pool/gitea-tea
SHA256
17
0
Fork 3
Code Issues Pull Requests 2 Activity

update to 0.12.0 (remove all four patches, currently checking if they are upstream already) #7

Open
michals wants to merge 1 commits from michals/gitea-tea:leap-16.0 into leap-16.0
pull from: michals/gitea-tea:leap-16.0
merge into: pool:leap-16.0
Conversation 10 Commits 1 Files Changed 10 +70 -272
michals commented 2026-02-27 09:21:18 +01:00
Contributor
Copy Link

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/gitea-tea?expand=0&rev=35

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/gitea-tea?expand=0&rev=35
michals added 1 commit 2026-02-27 09:21:19 +01:00
update to 0.12.0 (remove all four patches, currently checking if they are upstream already) 9bd75cd484 
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/gitea-tea?expand=0&rev=35
autogits_workflow_pr_bot requested review from legaldb 2026-02-27 09:21:47 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2026-02-27 09:21:47 +01:00
autogits_workflow_pr_bot requested review from opensuse-review 2026-02-27 09:21:48 +01:00
opensuse-review commented 2026-02-27 09:27:21 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
maintenance-release-review commented 2026-02-27 09:27:30 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2026-02-27 09:35:23 +01:00
Member
Copy Link

Legal review in progress.

Legal review [in progress](https://legaldb.suse.de/reviews/details/507259).
report.md
1.5 KiB
rfrohl commented 2026-03-02 13:52:45 +01:00
First-time contributor
Copy Link

@michals any update on the patches ? Two seem to be security related, probably not the best if we would need to re-add them again.

@michals any update on the patches ? Two seem to be security related, probably not the best if we would need to re-add them again.
michals commented 2026-03-02 14:19:19 +01:00
Author
Contributor
Copy Link

For the config file permission:
git tag --contains f6d4b5fa4fdf4ebb777cc465f9c3ec30c8024548 | cat
v0.12.0

The terminal rendering fix was merged upstream as dfd400f15b54704cdf2791c9c5fe5c1a4efd4089
git tag --contains dfd400f15b54704cdf2791c9c5fe5c1a4efd4089 | cat
v0.12.0

The CVE fixes are more difficult, I did not add nor remove those, and they patch the vendored code, not tea itself.

The x/net version was updated from 0.40 to 0.49

CVE-2025-47911 is GO-2026-4440 and last version affected by this is listed as 0.44, this should be resolved.

CVE-2025-58190 is GO-2026-4441 and last version affected by this is listed as 0.44 as well.

I am not even sure tea is using the html parser in the first place, especially on untrusted input.

For the config file permission: git tag --contains f6d4b5fa4fdf4ebb777cc465f9c3ec30c8024548 | cat v0.12.0 The terminal rendering fix was merged upstream as dfd400f15b54704cdf2791c9c5fe5c1a4efd4089 git tag --contains dfd400f15b54704cdf2791c9c5fe5c1a4efd4089 | cat v0.12.0 The CVE fixes are more difficult, I did not add nor remove those, and they patch the vendored code, not tea itself. The x/net version was updated from 0.40 to 0.49 CVE-2025-47911 is GO-2026-4440 and last version affected by this is listed as 0.44, this should be resolved. CVE-2025-58190 is GO-2026-4441 and last version affected by this is listed as 0.44 as well. I am not even sure tea is using the html parser in the first place, especially on untrusted input.
👍 1
rfrohl commented 2026-03-02 14:32:33 +01:00
First-time contributor
Copy Link

Thanks, was just a bit unsure about the PR title.

Thanks, was just a bit unsure about the PR title.
eroca commented 2026-03-02 15:26:22 +01:00
Owner
Copy Link

@opensuse-review : approve

LGTM

@opensuse-review : approve LGTM
eroca commented 2026-03-02 15:26:23 +01:00
Owner
Copy Link

merge ok

merge ok
opensuse-review approved these changes 2026-03-02 15:27:29 +01:00
opensuse-review left a comment
Member
Copy Link

eroca approved a review on behalf of opensuse-review

eroca approved a review on behalf of opensuse-review
legaldb commented 2026-03-02 17:26:53 +01:00
Member
Copy Link

Legal reviewed by dec16180 as acceptable_by_lawyer:

Reviewed ok
Legal reviewed by *dec16180* as [acceptable_by_lawyer](https://legaldb.suse.de/reviews/details/507259): ``` Reviewed ok ```
report.md
1.5 KiB
legaldb approved these changes 2026-03-02 17:26:53 +01:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u leap-16.0:michals-leap-16.0
git checkout michals-leap-16.0
Sign in to join this conversation.
Reviewers
No Reviewers
maintenance-release-review
opensuse-review
legaldb
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
6 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/gitea-tea#7
Delete Branch "michals/gitea-tea:leap-16.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?