Update Gogs to 0.11.34

2017-11-23 23:31:18 +01:00 · 2017-11-23 23:31:18 +01:00 · fc0fff1bfd
parent 76db73f720
commit fc0fff1bfd
5 changed files with 46 additions and 112 deletions
--- a/gogs/default/0001-Adjust-config-for-Arch-Linux-package.patch
+++ b/gogs/default/0001-Adjust-config-for-Arch-Linux-package.patch
@ -1,31 +1,17 @@
-From 73ef207e99b977f830e8a0d5fc98b8f8d25bb3f6 Mon Sep 17 00:00:00 2001
+From 70596ab48d0e1f0f1474bbc60a41b0e3cb5931d6 Mon Sep 17 00:00:00 2001
 From: Martchus <martchus@gmx.net>
 Date: Sun, 19 Mar 2017 18:03:36 +0100
-Subject: [PATCH 1/4] Adjust config for Arch Linux package
+Subject: [PATCH 1/2] Adjust config for Arch Linux package

 ---
- conf/app.ini | 31 +++++++++++++++++++------------
- 1 file changed, 19 insertions(+), 12 deletions(-)
+ conf/app.ini | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)

 diff --git a/conf/app.ini b/conf/app.ini
-index fc43868e9..bc78b8d8c 100644
+index 8049ce3d..a64cd2ff 100644
 --- a/conf/app.ini
 +++ b/conf/app.ini
-@@ -1,11 +1,18 @@
-# !!! NEVER EVER MODIFY THIS FILE !!!
-# !!! PLEASE MAKE CHANGES ON CORRESPONDING CUSTOM CONFIG FILE !!!
-# !!! IF YOU ARE PACKAGING PROVIDER, PLEASE MAKE OWN COPY OF IT !!!
-+# Feel free to modify this file!
-+# In case a new version of this file is availabe, pacman will notify automatically when
-+# updating and creates the new version as app.ini.pacnew. You can use diff or a similar
-+# tool to see the changes between your configuration and the new default configuration.
-+
-+# There is also a copy of this file under /usr/share/gogs/conf/app.ini in case
-+# you need to go back.
-+
-+# It is also possible to remove all default values and just specify what you want
-+# to change because /usr/share/gogs/conf/app.ini also serves as fallback.
- 
+@@ -5,7 +5,7 @@
 ; App name that shows on every page title
 APP_NAME = Gogs
 ; The name of the system user that runs Gogs
@ -34,7 +20,7 @@ index fc43868e9..bc78b8d8c 100644
 ; Either "dev", "prod" or "test"
 RUN_MODE = dev
 
-@@ -54,16 +61,16 @@ DISABLE_ROUTER_LOG = false
+@@ -54,16 +54,16 @@ DISABLE_ROUTER_LOG = false
 ; not forget to export the private key):
 ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
 ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
@ -55,7 +41,7 @@ index fc43868e9..bc78b8d8c 100644
 ; Application level GZIP support
 ENABLE_GZIP = false
 ; Landing page for non-logged users, can be "home" or "explore"
-@@ -71,7 +78,7 @@ LANDING_PAGE = home
+@@ -71,7 +71,7 @@ LANDING_PAGE = home
 
 [repository]
 ; Root path for storing repositories's data, default is "~/<username>/gogs-repositories"
@ -64,7 +50,7 @@ index fc43868e9..bc78b8d8c 100644
 ; The script type server supports, sometimes could be "sh"
 SCRIPT_TYPE = bash
 ; Default ANSI charset for an unrecognized charset
-@@ -111,7 +118,7 @@ PREVIEWABLE_FILE_MODES = markdown
+@@ -111,7 +111,7 @@ PREVIEWABLE_FILE_MODES = markdown
 ; Enable repository file uploads.
 ENABLED = true
 ; Path to temporarily store uploads (default path gets cleaned by Gogs in every start)
@ -73,7 +59,16 @@ index fc43868e9..bc78b8d8c 100644
 ; File types that are allowed to be uploaded, e.g. image/jpeg|image/png. Leave empty means allow any file type
 ALLOWED_TYPES =
 ; Maximum size of each file in MB
-@@ -170,7 +177,7 @@ PASSWD =
+@@ -124,7 +124,7 @@ MAX_FILES = 5
+ ; Whether attachments are enabled. Defaults to `true`
+ ENABLED = true
+ ; Path for attachments. Defaults to `data/attachments`
+-PATH = data/attachments
+PATH = /var/lib/gogs/attachments
+ ; One or more allowed types, e.g. image/jpeg|image/png
+ ALLOWED_TYPES = */*
+ ; Max size of each file. Defaults to 32MB
+@@ -170,7 +170,7 @@ PASSWD =
 ; For "postgres" only, either "disable", "require" or "verify-full"
 SSL_MODE = disable
 ; For "sqlite3" and "tidb", use absolute path when you start as service
@ -82,7 +77,25 @@ index fc43868e9..bc78b8d8c 100644
 
