Ana Guerrero
ddf551e319
- Update to version 11.0.7:
* Vulnerability (Critical): prevent writing to out-of-repo symlink
destinations while evaluating template repos
* Vulnerability (Medium): prevent .forgejo/template from being out-of-repo
content
* Vulnerability (Medium): return on error if an LFS token cannot be parsed
* Vulnerability (Low): prevent commit API from leaking user's hidden email
address on valid GPG signed commits
OBS-URL: https://build.opensuse.org/request/show/1313901
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo-longterm?expand=0&rev=5
SUSE Specific Notes --------------------- By default the package does not allow writing to `/etc/forgejo/conf/app.ini`. This is not a problem during normal runtime. But during the initial setup forgejo wants to write to this file. We can temporarily allow it with: ``` chown -R forgejo: /etc/forgejo/conf/ ``` If apparmor is enabled as well, we need to temporarily allow writing there as well. You can check this with: ``` ps aufxZ | grep '^forgejo' forgejo (enforce) ... ``` If it is running in apparmor use this to allow the temporary permissions: ``` echo "/etc/forgejo/conf/app.ini rwlk," >> /etc/apparmor.d/local/forgejo apparmor_parser -r /etc/apparmor.d/forgejo ``` Once the initial installation is done you can use this to restore the permissions: ``` rpm --setugids --setperms forgejo ``` And remove the line from the `/etc/apparmor.d/local/forgejo` file again and reload the profile with ``` apparmor_parser -r /etc/apparmor.d/forgejo ```