Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package goshs for openSUSE:Factory checked in at 2026-06-25 10:56:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/goshs (Old) and /work/SRC/openSUSE:Factory/.goshs.new.2088 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "goshs" Thu Jun 25 10:56:01 2026 rev:12 rq:1361537 version:2.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/goshs/goshs.changes 2026-06-18 18:45:54.494273112 +0200 +++ /work/SRC/openSUSE:Factory/.goshs.new.2088/goshs.changes 2026-06-25 10:58:33.920189706 +0200 @@ -1,0 +2,38 @@ +Wed Jun 24 06:35:48 UTC 2026 - Martin Hauke <[email protected]> + +- Update to version 2.1.2 + New Features + * Payload templating — Files can now be rendered as Go templates + on the fly. Request a file with the ?tpl query parameter and + {{.VAR}} placeholders are substituted at download time. Enable + with --template and pass variables via the repeatable + --tpl-var KEY=VALUE flag (e.g. --tpl-var LPORT=4444). Ideal for + serving payloads/scripts that need host- or port-specific + values baked in without editing files on disk. + * Resumable downloads (HTTP Range support) — The file handler now + honors Range requests, enabling partial content responses and + resumable/interrupted downloads of large files. + Security Fixes + * Bulk-download ACL bypass — Selecting a parent directory for + bulk (zip) download no longer bypasses authentication or block + rules defined in nested .goshs files. ACL is now enforced + per-file during the recursive zip walk, and .goshs files are + excluded from archives. + * WebDAV ACL enforcement — Added a .goshs guard to the WebDAV + interface so directory-level access controls are now applied + over WebDAV as well. + * Brute-force lockout reset — Failed-login lockouts now correctly + reset after the lockout duration expires instead of remaining + stuck. + * Path handling — Removed a double URL-decode in sanitizePath so + filenames containing literal % and + are preserved correctly. + * Share creation crash — Fixed a missing return after a failed + os.Stat in the share handler that could lead to a + nil-dereference, plus a related error-message typo. + Packaging + * Refreshed shell completions (bash/zsh/fish) — added --ttl and + --tui, and corrected the FTP flag names. + * Makefile cleanup and COPR spec fixes. + * Fixed integration tests. + +------------------------------------------------------------------- Old: ---- goshs-2.1.1.tar.gz New: ---- goshs-2.1.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ goshs.spec ++++++ --- /var/tmp/diff_new_pack.W4S26t/_old 2026-06-25 10:58:34.680215936 +0200 +++ /var/tmp/diff_new_pack.W4S26t/_new 2026-06-25 10:58:34.680215936 +0200 @@ -16,7 +16,7 @@ # Name: goshs -Version: 2.1.1 +Version: 2.1.2 Release: 0 Summary: A simple HTTP server License: MIT ++++++ goshs-2.1.1.tar.gz -> goshs-2.1.2.tar.gz ++++++ ++++ 2236 lines of diff (skipped) ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/goshs/vendor.tar.gz /work/SRC/openSUSE:Factory/.goshs.new.2088/vendor.tar.gz differ: char 15, line 1
