Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package forgejo for openSUSE:Factory checked in at 2024-08-12 12:31:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/forgejo (Old) and /work/SRC/openSUSE:Factory/.forgejo.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "forgejo" Mon Aug 12 12:31:30 2024 rev:13 rq:1193293 version:8.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/forgejo/forgejo.changes 2024-08-10 19:13:52.268908088 +0200 +++ /work/SRC/openSUSE:Factory/.forgejo.new.7232/forgejo.changes 2024-08-12 12:33:14.119700080 +0200 @@ -1,0 +2,41 @@ +Fri Aug 9 21:25:45 UTC 2024 - Richard Rahl <[email protected]> + +- update to 8.0.1: + * A change introduced in Forgejo v1.21 allows a Forgejo user with write + permission on a repository description to inject a client-side script into + the web page viewed by the visitor. This XSS allows for href in anchor + elements to be set to a javascript: URI in the repository description, + which will execute the specified script upon clicking (and not upon + loading). AllowStandardURLs is now called for the repository description + policy, which ensures that URIs in anchor elements are mailto:, http:// + or https:// and thereby disallowing the javascript: URI. + * Do not include trailing EOL character when counting lines + * Add background to reactions on hover + * Prevent uppercase in header of dashboard context selector + * Fix page layout in admin settings + * Ensure all filters are persistent in issue filters + * Allow 4 charachter SHA in /src/commit +- update to 8.0.0: + full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0 + + Highlights: + * remove Microsoft SQL Server support + * introduce a branch/tag dropdown in the code search page + * added support for fuzzy searching in /user/repo/issues and /user/repo/pulls + * API endpoints for managing tag protection. + * add Reviewed-on and Reviewed-by variables to the merge template + * display an error when an issue comment is edited simultaneously by + two users instead of silently overriding one of them + * when installing Forgejo through the built-in installer, open + (self-) registration is now disabled by default + * add support for the reddit and Hubspot OAuth providers. + * CERT management was improved when ENABLE_ACME=true + * language detection in the repository got additional languages + * add an immutable tarball link to archive download headers for Nix + * Show the AGit label on merged pull requests +- fix apparmor profile +- set sqlite3 as the default installation database +- add a rule for firewalld + + +------------------------------------------------------------------- Old: ---- apparmor-usr.bin.forgejo forgejo-src-7.0.7.tar.gz forgejo-src-7.0.7.tar.gz.asc forgejo.sh node_modules.sums New: ---- forgejo-src-8.0.1.tar.gz forgejo-src-8.0.1.tar.gz.asc forgejo.apparmor forgejo.firewalld ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ forgejo.spec ++++++ --- /var/tmp/diff_new_pack.VHqhwo/_old 2024-08-12 12:33:17.843855327 +0200 +++ /var/tmp/diff_new_pack.VHqhwo/_new 2024-08-12 12:33:17.847855494 +0200 @@ -30,7 +30,7 @@ %endif %endif Name: forgejo -Version: 7.0.7 +Version: 8.0.1 Release: 0 Summary: Self-hostable forge License: MIT @@ -42,14 +42,13 @@ Source3: package-lock.json Source4: node_modules.spec.inc %include %{_sourcedir}/node_modules.spec.inc -Source5: node_modules.sums -Source6: %{name}.service -Source7: %{name}.sysusers -Source8: %{name}.fc -Source9: %{name}.if -Source10: %{name}.sh -Source11: %{name}.te -Source12: apparmor-usr.bin.