commit forgejo-longterm for openSUSE:Factory

Tue, 28 Oct 2025 06:49:32 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package forgejo-longterm for 
openSUSE:Factory checked in at 2025-10-28 14:46:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/forgejo-longterm (Old)
 and      /work/SRC/openSUSE:Factory/.forgejo-longterm.new.1980 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "forgejo-longterm"

Tue Oct 28 14:46:59 2025 rev:5 rq:1313901 version:11.0.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/forgejo-longterm/forgejo-longterm.changes        
2025-10-09 15:09:34.278390173 +0200
+++ 
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.1980/forgejo-longterm.changes  
    2025-10-28 14:47:45.973966400 +0100
@@ -1,0 +2,12 @@
+Mon Oct 27 16:28:20 UTC 2025 - Richard Rahl <[email protected]>
+
+- Update to version 11.0.7:
+  * Vulnerability (Critical): prevent writing to out-of-repo symlink
+    destinations while evaluating template repos
+  * Vulnerability (Medium): prevent .forgejo/template from being out-of-repo
+    content
+  * Vulnerability (Medium): return on error if an LFS token cannot be parsed
+  * Vulnerability (Low): prevent commit API from leaking user's hidden email
+    address on valid GPG signed commits
+
+-------------------------------------------------------------------

Old:
----
  forgejo-src-11.0.6.tar.gz
  forgejo-src-11.0.6.tar.gz.asc
  node_modules.sums

New:
----
  forgejo-src-11.0.7.tar.gz
  forgejo-src-11.0.7.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ forgejo-longterm.spec ++++++
--- /var/tmp/diff_new_pack.HA1m5h/_old  2025-10-28 14:47:48.478071713 +0100
+++ /var/tmp/diff_new_pack.HA1m5h/_new  2025-10-28 14:47:48.482071880 +0100
@@ -25,7 +25,7 @@
 %bcond_without apparmor
 %endif
 Name:           forgejo-longterm
-Version:        11.0.6
+Version:        11.0.7
 Release:        0
 Summary:        Self-hostable forge
 License:        GPL-3.0-or-later
@@ -46,12 +46,11 @@
 Source11:       forgejo.firewalld
 Source12:       forgejo-abstraction.apparmor
 Source13:       forgejo-hooks-abstraction.apparmor
-Source14:       node_modules.sums
 Source99:       README.SUSE
 Patch0:         custom-app.ini.patch
 Patch1:         fix-CVE-2025-58190.patch
 Patch2:         fix-CVE-2025-47911.patch
-BuildRequires:  golang(API) >= 1.24
+BuildRequires:  golang(API) >= 1.25
 ## node >= 20
 %if 0%{?suse_version} == 1500
 BuildRequires:  nodejs-devel-default

++++++ forgejo-src-11.0.6.tar.gz -> forgejo-src-11.0.7.tar.gz ++++++
/work/SRC/openSUSE:Factory/forgejo-longterm/forgejo-src-11.0.6.tar.gz 
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.1980/forgejo-src-11.0.7.tar.gz 
differ: char 12, line 1

Reply via email to