Re: Port has a security update to compile with golang 1.23.6, but we only have 1.23.3
- Reply: Ronald Klop : "Re: Port has a security update to compile with golang 1.23.6, but we only have 1.23.3"
- Reply: Piotr Smyrak : "Re: Port has a security update to compile with golang 1.23.6, but we only have 1.23.3"
- In reply to: Piotr Smyrak : "Re: Port has a security update to compile with golang 1.23.6, but we only have 1.23.3"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 09 Feb 2025 14:08:25 UTC
El dom, 9 feb 2025, 12:43, Piotr Smyrak <ps.ports@smyrak.com> escribió: > On Sun, 9 Feb 2025 09:47:52 +0100 > Moin Rahman <bofh@freebsd.org> wrote: > > > > On Feb 9, 2025, at 09:43, Stefan Bethke <stb@lassitu.de> wrote: > > > > > > Gitea has released their version 1.23.3, which includes this in the > > > release notes > > > (https://github.com/go-gitea/gitea/releases/tag/v1.23.3) > > > > > > * Build Gitea with Golang v1.23.6 to fix security bugs > > > > > > As far as I can tell, the newest Golang package is: > > > go123-1.23.3 Go programming language > > > and the port has 1.23.5. > > > > > > As a port maintainer, how should I go about updating Gitea? Simply > > > bumping the version likely will not incorporate the fixes that have > > > been included in Go 1.23.6? Should I monitor the go123 port and > > > send in the update patch for Gitea once the Go port has been > > > updated? Or send the patch now, and bump port revision once go is > > > at (at least) 1.23.6? > > > > > > > As a non-committer you will eventually submit a PR or Review. So > > notify in the PR/Review that the gitea update should take place after > > Go has been updated to 1.23.6. > > Well, an entry in security/vuxml database is needed. To let people > running the software they shall take their decission whether to stop > running it publicly, to extra protect it, etc. > Can you provide such an entry? If not, where is the specific security bug information to be found? > -- > Piotr Smyrak > >