From 79c2317ae6ecfb838ebcaafc5783ad66aac32d3c Mon Sep 17 00:00:00 2001 From: Tomáš Mózes Date: Fri, 22 Jul 2022 10:56:19 +0000 Subject: www-apps/gitea: security bump to 1.16.9, drop vulnerable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: https://bugs.gentoo.org/857819 Signed-off-by: Tomáš Mózes Closes: https://github.com/gentoo/gentoo/pull/26516 Signed-off-by: Joonas Niilola --- www-apps/gitea/Manifest | 2 +- www-apps/gitea/gitea-1.16.8.ebuild | 125 ------------------------------------- www-apps/gitea/gitea-1.16.9.ebuild | 125 +++++++++++++++++++++++++++++++++++++ 3 files changed, 126 insertions(+), 126 deletions(-) delete mode 100644 www-apps/gitea/gitea-1.16.8.ebuild create mode 100644 www-apps/gitea/gitea-1.16.9.ebuild (limited to 'www-apps') diff --git a/www-apps/gitea/Manifest b/www-apps/gitea/Manifest index 1313daf5d6d6..8ebe013ceeee 100644 --- a/www-apps/gitea/Manifest +++ b/www-apps/gitea/Manifest @@ -1,2 +1,2 @@ DIST gitea-1.16.7.tar.gz 53657579 BLAKE2B ae9d67fa633bcc5156036f033a4ed084b5b6ac0d71ec6a1ec0d0c88848233f3f0f0c22ca1c33289dc0e9950a8b299e26a88417e03643972f6721f94097b37d85 SHA512 7a31330e46078e215eecfbb2ec28373be1a176790720afbcf9674f3530d66f300d8ef9e47b9b9124cda9ce585d26d40c975e4897e5a3477dcec28b6f2b16735c -DIST gitea-1.16.8.tar.gz 53659731 BLAKE2B ee35388d9fc5ba202d9b013e36b12771e55bc3d26256ec11ab1f1441b1db62e5b4e9972970b3f926d714edc40ac3b2e5daae47a16e2d76e4e49a1c367490cb02 SHA512 f502a07c886cc2f15615693a90eda128478d0de833cbe18993ed1f5a1a81f45591b2c00791f8024eda97d948991838b2dc95fab189695179631df47e4d587419 +DIST gitea-1.16.9.tar.gz 53660093 BLAKE2B f289a6525b046efa56b0250a997c1b1957c58447b87d7b0f5a65754ff3278da5dd37e1cf090b6d27c61d779fe2f19c4405aff9be526c5689935fba88c8488ad5 SHA512 b27da6b77ac33829ba3108e54c8fab59fe80f2ce88cc5eeb95ec38186da4b34508cdfb1a5fe0a68013001403a69080ebddb8d5116a73e1cf47e27ee4cc3095f1 diff --git a/www-apps/gitea/gitea-1.16.8.ebuild b/www-apps/gitea/gitea-1.16.8.ebuild deleted file mode 100644 index a816c920b1b9..000000000000 --- a/www-apps/gitea/gitea-1.16.8.ebuild +++ /dev/null @@ -1,125 +0,0 @@ -# Copyright 2016-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit fcaps go-module tmpfiles systemd flag-o-matic - -DESCRIPTION="A painless self-hosted Git service" -HOMEPAGE="https://gitea.io https://github.com/go-gitea/gitea" - -if [[ ${PV} == *9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/go-gitea/gitea.git" -else - SRC_URI="https://github.com/go-gitea/gitea/releases/download/v${PV}/gitea-src-${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~amd64 ~arm ~arm64 ~x86" -fi - -S="${WORKDIR}" - -LICENSE="Apache-2.0 BSD BSD-2 ISC MIT MPL-2.0" -SLOT="0" -IUSE="+acct pam sqlite pie" - -DEPEND=" - acct? ( - acct-group/git - acct-user/git[gitea] ) - pam? ( sys-libs/pam )" -RDEPEND="${DEPEND} - dev-vcs/git" - -DOCS=( - custom/conf/app.example.ini CONTRIBUTING.md README.md -) -FILECAPS=( - -m 711 cap_net_bind_service+ep usr/bin/gitea -) - -RESTRICT="test" - -src_prepare() { - default - - local sedcmds=( - -e "s#^ROOT =#ROOT = ${EPREFIX}/var/lib/gitea/gitea-repositories#" - -e "s#^ROOT_PATH =#ROOT_PATH = ${EPREFIX}/var/log/gitea#" - -e "s#^APP_DATA_PATH = data#APP_DATA_PATH = ${EPREFIX}/var/lib/gitea/data#" - -e "s#^HTTP_ADDR = 0.0.0.0#HTTP_ADDR = 127.0.0.1#" - -e "s#^MODE = console#MODE = file#" - -e "s#^LEVEL = Trace#LEVEL = Info#" - -e "s#^LOG_SQL = true#LOG_SQL = false#" - -e "s#^DISABLE_ROUTER_LOG = false#DISABLE_ROUTER_LOG = true#" - ) - - sed -i "${sedcmds[@]}" custom/conf/app.example.ini || die - if use sqlite ; then - sed -i -e "s#^DB_TYPE = .*#DB_TYPE = sqlite3#" custom/conf/app.example.ini || die - fi -} - -src_configure() { - # bug 832756 - PIE build issues - filter-flags -fPIE - filter-ldflags -fPIE -pie -} - -src_compile() { - local gitea_tags=( - bindata - $(usev pam) - $(usex sqlite 'sqlite sqlite_unlock_notify' '') - ) - local gitea_settings=( - "-X code.gitea.io/gitea/modules/setting.CustomConf=${EPREFIX}/etc/gitea/app.ini" - "-X code.gitea.io/gitea/modules/setting.CustomPath=${EPREFIX}/var/lib/gitea/custom" - "-X code.gitea.io/gitea/modules/setting.AppWorkPath=${EPREFIX}/var/lib/gitea" - ) - local makeenv=( - DRONE_TAG="${PV}" - LDFLAGS="-extldflags \"${LDFLAGS}\" ${gitea_settings[*]}" - TAGS="${gitea_tags[*]}" - ) - - GOFLAGS="" - if use pie ; then - GOFLAGS+="-buildmode=pie" - fi - - env "${makeenv[@]}" emake EXTRA_GOFLAGS="${GOFLAGS}" backend -} - -src_install() { - dobin gitea - - einstalldocs - - newconfd "${FILESDIR}/gitea.confd-r1" gitea - newinitd "${FILESDIR}/gitea.initd-r3" gitea - newtmpfiles - gitea.conf <<-EOF - d /run/gitea 0755 git git - EOF - systemd_newunit "${FILESDIR}"/gitea.service-r3 gitea.service - - insinto /etc/gitea - newins custom/conf/app.example.ini app.ini - if use acct; then - fowners root:git /etc/gitea/{,app.ini} - fperms g+w,o-rwx /etc/gitea/{,app.ini} - - diropts -m0750 -o git -g git - keepdir /var/lib/gitea /var/lib/gitea/custom /var/lib/gitea/data - keepdir /var/log/gitea - fi -} - -pkg_postinst() { - fcaps_pkg_postinst - tmpfiles_process gitea.conf - - ewarn "The default JWT signing algorithm changed in 1.15.0 from HS256 (symmetric) to" - ewarn "RS256 (asymmetric). Gitea OAuth2 tokens (and potentially client secrets) will" - ewarn "need to be regenerated unless you change your JWT_SIGNING_ALGORITHM back to HS256." - ewarn "For other breaking changes, see ." -} diff --git a/www-apps/gitea/gitea-1.16.9.ebuild b/www-apps/gitea/gitea-1.16.9.ebuild new file mode 100644 index 000000000000..a816c920b1b9 --- /dev/null +++ b/www-apps/gitea/gitea-1.16.9.ebuild @@ -0,0 +1,125 @@ +# Copyright 2016-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit fcaps go-module tmpfiles systemd flag-o-matic + +DESCRIPTION="A painless self-hosted Git service" +HOMEPAGE="https://gitea.io https://github.com/go-gitea/gitea" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/go-gitea/gitea.git" +else + SRC_URI="https://github.com/go-gitea/gitea/releases/download/v${PV}/gitea-src-${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +fi + +S="${WORKDIR}" + +LICENSE="Apache-2.0 BSD BSD-2 ISC MIT MPL-2.0" +SLOT="0" +IUSE="+acct pam sqlite pie" + +DEPEND=" + acct? ( + acct-group/git + acct-user/git[gitea] ) + pam? ( sys-libs/pam )" +RDEPEND="${DEPEND} + dev-vcs/git" + +DOCS=( + custom/conf/app.example.ini CONTRIBUTING.md README.md +) +FILECAPS=( + -m 711 cap_net_bind_service+ep usr/bin/gitea +) + +RESTRICT="test" + +src_prepare() { + default + + local sedcmds=( + -e "s#^ROOT =#ROOT = ${EPREFIX}/var/lib/gitea/gitea-repositories#" + -e "s#^ROOT_PATH =#ROOT_PATH = ${EPREFIX}/var/log/gitea#" + -e "s#^APP_DATA_PATH = data#APP_DATA_PATH = ${EPREFIX}/var/lib/gitea/data#" + -e "s#^HTTP_ADDR = 0.0.0.0#HTTP_ADDR = 127.0.0.1#" + -e "s#^MODE = console#MODE = file#" + -e "s#^LEVEL = Trace#LEVEL = Info#" + -e "s#^LOG_SQL = true#LOG_SQL = false#" + -e "s#^DISABLE_ROUTER_LOG = false#DISABLE_ROUTER_LOG = true#" + ) + + sed -i "${sedcmds[@]}" custom/conf/app.example.ini || die + if use sqlite ; then + sed -i -e "s#^DB_TYPE = .*#DB_TYPE = sqlite3#" custom/conf/app.example.ini || die + fi +} + +src_configure() { + # bug 832756 - PIE build issues + filter-flags -fPIE + filter-ldflags -fPIE -pie +} + +src_compile() { + local gitea_tags=( + bindata + $(usev pam) + $(usex sqlite 'sqlite sqlite_unlock_notify' '') + ) + local gitea_settings=( + "-X code.gitea.io/gitea/modules/setting.CustomConf=${EPREFIX}/etc/gitea/app.ini" + "-X code.gitea.io/gitea/modules/setting.CustomPath=${EPREFIX}/var/lib/gitea/custom" + "-X code.gitea.io/gitea/modules/setting.AppWorkPath=${EPREFIX}/var/lib/gitea" + ) + local makeenv=( + DRONE_TAG="${PV}" + LDFLAGS="-extldflags \"${LDFLAGS}\" ${gitea_settings[*]}" + TAGS="${gitea_tags[*]}" + ) + + GOFLAGS="" + if use pie ; then + GOFLAGS+="-buildmode=pie" + fi + + env "${makeenv[@]}" emake EXTRA_GOFLAGS="${GOFLAGS}" backend +} + +src_install() { + dobin gitea + + einstalldocs + + newconfd "${FILESDIR}/gitea.confd-r1" gitea + newinitd "${FILESDIR}/gitea.initd-r3" gitea + newtmpfiles - gitea.conf <<-EOF + d /run/gitea 0755 git git + EOF + systemd_newunit "${FILESDIR}"/gitea.service-r3 gitea.service + + insinto /etc/gitea + newins custom/conf/app.example.ini app.ini + if use acct; then + fowners root:git /etc/gitea/{,app.ini} + fperms g+w,o-rwx /etc/gitea/{,app.ini} + + diropts -m0750 -o git -g git + keepdir /var/lib/gitea /var/lib/gitea/custom /var/lib/gitea/data + keepdir /var/log/gitea + fi +} + +pkg_postinst() { + fcaps_pkg_postinst + tmpfiles_process gitea.conf + + ewarn "The default JWT signing algorithm changed in 1.15.0 from HS256 (symmetric) to" + ewarn "RS256 (asymmetric). Gitea OAuth2 tokens (and potentially client secrets) will" + ewarn "need to be regenerated unless you change your JWT_SIGNING_ALGORITHM back to HS256." + ewarn "For other breaking changes, see ." +} -- cgit v1.2.3-65-gdbad