git: d25483005730 - main - www/forgejo: Update 10.0.3 => 11.0.1 (fix security issues)

Reply: Dag-Erling_Smørgrav : "Re: git: d25483005730 - main - www/forgejo: Update 10.0.3 => 11.0.1 (fix security issues)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Vladimir Druzenko <vvd_at_FreeBSD.org>
Date: Thu, 22 May 2025 20:12:11 UTC
The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d254830057301d80102a0c918a6da9137662950d

commit d254830057301d80102a0c918a6da9137662950d
Author:     Vladimir Druzenko <vvd@FreeBSD.org>
AuthorDate: 2025-05-22 20:05:29 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-05-22 20:05:29 +0000

    www/forgejo: Update 10.0.3 => 11.0.1 (fix security issues)
    
    News:
    https://forgejo.org/2025-04-release-v11-0/
    https://forgejo.org/2025-04-monthly-update/#security-releases-v1101-and-v7015
    
    Relsease notes:
    https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.0.md
    https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.1.md
    
    While here remove go version after default go version was increased to 1.24.
    
    PR:             286296
    Approved by:    Stefan Bethke <stb@lassitu.de> (maintainer, timeout 1 month)
    MFH:            2025Q2
---
 www/forgejo/Makefile        |   5 +-
 www/forgejo/distinfo        |   6 +--
 www/forgejo/files/patch-pam | 115 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 120 insertions(+), 6 deletions(-)

diff --git a/www/forgejo/Makefile b/www/forgejo/Makefile
index ac06b47606cc..13181d0b4382 100644
--- a/www/forgejo/Makefile
+++ b/www/forgejo/Makefile
@@ -1,7 +1,6 @@
 PORTNAME=	forgejo
 DISTVERSIONPREFIX=	v
-DISTVERSION=	10.0.3
-PORTREVISION=	1
+DISTVERSION=	11.0.1
 CATEGORIES=	www
 MASTER_SITES=	https://codeberg.org/forgejo/forgejo/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/
 DISTNAME=	forgejo-src-${DISTVERSION}
@@ -15,7 +14,7 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 
 RUN_DEPENDS=	git:devel/git
 
-USES=		cpe gmake go:1.23,no_targets
+USES=		cpe gmake go:no_targets
 USE_RC_SUBR=	forgejo
 
