security/vuxml: add record for www/forgejo < 9.0.1 and www/forgejo7 < 7.0.10

    https://codeberg.org/forgejo/forgejo/milestone/8544
    https://codeberg.org/forgejo/forgejo/pulls/5719
    https://codeberg.org/forgejo/forgejo/pulls/5718

    PR:     282387

 security/vuxml/vuln/2024.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

Comment 2 commit-hook freebsd_committer

2024-10-29 15:27:20 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b56cd15e5b4777fcc02cc6b3e81e6f096c692f83

commit b56cd15e5b4777fcc02cc6b3e81e6f096c692f83
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-10-29 15:20:59 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-29 15:20:59 +0000

    www/forgejo: Update 9.0.0 → 9.0.1 (fixes security vulnerabilities)

    Changelog:
    https://codeberg.org/forgejo/forgejo/milestone/8544

    PR:     282387
    MFH:    2024Q4

 www/forgejo/Makefile | 2 +-
 www/forgejo/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 3 commit-hook freebsd_committer

2024-10-29 15:48:28 UTC

A commit in branch 2024Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=32a516a2434fbb1fb2e87463cf95c045afc46f36

commit 32a516a2434fbb1fb2e87463cf95c045afc46f36
Author:     Stefan Bethke <stb@lassitu.de>
AuthorDate: 2024-10-29 15:20:59 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2024-10-29 15:47:56 +0000

    www/forgejo: Update 9.0.0 → 9.0.1 (fixes security vulnerabilities)

    Changelog:
    https://codeberg.org/forgejo/forgejo/milestone/8544

    PR:     282387
    MFH:    2024Q4
    (cherry picked from commit b56cd15e5b4777fcc02cc6b3e81e6f096c692f83)

 www/forgejo/Makefile | 2 +-
 www/forgejo/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 4 Vladimir Druzenko freebsd_committer

2024-10-29 15:55:06 UTC

Thanks.

Marko Cupać, www/forgejo7 need update too.

Comment 5 Marko Cupać 2024-10-29 18:10:56 UTC

(In reply to Vladimir Druzenko from comment #4)

Hi,

I have patch ready but forgejo7 needs at least lang/go122 at 1.22.7, while version in ports is still at 1.22.6.

There's bug #281842 waiting to be committed. Any chance to speed it up?

Comment 6 Marko Cupać 2024-10-29 18:26:57 UTC

I submitted patch to upgrade www/forgejo7 to 7.0.10 in bug #282408