%{name} +Source5: %{name}.service +Source6: %{name}.sysusers +Source7: %{name}.fc +Source8: %{name}.if +Source9: %{name}.te +Source10: %{name}.apparmor +Source11: %{name}.firewalld Source99: get-sources.sh Patch0: custom-app.ini.patch BuildRequires: golang-packaging @@ -61,6 +60,8 @@ %else BuildRequires: nodejs-packaging %endif +BuildRequires: firewall-macros +BuildRequires: firewalld BuildRequires: local-npm-registry BuildRequires: make BuildRequires: systemd-rpm-macros @@ -68,6 +69,7 @@ Requires: git-core Requires: git-lfs Requires: (%{name}-apparmor if apparmor-abstractions) +Requires: (%{name}-firewalld if firewalld) Requires: (%{name}-selinux if selinux-policy-targeted) %if %{with apparmor} BuildRequires: apparmor-abstractions @@ -81,6 +83,13 @@ %{systemd_requires} %{sysusers_requires} +%package firewalld +Summary: Firewalld profile for %{name} +BuildArch: noarch + +%description firewalld +This package adds a firewalld service profile to %{name} + %if %{with apparmor} %package apparmor Summary: Apparmor profile for %{name} @@ -111,7 +120,7 @@ local-npm-registry %{_sourcedir} install --also=dev %build -%sysusers_generate_pre %{SOURCE7} %{name} %{name}.conf +%sysusers_generate_pre %{SOURCE6} %{name} %{name}.conf export EXTRA_GOFLAGS="-buildmode=pie -mod=vendor" export TAGS="bindata timetzdata sqlite sqlite_unlock_notify" %make_build build @@ -126,12 +135,12 @@ install -d %{buildroot}%{_localstatedir}/log/%{name} install -D -m 0644 %{_builddir}/%{name}-src-%{version}/custom/conf/app.example.ini %{buildroot}%{_sysconfdir}/%{name}/conf/app.ini install -D -m 0755 %{_builddir}/%{name}-src-%{version}/gitea %{buildroot}%{_bindir}/%{name} -install -D -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}.service -install -D -m 0644 %{SOURCE7} %{buildroot}%{_sysusersdir}/%{name}.conf +install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/%{name}.conf %if %{with apparmor} install -d %{buildroot}%{_sysconfdir}/apparmor.d -install -Dm0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.%{name} +install -Dm0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.%{name} %endif %if %{with selinux} @@ -141,12 +150,18 @@ install -Dm0644 %{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if %endif +#firewalld service file +install -D -m 0644 %{SOURCE11} %{buildroot}%{_prefix}/lib/firewalld/services/%{name}.xml + %pre -f %{name}.pre %service_add_pre %{name}.service %post %service_add_post %{name}.service +%post firewalld +%firewalld_reload + %if %{with apparmor} %post apparmor %apparmor_reload %{_sysconfdir}/apparmor.d/usr.bin.%{name} @@ -198,3 +213,6 @@ %{_datadir}/selinux/devel/include/distributed/%{name}.if %endif +%files firewalld +%config(noreplace) %{_prefix}/lib/firewalld/services/%{name}.xml + ++++++ custom-app.ini.patch ++++++ --- /var/tmp/diff_new_pack.VHqhwo/_old 2024-08-12 12:33:17.887857162 +0200 +++ /var/tmp/diff_new_pack.VHqhwo/_new 2024-08-12 12:33:17.903857829 +0200 @@ -1,9 +1,8 @@ -Index: gitea-1.21.3/custom/conf/app.example.ini -=================================================================== ---- gitea-1.21.3.orig/custom/conf/app.example.ini -+++ gitea-1.21.3/custom/conf/app.example.ini -@@ -44,7 +44,7 @@ - APP_NAME = ; Gitea: Git with a cup of tea +diff -rub forgejo-src-8.0.0/custom/conf/app.example.ini forgejo-src-8.0.0-patched/custom/conf/app.example.ini +--- forgejo-src-8.0.0/custom/conf/app.example.ini 2024-07-30 06:40:03.000000000 +0200 ++++ forgejo-src-8.0.0-patched/custom/conf/app.example.ini 2024-08-01 20:24:55.972480197 +0200 +@@ -51,7 +51,7 @@ + ;APP_DISPLAY_NAME_FORMAT = {APP_NAME}: {APP_SLOGAN} ;; ;; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally -RUN_USER = ; git @@ -11,7 +10,7 @@ ;; ;; Application run mode, affects performance and debugging: "dev" or "prod", default is "prod" ;; Mode "dev" makes Gitea easier to develop and debug, values other than "dev" are treated as "prod" which is for production use. -@@ -273,15 +273,17 @@ RUN_USER = ; git +@@ -284,15 +284,17 @@ ;; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys ;; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes ;; Paths are relative to CUSTOM_PATH @@ -31,7 +30,7 @@ ;; ;; Enable gzip compression for runtime-generated content, static resources excluded ;ENABLE_GZIP = false -@@ -293,6 +295,7 @@ RUN_USER = ; git +@@ -304,6 +306,7 @@ ;; ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service ;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_ @@ -39,16 +38,57 @@ ;; ;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"; ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in. -@@ -368,7 +371,7 @@ USER = root +@@ -355,10 +358,10 @@ + ;; + ;; MySQL Configuration + ;; +-DB_TYPE = mysql +-HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock +-NAME = gitea +-USER = root ++;DB_TYPE = mysql ++;HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock ++;NAME = forgejo ++;USER = root + ;PASSWD = ;Use PASSWD = `your password` for quoting if you use special characters in the password. + ;SSL_MODE = false ; either "false" (default), "true", or "skip-verify" + ;CHARSET_COLLATION = ; Empty as default, Gitea will try to find a case-sensitive collation. Don't change it unless you clearly know what you need. +@@ -369,7 +372,7 @@ + ;; + ;DB_TYPE = postgres + ;HOST = 127.0.0.1:5432 ; can use socket e.g. /var/run/postgresql/ +-;NAME = gitea ++;NAME = forgejo + ;USER = root + ;PASSWD = + ;SCHEMA = +@@ -379,21 +382,10 @@ + ;; ;; SQLite Configuration ;; - ;DB_TYPE = sqlite3 +-;DB_TYPE = sqlite3 -;PATH= ; defaults to data/forgejo.db -+;PATH= /var/lib/forgejo/data/gitea.db ; defaults to data/forgejo.db - ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500 - ;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode +-;SQLITE_TIMEOUT = ; Query timeout defaults to: 500 +-;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode +-;; +-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +-;; +-;; MSSQL Configuration +-;; +-;DB_TYPE = mssql +-;HOST = 172.17.0.2:1433 +-;NAME = gitea +-;USER = SA +-;PASSWD = MwantsaSecurePassword1 +-;CHARSET_COLLATION = ; Empty as default, Gitea will try to find a case-sensitive collation. Don't change it unless you clearly know what you need. ++DB_TYPE = sqlite3 ++PATH= /var/lib/forgejo/data/forgejo.db ; defaults to data/forgejo.db ++SQLITE_TIMEOUT = ; Query timeout defaults to: 500 ++SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode + ;; + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; -@@ -561,14 +564,14 @@ ENABLE = true +@@ -579,14 +571,14 @@ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Root path for the log files - defaults to %(GITEA_WORK_DIR)/log @@ -65,7 +105,7 @@ ;; ;; Either "Trace", "Debug", "Info", "Warn", "Error" or "None", default is "Info" LEVEL = Info -@@ -904,7 +907,7 @@ LEVEL = Info +@@ -946,7 +938,7 @@ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories. ;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s @@ -74,7 +114,7 @@ ;; ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available. ;SCRIPT_TYPE = bash -@@ -1014,7 +1017,7 @@ LEVEL = Info +@@ -1065,7 +1057,7 @@ ;ENABLED = true ;; ;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart) @@ -83,7 +123,7 @@ ;; ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. ;ALLOWED_TYPES = -@@ -1368,7 +1371,7 @@ LEVEL = Info +@@ -1444,7 +1436,7 @@ ;ISSUE_INDEXER_TYPE = bleve ;; ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve @@ -92,7 +132,7 @@ ;; ;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch (e.g. http://elastic:password@localhost:9200) or meilisearch (e.g. http://:apikey@localhost:7700) ;ISSUE_INDEXER_CONN_STR = -@@ -1395,7 +1398,7 @@ LEVEL = Info +@@ -1471,7 +1463,7 @@ ;REPO_INDEXER_TYPE = bleve ;; ;; Index file used for code search. available when `REPO_INDEXER_TYPE` is bleve @@ -101,7 +141,7 @@ ;; ;; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200 ;REPO_INDEXER_CONN_STR = -@@ -1429,6 +1432,7 @@ LEVEL = Info +@@ -1510,6 +1502,7 @@ ;; ;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared. ;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`. @@ -109,16 +149,16 @@ ;; ;; Default queue length before a channel queue will block ;LENGTH = 100000 -@@ -1752,7 +1756,7 @@ LEVEL = Info - ;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` - ;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` +@@ -1852,7 +1845,7 @@ + ;; file: session file path, e.g. `data/sessions` + ;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster) ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` -;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_. +;PROVIDER_CONFIG = /var/lib/forgejo/data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_. ;; ;; Session cookie name ;COOKIE_NAME = i_like_gitea -@@ -1839,7 +1843,7 @@ LEVEL = Info +@@ -1939,7 +1932,7 @@ ;; ;; Path for attachments. Defaults to `attachments`. Only available when STORAGE_TYPE is `local` ;; Relative paths will be