Re:_git:_c1cc8c5f75f6_-_main_-_www/gitea:_Update_1 .22.2 → 1.22.3 (fixes security vulnerability)

From: Vladimir Druzenko <vvd_at_freebsd.org>
Date: Fri, 18 Oct 2024 13:11:06 UTC
18.10.2024 10:19, Emanuel Haupt пишет:
> Emanuel Haupt <ehaupt@FreeBSD.org> wrote:
>> Emanuel Haupt <ehaupt@FreeBSD.org> wrote:
>>> Vladimir Druzenko <vvd@FreeBSD.org> wrote:
>>>> The branch main has been updated by vvd:
>>>>
>>>> URL:
>>>> https://cgit.FreeBSD.org/ports/commit/?id=c1cc8c5f75f6e85e544498d7dc52e6fe5e2be8e0
>>>>
>>>> commit c1cc8c5f75f6e85e544498d7dc52e6fe5e2be8e0
>>>> Author:     Stefan Bethke <stb@lassitu.de>
>>>> AuthorDate: 2024-10-09 22:25:16 +0000
>>>> Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
>>>> CommitDate: 2024-10-09 22:29:50 +0000
>>>>
>>>>      www/gitea: Update 1.22.2 → 1.22.3 (fixes security
>>>> vulnerability)
>>>>      Changelog:
>>>>      https://github.com/go-gitea/gitea/releases/tag/v1.22.3
>>>>      
>>>>      `su -m` cause checking authorized_keys in wrong place -
>>>> replace it with `su`.
>>>>      PR:     281949 281264
>>>>      MFH:    2024Q4
>>> After this gitea fails to start:
>>>
>>> # /usr/local/etc/rc.d/gitea start
>>> fatal: unrecognized command '/usr/local/sbin/gitea doctor check
>>>> /dev/null' cannot start gitea because of configuration errors. Run
>>>      su -m git -c 'gitea doctor check'
>>> for further details
>>>
>>> Running: su -m git -c 'gitea doctor check' shows no errors.
>>>
>> Patch:
>>
> Fixed in main and 2024Q4

Hello!

This change was made by a maintainer (Stefan Bethke) who does not read 
this mailing list - he is not a committer. Committers cannot test the 
runtime of all updates to all ports that they commit. The maintainer's 
reasons for making this change are described in the PRs listed in the 
commit. Before changing anything, you should write about it in the PR 
where the change was discussed (otherwise, why are we adding the PR 
field to the commit at all?). Even if the maintainer is wrong and this 
change is a mistake, you still need to notify him, and the best place to 
do this is in the PRs listed in the commit.

If I'm wrong somewhere, then write how it should be correct.

-- 
Best regards,
Vladimir Druzenko