 [admin]
 ; Disable regular (non-admin) users to create organizations
-@@ -315,7 +322,7 @@ FORMAT =
+@@ -283,7 +283,7 @@ CSRF_COOKIE_NAME = _csrf
+ 
+ [picture]
+ ; Path to store user uploaded avatars
+-AVATAR_UPLOAD_PATH = data/avatars
+AVATAR_UPLOAD_PATH = /var/lib/gogs/avatars
+ ; Chinese users can choose "duoshuo"
+ ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+ GRAVATAR_SOURCE = gravatar
+@@ -299,7 +299,7 @@ ENABLE_FEDERATED_AVATAR = true
+ ; Whether attachments are enabled. Defaults to `true`
+ ENABLED = true
+ ; Path for attachments. Defaults to `data/attachments`
+-PATH = data/attachments
+PATH = /var/lib/gogs/attachments
+ ; One or more allowed types, e.g. image/jpeg|image/png
+ ALLOWED_TYPES = image/jpeg|image/png
+ ; Max size of each file. Defaults to 4MB
+@@ -315,7 +315,7 @@ FORMAT =
 
 ; General settings of loggers
 [log]
--- a/gogs/default/0002-Adjust-service-file-for-Arch-Linux-package.patch
+++ b/gogs/default/0002-Adjust-service-file-for-Arch-Linux-package.patch
@ -1,14 +1,14 @@
-From 6c229c932878e189e3a785c337a1c5d1cdbea2c3 Mon Sep 17 00:00:00 2001
+From 3d8abcd653f46d72c47687e8b4186157f0526401 Mon Sep 17 00:00:00 2001
 From: Martchus <martchus@gmx.net>
 Date: Sun, 19 Mar 2017 18:04:48 +0100
-Subject: [PATCH 2/4] Adjust service file for Arch Linux package
+Subject: [PATCH 2/2] Adjust service file for Arch Linux package

 ---
 scripts/systemd/gogs.service | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

 diff --git a/scripts/systemd/gogs.service b/scripts/systemd/gogs.service
-index 9f105bf8e..07ffa1f66 100644
+index 9f105bf8..99ca11e0 100644
 --- a/scripts/systemd/gogs.service
 +++ b/scripts/systemd/gogs.service
@@ -12,12 +12,12 @@ After=mariadb.service mysqld.service postgresql.service memcached.service redis.
@ -25,7 +25,7 @@ index 9f105bf8e..07ffa1f66 100644
 +ExecStart=/usr/bin/gogs web --config /etc/gogs/app.ini
 Restart=always
 -Environment=USER=git HOME=/home/git
-+Environment=USER=gogs HOME=/var/lib/gogs GOGS_CUSTOM=/var/lib/gogs/custom
+Environment=USER=gogs HOME=/var/lib/gogs
 
