Date: Fri, 22 Dec 2023 01:24:49 GMT From: Muhammad Moinur Rahman <bofh@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 478a7fab1aa3 - main - www/gitea: Update version 1.21.0=>1.21.3 Message-ID: <202312220124.3BM1OnQv053117@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/ports/commit/?id=478a7fab1aa36ee655d2840c7f282de684ca4d51 commit 478a7fab1aa36ee655d2840c7f282de684ca4d51 Author: Stefan Bethke <stb@lassitu.de> AuthorDate: 2023-12-21 23:19:59 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2023-12-22 01:24:35 +0000 www/gitea: Update version 1.21.0=>1.21.3 - Add relevant vuxml entry - Move pkg-message to SUB_FILES as we are using PREFIX Changelog: https://blog.gitea.com/release-of-1.21.3/ PR: 275742 Approved by: submitter is maintainer --- security/vuxml/vuln/2023.xml | 56 +++++++++++++++++++++++++ www/gitea/Makefile | 5 +-- www/gitea/distinfo | 6 +-- www/gitea/{pkg-message => files/pkg-message.in} | 15 +++++++ 4 files changed, 76 insertions(+), 6 deletions(-) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index d3972f612c23..7de965752d64 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,59 @@ + <vuln vid="b2765c89-a052-11ee-bed2-596753f1a87c"> + <topic>gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.21.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Gitea team reports:</p> + <blockquote cite="https://github.com/go-gitea/gitea/pull/28519">; + <p>Update golang.org/x/crypto</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/go-gitea/gitea/releases/tag/v1.21.3</url>; + </references> + <dates> + <discovery>2023-12-19</discovery> + <entry>2023-12-21</entry> + </dates> + </vuln> + + <vuln vid="482bb980-99a3-11ee-b5f7-6bd56600d90c"> + <topic>gitea -- missing permission checks</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.21.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Gitea team reports:</p> + <blockquote cite="https://github.com/go-gitea/gitea/pull/28406">; + <p>Fix missing check</p> + </blockquote> + <blockquote cite="https://github.com/go-gitea/gitea/pull/28423">; + <p>Do some missing checks</p> + </blockquote> + <p>By crafting an API request, attackers can access the contents of + issues even though the logged-in user does not have access rights to + these issues.</p> + </body> + </description> + <references> + <url>https://github.com/go-gitea/gitea/releases/tag/v1.21.2</url>; + </references> + <dates> + <discovery>2023-08-30</discovery> + <entry>2023-09-10</entry> + </dates> + </vuln> + <vuln vid="0f7598cc-9fe2-11ee-b47f-901b0e9408dc"> <topic>nebula -- security fix for terrapin vulnerability</topic> <affects> diff --git a/www/gitea/Makefile b/www/gitea/Makefile index 287dba7c6138..2d2837e6b440 100644 --- a/www/gitea/Makefile +++ b/www/gitea/Makefile @@ -1,7 +1,6 @@ PORTNAME= gitea DISTVERSIONPREFIX= v -DISTVERSION= 1.21.0 -PORTREVISION= 1 +DISTVERSION= 1.21.3 CATEGORIES= www MASTER_SITES= https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ \ https://dl.gitea.io/gitea/${DISTVERSION}/ @@ -20,7 +19,7 @@ USES= cpe gmake go:1.21,no_targets USE_RC_SUBR= gitea EXTRACT_AFTER_ARGS= --strip-components 1 # since 1.17.0, archive includes gitea-src-VERSION directory -SUB_FILES+= app.ini.sample +SUB_FILES+= app.ini.sample pkg-message SUB_LIST+= GITUSER=${USERS} NO_WRKSUBDIR= yes diff --git a/www/gitea/distinfo b/www/gitea/distinfo index 011dfb106ba4..93f0353acb68 100644 --- a/www/gitea/distinfo +++ b/www/gitea/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1699991932 -SHA256 (gitea-src-1.21.0.tar.gz) = 69b12778b3b5f24aecff08d8e5122e4edf784bda2e4335b77f2bbd0404a11a93 -SIZE (gitea-src-1.21.0.tar.gz) = 53744981 +TIMESTAMP = 1703201941 +SHA256 (gitea-src-1.21.3.tar.gz) = b490bda7bfbe95bde50f4c98478a80b4539344140ad9290d083e9393e83d33bf +SIZE (gitea-src-1.21.3.tar.gz) = 53775315 diff --git a/www/gitea/pkg-message b/www/gitea/files/pkg-message.in similarity index 68% rename from www/gitea/pkg-message rename to www/gitea/files/pkg-message.in index e3393b659d24..f1b18026682e 100644 --- a/www/gitea/pkg-message +++ b/www/gitea/files/pkg-message.in @@ -1,4 +1,19 @@ [ +{ type: upgrade + maximum_version: 1.20.0 + message: <<EOM +Please make sure to empty or maintain the contents of the +%%PREFIX%%/share/gitea folder between your upgrades of gitea. +Changes between versions can break the web UI due to residual +files from earlier versions. + +1.21.0 has a breaking change regarding the public assets folder. In case +you use a proxying webserver serving the files, you need to update your +configuration: + +https://github.com/go-gitea/gitea/pull/25907 +EOM +} { type: upgrade maximum_version: 1.7.6 message: <<EOM
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202312220124.3BM1OnQv053117>