On Mon, Nov 05, 2018 at 09:21:50PM +0300, Pavel Korovin wrote:
> Please see attached patch for www/gitea security update, there's remote
> command execution vulnerability, for more info:
> https://github.com/go-gitea/gitea/releases/tag/v1.5.3
Yup, same here but with additional cleanup in post-install.
Feel free to commit either version, OK kn.
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/gitea/Makefile,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile
--- Makefile 4 Sep 2018 12:46:24 -0000 1.13
+++ Makefile 5 Nov 2018 18:42:26 -0000
@@ -2,11 +2,10 @@
COMMENT = compact self-hosted Git service
-VERSION = 1.5.0
+VERSION = 1.5.3
GH_ACCOUNT = go-gitea
GH_PROJECT = gitea
GH_TAGNAME = v${VERSION}
-REVISION = 0
CATEGORIES = www devel
@@ -43,7 +42,7 @@ do-install:
.endfor
post-install:
- @find ${WRKINST} -type f -name '*.beforesubst' -exec rm {} \;
- @find ${WRKINST} -type f -name '*.orig' -exec rm {} \;
+ @find ${WRKINST} -type f \
+ \( -name '*.beforesubst' -o -name '*.orig' \) -delete
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/gitea/distinfo,v
retrieving revision 1.6
diff -u -p -r1.6 distinfo
--- distinfo 20 Aug 2018 07:52:01 -0000 1.6
+++ distinfo 5 Nov 2018 00:28:28 -0000
@@ -1,2 +1,2 @@
-SHA256 (gitea-1.5.0.tar.gz) = Onb/h4I2MB0jJPsM4nBRyeEb7r6hckgTNVwZ0QiUTm8=
-SIZE (gitea-1.5.0.tar.gz) = 18847969
+SHA256 (gitea-1.5.3.tar.gz) = OpSYLR+gVJ4m4shvhZvAndpICpimsHzlaCJX88594Yg=
+SIZE (gitea-1.5.3.tar.gz) = 18866434