 [Install]
 WantedBy=multi-user.target
--- a/gogs/default/0003-SECURITY-HTML-injection-in-user-search-API.patch
+++ b/gogs/default/0003-SECURITY-HTML-injection-in-user-search-API.patch
@ -1,34 +0,0 @@
-From f331f09bbd849c0aa568f704a09e81ff77fc50f8 Mon Sep 17 00:00:00 2001
-From: Unknwon <u@gogs.io>
-Date: Sat, 14 Oct 2017 23:53:20 -0400
-Subject: [PATCH 3/4] SECURITY: HTML injection in user search API
-
-Reported by Tim Hawes.
---
- routes/api/v1/user/user.go | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/routes/api/v1/user/user.go b/routes/api/v1/user/user.go
-index dbf727def..8326eea57 100644
--- a/routes/api/v1/user/user.go
-+++ b/routes/api/v1/user/user.go
-@@ -12,6 +12,7 @@ import (
- 	"github.com/gogits/gogs/models"
- 	"github.com/gogits/gogs/models/errors"
- 	"github.com/gogits/gogs/pkg/context"
-+	"github.com/gogits/gogs/pkg/markup"
- )
- 
- func Search(c *context.APIContext) {
-@@ -39,7 +40,7 @@ func Search(c *context.APIContext) {
- 			ID:        users[i].ID,
- 			UserName:  users[i].Name,
- 			AvatarUrl: users[i].AvatarLink(),
-			FullName:  users[i].FullName,
-+			FullName:  markup.Sanitize(users[i].FullName),
- 		}
- 		if c.IsLogged {
- 			results[i].Email = users[i].Email
-- 
-2.15.0
-
--- a/gogs/default/0004-SECURITY-fix-branch-name-persistent-XSS.patch
+++ b/gogs/default/0004-SECURITY-fix-branch-name-persistent-XSS.patch
@ -1,41 +0,0 @@
-From 3025fe70a794d70e3422784401f9ad04d0d71032 Mon Sep 17 00:00:00 2001
-From: Unknwon <u@gogs.io>
-Date: Sun, 15 Oct 2017 00:07:46 -0400
-Subject: [PATCH 4/4] SECURITY: fix branch name persistent XSS
-
-Reported by Carl Hattenfels.
---
- templates/repo/editor/commit_form.tmpl | 3 ++-
- templates/repo/issue/view_title.tmpl   | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl
-index 6aee9f1d1..6ee6300ff 100644
--- a/templates/repo/editor/commit_form.tmpl
-+++ b/templates/repo/editor/commit_form.tmpl
-@@ -14,7 +14,8 @@
- 					<input type="radio" class="js-quick-pull-choice-option" name="commit_choice" value="direct" {{if eq .commit_choice "direct"}}checked{{end}}>
- 					<label>
- 						<i class="octicon octicon-git-commit" height="16" width="14"></i>
-						{{.i18n.Tr "repo.editor.commit_directly_to_this_branch" .BranchName | Safe}}
-+						{{$branchName := .BranchName | Str2html}}
-+						{{.i18n.Tr "repo.editor.commit_directly_to_this_branch" $branchName | Safe}}
- 					</label>
- 				</div>
- 			</div>
-diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl
-index 3f3b62e65..4650ba4c8 100644
--- a/templates/repo/issue/view_title.tmpl
-+++ b/templates/repo/issue/view_title.tmpl
-@@ -28,7 +28,7 @@
- 		{{if .Issue.PullRequest.HasMerged}}
- 			{{ $mergedStr:= TimeSince .Issue.PullRequest.Merged $.Lang }}
- 			<a {{if gt .Issue.PullRequest.Merger.ID 0}}href="{{.Issue.PullRequest.Merger.HomeLink}}"{{end}}>{{.Issue.PullRequest.Merger.Name}}</a>
-			<span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Safe}}</span>
-+			<span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}</span>
- 		{{else}}
- 			<a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.Name}}</a>
- 			<span class="pull-desc">{{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}}</span>
-- 
-2.15.0
-
--- a/gogs/default/PKGBUILD
+++ b/gogs/default/PKGBUILD
@ -7,8 +7,8 @@ _orga=gogits
 _gourl=github.com/gogits/$_pkgname

 pkgname=$_pkgname
-pkgver=0.11.29
-pkgrel=4
+pkgver=0.11.34
+pkgrel=1
 epoch=1
 pkgdesc='Self Hosted Git Service written in Go'
 arch=('i686' 'x86_64' 'armv6h' 'armv7h')
@ -28,14 +28,10 @@ backup=("etc/$_pkgname/app.ini")
 install=$_pkgname.install
 source=("$_pkgname-$pkgver::https://github.com/$_orga/$_pkgname/archive/v${pkgver}.tar.gz"
        '0001-Adjust-config-for-Arch-Linux-package.patch'
-        '0002-Adjust-service-file-for-Arch-Linux-package.patch'
-        '0003-SECURITY-HTML-injection-in-user-search-API.patch'
-        '0004-SECURITY-fix-branch-name-persistent-XSS.patch')
+        '0002-Adjust-service-file-for-Arch-Linux-package.patch')
 sha512sums=('094dd6b5010128b8a68c3b4a2be389593380be527dd1f1c37882cbd7762ae31ff8da824d047acecb9ef31233ab3c576bc5030c90763adfa32d01b5830d12c04b'
            '43a337ccc0932a8e6f538d24ec8e13a7b509d1e7c4da40d2e76339a67b043090ab648b323c08311f5a62f81db19911138b6ff2c74fb9a869a401571d9b3770c5'
-            '969a29c3d1a9667e285ebd3490a83c5a684fa037a540ba242dcd86fe8294eef0b1247fc996a4926832ba0d8c56b5d843a117c14c7696899cb813b847b861a5cc'
-            'dca31ee707586a2c055f549a36cdfd113def1436dfbb8eaf2358347d66c968fdb265e8832f1c8f8041d0fbddda708f5eac37719ab85040024cdf6eb82568a219'
-            'afafb48f86906db3c1385541eba3d02e028cda087067f4ec467b538cc215d5662ba0af8fe488f4ecbb1f6dff96520c47868c1584239540fb41db8781af6eb792')
+            '969a29c3d1a9667e285ebd3490a83c5a684fa037a540ba242dcd86fe8294eef0b1247fc996a4926832ba0d8c56b5d843a117c14c7696899cb813b847b861a5cc')
 _goroot='/usr/lib/go'

 prepare() {