Update Gogs to 0.11.34
This commit is contained in:
parent
76db73f720
commit
fc0fff1bfd
|
@ -1,31 +1,17 @@
|
|||
From 73ef207e99b977f830e8a0d5fc98b8f8d25bb3f6 Mon Sep 17 00:00:00 2001
|
||||
From 70596ab48d0e1f0f1474bbc60a41b0e3cb5931d6 Mon Sep 17 00:00:00 2001
|
||||
From: Martchus <martchus@gmx.net>
|
||||
Date: Sun, 19 Mar 2017 18:03:36 +0100
|
||||
Subject: [PATCH 1/4] Adjust config for Arch Linux package
|
||||
Subject: [PATCH 1/2] Adjust config for Arch Linux package
|
||||
|
||||
---
|
||||
conf/app.ini | 31 +++++++++++++++++++------------
|
||||
1 file changed, 19 insertions(+), 12 deletions(-)
|
||||
conf/app.ini | 24 ++++++++++++------------
|
||||
1 file changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/conf/app.ini b/conf/app.ini
|
||||
index fc43868e9..bc78b8d8c 100644
|
||||
index 8049ce3d..a64cd2ff 100644
|
||||
--- a/conf/app.ini
|
||||
+++ b/conf/app.ini
|
||||
@@ -1,11 +1,18 @@
|
||||
-# !!! NEVER EVER MODIFY THIS FILE !!!
|
||||
-# !!! PLEASE MAKE CHANGES ON CORRESPONDING CUSTOM CONFIG FILE !!!
|
||||
-# !!! IF YOU ARE PACKAGING PROVIDER, PLEASE MAKE OWN COPY OF IT !!!
|
||||
+# Feel free to modify this file!
|
||||
+# In case a new version of this file is availabe, pacman will notify automatically when
|
||||
+# updating and creates the new version as app.ini.pacnew. You can use diff or a similar
|
||||
+# tool to see the changes between your configuration and the new default configuration.
|
||||
+
|
||||
+# There is also a copy of this file under /usr/share/gogs/conf/app.ini in case
|
||||
+# you need to go back.
|
||||
+
|
||||
+# It is also possible to remove all default values and just specify what you want
|
||||
+# to change because /usr/share/gogs/conf/app.ini also serves as fallback.
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
; App name that shows on every page title
|
||||
APP_NAME = Gogs
|
||||
; The name of the system user that runs Gogs
|
||||
|
@ -34,7 +20,7 @@ index fc43868e9..bc78b8d8c 100644
|
|||
; Either "dev", "prod" or "test"
|
||||
RUN_MODE = dev
|
||||
|
||||
@@ -54,16 +61,16 @@ DISABLE_ROUTER_LOG = false
|
||||
@@ -54,16 +54,16 @@ DISABLE_ROUTER_LOG = false
|
||||
; not forget to export the private key):
|
||||
; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
|
||||
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
|
||||
|
@ -55,7 +41,7 @@ index fc43868e9..bc78b8d8c 100644
|
|||
; Application level GZIP support
|
||||
ENABLE_GZIP = false
|
||||
; Landing page for non-logged users, can be "home" or "explore"
|
||||
@@ -71,7 +78,7 @@ LANDING_PAGE = home
|
||||
@@ -71,7 +71,7 @@ LANDING_PAGE = home
|
||||
|
||||
[repository]
|
||||
; Root path for storing repositories's data, default is "~/<username>/gogs-repositories"
|
||||
|
@ -64,7 +50,7 @@ index fc43868e9..bc78b8d8c 100644
|
|||
; The script type server supports, sometimes could be "sh"
|
||||
SCRIPT_TYPE = bash
|
||||
; Default ANSI charset for an unrecognized charset
|
||||
@@ -111,7 +118,7 @@ PREVIEWABLE_FILE_MODES = markdown
|
||||
@@ -111,7 +111,7 @@ PREVIEWABLE_FILE_MODES = markdown
|
||||
; Enable repository file uploads.
