Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package forgejo for openSUSE:Factory checked in at 2025-12-08 11:55:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/forgejo (Old) and /work/SRC/openSUSE:Factory/.forgejo.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "forgejo" Mon Dec 8 11:55:03 2025 rev:39 rq:1321397 version:13.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/forgejo/forgejo.changes 2025-10-28 14:47:42.521821216 +0100 +++ /work/SRC/openSUSE:Factory/.forgejo.new.1939/forgejo.changes 2025-12-08 11:56:13.543197212 +0100 @@ -1,0 +2,27 @@ +Sat Dec 6 21:44:06 UTC 2025 - Richard Rahl <[email protected]> + +- Update to version 13.0.3: + * fix dependency repo perms in Create/RemoveIssueDependency + * draft releases could be read before being published + * misconfigured security checks on tag delete web form + * incorrect logic in "Update PR" did not enforce head branch protection rules + correctly + * issue owner can delete another user's comment's edit history on same issue + * tag protection rules can be bypassed during tag delete operation + * fix: support git clone when /tmp has noexec + * fix: get new session from enginegroup instead of masterengine + * fix: endless redirection loop between /user/settings/change_password and + /user/settings/security + * fix(alt): handle package names with dots in ALT repository + * fix: pull request review comment position + * fix: less restrictive matrix room_id pattern + * fix: add required headers to Pagure migration + * fix: prevent orgs from being added as members of orgs + * fix(api): set all hook event types + * fix: don't show ConEmu OSC escape sequences + * fix: set tag message on tag addition + * fix: construct project links in timeline better +- remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch, + fixed upstream + +------------------------------------------------------------------- Old: ---- fix-CVE-2025-47911.patch fix-CVE-2025-58190.patch forgejo-src-13.0.2.tar.gz forgejo-src-13.0.2.tar.gz.asc New: ---- forgejo-src-13.0.3.tar.gz forgejo-src-13.0.3.tar.gz.asc ----------(Old B)---------- Old: * fix: construct project links in timeline better - remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch, fixed upstream Old: * fix: construct project links in timeline better - remove patches fix-CVE-2025-47911.patch and fix-CVE-2025-58190.patch, fixed upstream ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ forgejo.spec ++++++ --- /var/tmp/diff_new_pack.GXCarY/_old 2025-12-08 11:56:16.247310500 +0100 +++ /var/tmp/diff_new_pack.GXCarY/_new 2025-12-08 11:56:16.255310835 +0100 @@ -25,7 +25,7 @@ %bcond_without apparmor %endif Name: forgejo -Version: 13.0.2 +Version: 13.0.3 Release: 0 Summary: Self-hostable forge License: GPL-3.0-or-later @@ -48,8 +48,6 @@ Source13: forgejo-hooks-abstraction.apparmor Source99: README.SUSE Patch0: custom-app.ini.patch -Patch1: fix-CVE-2025-58190.patch -Patch2: fix-CVE-2025-47911.patch BuildRequires: golang(API) >= 1.25 ## node >= 20 %if 0%{?suse_version} == 1500 ++++++ forgejo-src-13.0.2.tar.gz -> forgejo-src-13.0.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/forgejo/forgejo-src-13.0.2.tar.gz /work/SRC/openSUSE:Factory/.forgejo.new.1939/forgejo-src-13.0.3.tar.gz differ: char 28, line 1
