On Mon, Nov 05, 2018 at 09:21:50PM +0300, Pavel Korovin wrote: > Please see attached patch for www/gitea security update, there's remote > command execution vulnerability, for more info: > https://github.com/go-gitea/gitea/releases/tag/v1.5.3 Yup, same here but with additional cleanup in post-install.
Feel free to commit either version, OK kn. Index: Makefile =================================================================== RCS file: /cvs/ports/www/gitea/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile 4 Sep 2018 12:46:24 -0000 1.13 +++ Makefile 5 Nov 2018 18:42:26 -0000 @@ -2,11 +2,10 @@ COMMENT = compact self-hosted Git service -VERSION = 1.5.0 +VERSION = 1.5.3 GH_ACCOUNT = go-gitea GH_PROJECT = gitea GH_TAGNAME = v${VERSION} -REVISION = 0 CATEGORIES = www devel @@ -43,7 +42,7 @@ do-install: .endfor post-install: - @find ${WRKINST} -type f -name '*.beforesubst' -exec rm {} \; - @find ${WRKINST} -type f -name '*.orig' -exec rm {} \; + @find ${WRKINST} -type f \ + \( -name '*.beforesubst' -o -name '*.orig' \) -delete .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/www/gitea/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo 20 Aug 2018 07:52:01 -0000 1.6 +++ distinfo 5 Nov 2018 00:28:28 -0000 @@ -1,2 +1,2 @@ -SHA256 (gitea-1.5.0.tar.gz) = Onb/h4I2MB0jJPsM4nBRyeEb7r6hckgTNVwZ0QiUTm8= -SIZE (gitea-1.5.0.tar.gz) = 18847969 +SHA256 (gitea-1.5.3.tar.gz) = OpSYLR+gVJ4m4shvhZvAndpICpimsHzlaCJX88594Yg= +SIZE (gitea-1.5.3.tar.gz) = 18866434