|
||||
ENABLED = true
|
||||
; Path to temporarily store uploads (default path gets cleaned by Gogs in every start)
|
||||
|
@ -73,7 +59,16 @@ index fc43868e9..bc78b8d8c 100644
|
|||
; File types that are allowed to be uploaded, e.g. image/jpeg|image/png. Leave empty means allow any file type
|
||||
ALLOWED_TYPES =
|
||||
; Maximum size of each file in MB
|
||||
@@ -170,7 +177,7 @@ PASSWD =
|
||||
@@ -124,7 +124,7 @@ MAX_FILES = 5
|
||||
; Whether attachments are enabled. Defaults to `true`
|
||||
ENABLED = true
|
||||
; Path for attachments. Defaults to `data/attachments`
|
||||
-PATH = data/attachments
|
||||
+PATH = /var/lib/gogs/attachments
|
||||
; One or more allowed types, e.g. image/jpeg|image/png
|
||||
ALLOWED_TYPES = */*
|
||||
; Max size of each file. Defaults to 32MB
|
||||
@@ -170,7 +170,7 @@ PASSWD =
|
||||
; For "postgres" only, either "disable", "require" or "verify-full"
|
||||
SSL_MODE = disable
|
||||
; For "sqlite3" and "tidb", use absolute path when you start as service
|
||||
|
@ -82,7 +77,25 @@ index fc43868e9..bc78b8d8c 100644
|
|||
|
||||
[admin]
|
||||
; Disable regular (non-admin) users to create organizations
|
||||
@@ -315,7 +322,7 @@ FORMAT =
|
||||
@@ -283,7 +283,7 @@ CSRF_COOKIE_NAME = _csrf
|
||||
|
||||
[picture]
|
||||
; Path to store user uploaded avatars
|
||||
-AVATAR_UPLOAD_PATH = data/avatars
|
||||
+AVATAR_UPLOAD_PATH = /var/lib/gogs/avatars
|
||||
; Chinese users can choose "duoshuo"
|
||||
; or a custom avatar source, like: http://cn.gravatar.com/avatar/
|
||||
GRAVATAR_SOURCE = gravatar
|
||||
@@ -299,7 +299,7 @@ ENABLE_FEDERATED_AVATAR = true
|
||||
; Whether attachments are enabled. Defaults to `true`
|
||||
ENABLED = true
|
||||
; Path for attachments. Defaults to `data/attachments`
|
||||
-PATH = data/attachments
|
||||
+PATH = /var/lib/gogs/attachments
|
||||
; One or more allowed types, e.g. image/jpeg|image/png
|
||||
ALLOWED_TYPES = image/jpeg|image/png
|
||||
; Max size of each file. Defaults to 4MB
|
||||
@@ -315,7 +315,7 @@ FORMAT =
|
||||
|
||||
; General settings of loggers
|
||||
[log]
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
From 6c229c932878e189e3a785c337a1c5d1cdbea2c3 Mon Sep 17 00:00:00 2001
|
||||
From 3d8abcd653f46d72c47687e8b4186157f0526401 Mon Sep 17 00:00:00 2001
|
||||
From: Martchus <martchus@gmx.net>
|
||||
Date: Sun, 19 Mar 2017 18:04:48 +0100
|
||||
Subject: [PATCH 2/4] Adjust service file for Arch Linux package
|
||||
Subject: [PATCH 2/2] Adjust service file for Arch Linux package
|
||||
|
||||
---
|
||||
scripts/systemd/gogs.service | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/scripts/systemd/gogs.service b/scripts/systemd/gogs.service
|
||||
index 9f105bf8e..07ffa1f66 100644
|
||||
index 9f105bf8..99ca11e0 100644
|
||||
--- a/scripts/systemd/gogs.service
|
||||
+++ b/scripts/systemd/gogs.service
|
||||
@@ -12,12 +12,12 @@ After=mariadb.service mysqld.service postgresql.service memcached.service redis.
|
||||
|
@ -25,7 +25,7 @@ index 9f105bf8e..07ffa1f66 100644
|
|||
+ExecStart=/usr/bin/gogs web --config /etc/gogs/app.ini
|
||||
Restart=always
|
||||
-Environment=USER=git HOME=/home/git
|
||||
+Environment=USER=gogs HOME=/var/lib/gogs GOGS_CUSTOM=/var/lib/gogs/custom
|
||||
+Environment=USER=gogs HOME=/var/lib/gogs
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
From f331f09bbd849c0aa568f704a09e81ff77fc50f8 Mon Sep 17 00:00:00 2001
|
||||
From: Unknwon <u@gogs.io>
|
||||
Date: Sat, 14 Oct 2017 23:53:20 -0400
|
||||
Subject: [PATCH 3/4] SECURITY: HTML injection in user search API
|
||||
|
||||
Reported by Tim Hawes.
|
||||
---
|
||||
routes/api/v1/user/user.go | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/routes/api/v1/user/user.go b/routes/api/v1/user/user.go
|
||||
index dbf727def..8326eea57 100644
|
||||
--- a/routes/api/v1/user/user.go
|
||||
+++ b/routes/api/v1/user/user.go
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/gogits/gogs/models"
|
||||
"github.com/gogits/gogs/models/errors"
|
||||
"github.com/gogits/gogs/pkg/context"
|
||||
+ "github.com/gogits/gogs/pkg/markup"
|
||||
)
|
||||
|
||||
func Search(c *context.APIContext) {
|
||||
@@ -39,7 +40,7 @@ func Search(c *context.APIContext) {
|
||||
ID: users[i].ID,
|
||||
UserName: users[i].Name,
|
||||
AvatarUrl: users[i].AvatarLink(),
|
||||
- FullName: users[i].FullName,
|
||||
+ FullName: markup.Sanitize(users[i].FullName),
|
||||
}
|
||||
if c.IsLogged {
|
||||
results[i].Email = users[i].Email
|
||||
--
|
||||
2.15.0
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
From 3025fe70a794d70e3422784401f9ad04d0d71032 Mon Sep 17 00:00:00 2001
|
||||
From: Unknwon <u@gogs.io>
|
||||
Date: Sun, 15 Oct 2017 00:07:46 -0400
|
||||
Subject: [PATCH 4/4] SECURITY: fix branch name persistent XSS
|
||||
|
||||
Reported by Carl Hattenfels.
