From be43fb2830c94e23e0d9aa49ef9b982b0ab31e2c Mon Sep 17 00:00:00 2001 From: Stefan Bethke Date: Mon, 17 Jun 2024 19:16:10 +0200 Subject: [PATCH] www/forgejo: update to 7.0.4 (fixes security vulnerabilities) CVE-2024-24789: the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. PR: 279781 Reported by: stb@lassitu.de (maintainer) MFH: 2024Q2 Security: CVE-2024-24789 --- www/forgejo/Makefile | 3 +-- www/forgejo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/www/forgejo/Makefile b/www/forgejo/Makefile index fb6728294317..1f2696736529 100644 --- a/www/forgejo/Makefile +++ b/www/forgejo/Makefile @@ -1,7 +1,6 @@ PORTNAME= forgejo DISTVERSIONPREFIX= v -DISTVERSION= 7.0.3 -PORTREVISION= 1 +DISTVERSION= 7.0.4 CATEGORIES= www MASTER_SITES= https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/ DISTNAME= forgejo-src-${DISTVERSION} diff --git a/www/forgejo/distinfo b/www/forgejo/distinfo index 18205d8b2c4b..e60439031aae 100644 --- a/www/forgejo/distinfo +++ b/www/forgejo/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1716464783 -SHA256 (forgejo-src-7.0.3.tar.gz) = c9e85222eb27508e74a284cb125df7c6d7cfc31f52c62f1e305d2aeb1bdb7abc -SIZE (forgejo-src-7.0.3.tar.gz) = 54895104 +TIMESTAMP = 1718527772 +SHA256 (forgejo-src-7.0.4.tar.gz) = 881e55d92a4145238a8e7a39dd5c64d547c7629361005ded0393f33ec9e6bba4 +SIZE (forgejo-src-7.0.4.tar.gz) = 54935871