resolved to `${AppDataPath}/${attachment.PATH}` @@ -127,7 +167,7 @@ ;; ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio` ;MINIO_ENDPOINT = localhost:9000 -@@ -1857,7 +1861,7 @@ LEVEL = Info +@@ -1965,7 +1958,7 @@ ;MINIO_LOCATION = us-east-1 ;; ;; Minio base path on the bucket only available when STORAGE_TYPE is `minio` @@ -136,7 +176,7 @@ ;; ;; Minio enabled ssl only available when STORAGE_TYPE is `minio` ;MINIO_USE_SSL = false -@@ -2428,10 +2432,10 @@ LEVEL = Info +@@ -2548,10 +2541,10 @@ ;; ;STORAGE_TYPE = local ;; override the minio base path if storage type is minio @@ -149,7 +189,7 @@ ;; ;; Maximum count of package versions a single owner can have (`-1` means no limits) ;LIMIT_TOTAL_OWNER_COUNT = -1 -@@ -2498,10 +2502,10 @@ LEVEL = Info +@@ -2618,10 +2611,10 @@ ;STORAGE_TYPE = local ;; ;; Where your lfs files reside, default is data/lfs. @@ -162,7 +202,7 @@ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -@@ -2521,10 +2525,10 @@ LEVEL = Info +@@ -2641,10 +2634,10 @@ ;STORAGE_TYPE = local ;; ;; Where your lfs files reside, default is data/lfs. ++++++ forgejo-src-7.0.7.tar.gz -> forgejo-src-8.0.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/forgejo/forgejo-src-7.0.7.tar.gz /work/SRC/openSUSE:Factory/.forgejo.new.7232/forgejo-src-8.0.1.tar.gz differ: char 18, line 1 ++++++ forgejo.apparmor ++++++ abi <abi/3.0>, include <tunables/global> profile forgejo /usr/bin/forgejo flags=(attach_disconnected) { include <abstractions/base> include <abstractions/mysql> include <abstractions/nameservice> include <abstractions/opencl-pocl> include <abstractions/openssl> include <abstractions/user-tmp> include if exists <local/usr.bin.forgejo> network inet stream, network inet6 stream, /etc/forgejo/ r, /etc/forgejo/conf/app.ini r, /etc/forgejo/public/ r, /etc/forgejo/public/** r, /etc/forgejo/{conf,https,mailer}/ r, /etc/gitconfig r, /etc/mime.types r, /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r, /usr/bin/forgejo mr, /usr/bin/git mr, /usr/bin/gzip mr, /usr/bin/{basename,env,git,git-lfs,forgejo,ssh-keygen,gzip} ix, /usr/libexec/git/git-write-tree mrix, /usr/share/forgejo/** r, /usr/share/forgejo/.gitconfig rw, /usr/share/forgejo/.gitconfig.lock rw, /usr/share/git-core/templates/ r, /usr/share/git-core/templates/** r, /usr/share/mime/globs2 r, /usr/{lib,libexec}/git/git ix, /usr/{lib,libexec}/git/git-remote-http ix, /var/ r, /var/lib/ r, /var/lib/forgejo/ r, /var/lib/forgejo/.local/** rw, /var/lib/forgejo/.ssh/ rw, /var/lib/forgejo/.ssh/* rw, /var/log/forgejo/ rw, /var/log/forgejo/access.log rw, /var/log/forgejo/access.log.* w, /var/log/forgejo/doctors-* rw, @{PROC}/sys/net/core/somaxconn r, owner /etc/forgejo/conf/app.ini w, owner /tmp/forgejo** rwl, owner /tmp/index* rw, owner /tmp/patch* rw, owner /usr/share/forgejo/** rw, owner /var/lib/forgejo/backups/forgejo-dump-*.{zip,tar.gz,tar.xz} rw, owner /var/lib/forgejo/data/forgejo-repositories/** rwlk, owner /var/lib/forgejo/data/forgejo-repositories/**.git/hooks/** ix, owner /var/lib/forgejo/https/** rwlk, owner /var/lib/forgejo/{data,indexers,queues,repositories,backups}/ r, owner /var/lib/forgejo/{data,indexers,queues,repositories}/** rwk, owner /var/log/forgejo/gitea.log w, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/{cgroup,cpuset,status,stat,limits} r, } ++++++ forgejo.firewalld ++++++ <?xml version="1.0" encoding="utf-8"?> <service> <short>Forgejo</short> <description>Forgejo is a self-hostable forge. It was forked from gitea, and has the old UI style from GitHub.</description> <port protocol="tcp" port="3000"/> </service> ++++++ node_modules.obscpio ++++++ /work/SRC/openSUSE:Factory/forgejo/node_modules.obscpio /work/SRC/openSUSE:Factory/.forgejo.new.7232/node_modules.obscpio differ: char 60, line 1 ++++++ node_modules.spec.inc ++++++ ++++ 2051 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/forgejo/node_modules.spec.inc ++++ and /work/SRC/openSUSE:Factory/.forgejo.new.7232/node_modules.spec.inc ++++++ package-lock.json ++++++ ++++ 11614 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/forgejo/package-lock.json ++++ and /work/SRC/openSUSE:Factory/.forgejo.new.7232/package-lock.json