|
||||
---
|
||||
templates/repo/editor/commit_form.tmpl | 3 ++-
|
||||
templates/repo/issue/view_title.tmpl | 2 +-
|
||||
2 files changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl
|
||||
index 6aee9f1d1..6ee6300ff 100644
|
||||
--- a/templates/repo/editor/commit_form.tmpl
|
||||
+++ b/templates/repo/editor/commit_form.tmpl
|
||||
@@ -14,7 +14,8 @@
|
||||
<input type="radio" class="js-quick-pull-choice-option" name="commit_choice" value="direct" {{if eq .commit_choice "direct"}}checked{{end}}>
|
||||
<label>
|
||||
<i class="octicon octicon-git-commit" height="16" width="14"></i>
|
||||
- {{.i18n.Tr "repo.editor.commit_directly_to_this_branch" .BranchName | Safe}}
|
||||
+ {{$branchName := .BranchName | Str2html}}
|
||||
+ {{.i18n.Tr "repo.editor.commit_directly_to_this_branch" $branchName | Safe}}
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
|
||||
index 3f3b62e65..4650ba4c8 100644
|
||||
--- a/templates/repo/issue/view_title.tmpl
|
||||
+++ b/templates/repo/issue/view_title.tmpl
|
||||
@@ -28,7 +28,7 @@
|
||||
{{if .Issue.PullRequest.HasMerged}}
|
||||
{{ $mergedStr:= TimeSince .Issue.PullRequest.Merged $.Lang }}
|
||||
<a {{if gt .Issue.PullRequest.Merger.ID 0}}href="{{.Issue.PullRequest.Merger.HomeLink}}"{{end}}>{{.Issue.PullRequest.Merger.Name}}</a>
|
||||
- <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Safe}}</span>
|
||||
+ <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}</span>
|
||||
{{else}}
|
||||
<a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.Name}}</a>
|
||||
<span class="pull-desc">{{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}}</span>
|
||||
--
|
||||
2.15.0
|
||||
|
|
@ -7,8 +7,8 @@ _orga=gogits
|
|||
_gourl=github.com/gogits/$_pkgname
|
||||
|
||||
pkgname=$_pkgname
|
||||
pkgver=0.11.29
|
||||
pkgrel=4
|
||||
pkgver=0.11.34
|
||||
pkgrel=1
|
||||
epoch=1
|
||||
pkgdesc='Self Hosted Git Service written in Go'
|
||||
arch=('i686' 'x86_64' 'armv6h' 'armv7h')
|
||||
|
@ -28,14 +28,10 @@ backup=("etc/$_pkgname/app.ini")
|
|||
install=$_pkgname.install
|
||||
source=("$_pkgname-$pkgver::https://github.com/$_orga/$_pkgname/archive/v${pkgver}.tar.gz"
|
||||
'0001-Adjust-config-for-Arch-Linux-package.patch'
|
||||
'0002-Adjust-service-file-for-Arch-Linux-package.patch'
|
||||
'0003-SECURITY-HTML-injection-in-user-search-API.patch'
|
||||
'0004-SECURITY-fix-branch-name-persistent-XSS.patch')
|
||||
'0002-Adjust-service-file-for-Arch-Linux-package.patch')
|
||||
sha512sums=('094dd6b5010128b8a68c3b4a2be389593380be527dd1f1c37882cbd7762ae31ff8da824d047acecb9ef31233ab3c576bc5030c90763adfa32d01b5830d12c04b'
|
||||
'43a337ccc0932a8e6f538d24ec8e13a7b509d1e7c4da40d2e76339a67b043090ab648b323c08311f5a62f81db19911138b6ff2c74fb9a869a401571d9b3770c5'
|
||||
'969a29c3d1a9667e285ebd3490a83c5a684fa037a540ba242dcd86fe8294eef0b1247fc996a4926832ba0d8c56b5d843a117c14c7696899cb813b847b861a5cc'
|
||||
'dca31ee707586a2c055f549a36cdfd113def1436dfbb8eaf2358347d66c968fdb265e8832f1c8f8041d0fbddda708f5eac37719ab85040024cdf6eb82568a219'
|
||||
'afafb48f86906db3c1385541eba3d02e028cda087067f4ec467b538cc215d5662ba0af8fe488f4ecbb1f6dff96520c47868c1584239540fb41db8781af6eb792')
|
||||
'969a29c3d1a9667e285ebd3490a83c5a684fa037a540ba242dcd86fe8294eef0b1247fc996a4926832ba0d8c56b5d843a117c14c7696899cb813b847b861a5cc')
|
||||
_goroot='/usr/lib/go'
|
||||
|
||||
prepare() {
|
||||
|
|
Loading…
Reference in New Issue