 CONFLICTS_INSTALL=	forgejo[0-79]*
diff --git a/www/forgejo/distinfo b/www/forgejo/distinfo
index efbe922d8464..0e31c7002884 100644
--- a/www/forgejo/distinfo
+++ b/www/forgejo/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1742780434
-SHA256 (forgejo-src-10.0.3.tar.gz) = 3d1931908bd30774d5d9d9c90e44848a8f6ea57115cb386fc027efdc47271733
-SIZE (forgejo-src-10.0.3.tar.gz) = 57115818
+TIMESTAMP = 1746741570
+SHA256 (forgejo-src-11.0.1.tar.gz) = b8ae645099821e978d096888d17d7e969b05b2b7576ae1d0f4850238305fedd6
+SIZE (forgejo-src-11.0.1.tar.gz) = 55352620
diff --git a/www/forgejo/files/patch-pam b/www/forgejo/files/patch-pam
new file mode 100644
index 000000000000..78e5366e887b
--- /dev/null
+++ b/www/forgejo/files/patch-pam
@@ -0,0 +1,115 @@
+--- vendor/github.com/msteinert/pam/v2/errors.go.orig	2025-05-02 07:02:58 UTC
++++ vendor/github.com/msteinert/pam/v2/errors.go
+@@ -77,15 +77,6 @@ const (
+ 	ErrAuthtokExpired Error = C.PAM_AUTHTOK_EXPIRED
+ 	// ErrModuleUnknown indicates a module is not known.
+ 	ErrModuleUnknown Error = C.PAM_MODULE_UNKNOWN
+-	// ErrBadItem indicates a bad item passed to pam_*_item().
+-	ErrBadItem Error = C.PAM_BAD_ITEM
+-	// ErrConvAgain indicates a conversation function is event driven and data
+-	// is not available yet.
+-	ErrConvAgain Error = C.PAM_CONV_AGAIN
+-	// ErrIncomplete indicates to please call this function again to complete
+-	// authentication stack. Before calling again, verify that conversation
+-	// is completed.
+-	ErrIncomplete Error = C.PAM_INCOMPLETE
+ )
+ 
+ // Error returns the error message for the given status.
+--- vendor/github.com/msteinert/pam/v2/errors_linux.go.orig	1970-01-01 00:00:00 UTC
++++ vendor/github.com/msteinert/pam/v2/errors_linux.go
+@@ -0,0 +1,21 @@
++//go:build linux
++
++package pam
++
++/*
++#include <security/pam_appl.h>
++*/
++import "C"
++
++// Pam Return types
++const (
++	// ErrBadItem indicates a bad item passed to pam_*_item().
++	ErrBadItem Error = C.PAM_BAD_ITEM
++	// ErrConvAgain indicates a conversation function is event driven and data
++	// is not available yet.
++	ErrConvAgain Error = C.PAM_CONV_AGAIN
++	// ErrIncomplete indicates to please call this function again to complete
++	// authentication stack. Before calling again, verify that conversation
++	// is completed.
++	ErrIncomplete Error = C.PAM_INCOMPLETE
++)
+--- vendor/github.com/msteinert/pam/v2/transaction.c.orig	2025-05-02 07:02:58 UTC
++++ vendor/github.com/msteinert/pam/v2/transaction.c
+@@ -47,15 +47,30 @@ void init_pam_conv(struct pam_conv *conv, uintptr_t ap
+ 	conv->appdata_ptr = (void *)appdata;
+ }
+ 
++#ifdef OPENPAM
++int pam_start_confdir(const char *service_name, const char *user, const struct pam_conv *pam_conversation,
++		      const char *confdir, pam_handle_t **pamh)
++{
++	if (pamh != NULL)
++		*pamh = NULL;
++
++	return PAM_SYSTEM_ERR;
++}
++#else
+ // pam_start_confdir is a recent PAM api to declare a confdir (mostly for
+ // tests) weaken the linking dependency to detect if it’s present.
+ int pam_start_confdir(const char *service_name, const char *user, const struct pam_conv *pam_conversation,
+ 		      const char *confdir, pam_handle_t **pamh) __attribute__((weak));
++#endif
+ 
+ int check_pam_start_confdir(void)
+ {
++#ifdef OPENPAM
++	return 1;
++#else
+ 	if (pam_start_confdir == NULL)
+ 		return 1;
+ 
+ 	return 0;
++#endif
+ }
+--- vendor/github.com/msteinert/pam/v2/transaction.go.orig	2025-05-02 07:02:58 UTC
++++ vendor/github.com/msteinert/pam/v2/transaction.go
+@@ -257,14 +257,6 @@ const (
+ 	Ruser Item = C.PAM_RUSER
+ 	// UserPrompt is the string use to prompt for a username.
+ 	UserPrompt Item = C.PAM_USER_PROMPT
+-	// FailDelay is the app supplied function to override failure delays.
+-	FailDelay Item = C.PAM_FAIL_DELAY
+-	// Xdisplay is the X display name
+-	Xdisplay Item = C.PAM_XDISPLAY
+-	// Xauthdata is the X server authentication data.
+-	Xauthdata Item = C.PAM_XAUTHDATA
+-	// AuthtokType is the type for pam_get_authtok
+-	AuthtokType Item = C.PAM_AUTHTOK_TYPE
+ )
+ 
+ // SetItem sets a PAM information item.
+--- vendor/github.com/msteinert/pam/v2/transaction_linux.go.orig	1970-01-01 00:00:00 UTC
++++ vendor/github.com/msteinert/pam/v2/transaction_linux.go
+@@ -0,0 +1,20 @@
++//go:build linux
++
++package pam
++
++/*
++#include <security/pam_appl.h>
++*/
++import "C"
++
++// PAM Item types.
++const (
++	// FailDelay is the app supplied function to override failure delays.
++	FailDelay Item = C.PAM_FAIL_DELAY
++	// Xdisplay is the X display name
++	Xdisplay Item = C.PAM_XDISPLAY
++	// Xauthdata is the X server authentication data.
++	Xauthdata Item = C.PAM_XAUTHDATA
++	// AuthtokType is the type for pam_get_authtok
++	AuthtokType Item = C.PAM_AUTHTOK_TYPE
++)