From 7288b7493795d235e1e84ff36cca46b8f454da441bd81fe0abd4498191eccf97 Mon Sep 17 00:00:00 2001 From: Richard Rahl Date: Wed, 22 May 2024 20:56:36 +0000 Subject: [PATCH] Accepting request 1175961 from home:rrahl0:upgrades - update to 7.0.3: * CVE-2024-24788: a malformed DNS message in response to a query can cause the lookup functions to get stuck in an infinite loop * backticks in mermaid block diagram labels are not sanitized properly * migration of a repository from gogs fails when it is hosted at a subpath. * when creating an OAuth2 application the redirect URLs are not enforced to be mandatory * the API incorrectly excludes repositories where code is not enabled * "Allow edits from maintainers" cannot be modified via the pull request web UI * repository activity feeds (including RSS and Atom feeds) contain repeated activities * uploading maven packages with metadata being uploaded separately will fail * the mail notification sent about commits pushed to pull requests are empty * inline emails attachments are not properly handled when commenting on an issue via email * the links to .zip and tar.gz on the tag list web UI fail * expanding code diff while previewing a pull request before it is created fails * the CLI is not able to migrate Forgejo Actions artifacts * when adopting a repository, the default branch is not taken into account * when using reverse proxy authentication, logout will not be taken into account when immediately trying to login afterwards * pushing to the master branch of a sha256 repository fails * a very long project column name will make the action menu inaccessible * a useless error is displayed when the title of a merged pull request is modified * workflow badges are not working for workflows that are not running on push (such as scheduled workflows, and ones that run on tags and pull requests) OBS-URL: https://build.opensuse.org/request/show/1175961 OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=19 --- forgejo-src-7.0.2.tar.gz | 3 --- forgejo-src-7.0.2.tar.gz.asc | 7 ------- forgejo-src-7.0.3.tar.gz | 3 +++ forgejo-src-7.0.3.tar.gz.asc | 7 +++++++ forgejo.changes | 31 +++++++++++++++++++++++++++++++ forgejo.keyring | 2 +- forgejo.spec | 2 +- node_modules.obscpio | 4 ++-- node_modules.spec.inc | 2 +- package-lock.json | 8 ++++---- 10 files changed, 50 insertions(+), 19 deletions(-) delete mode 100644 forgejo-src-7.0.2.tar.gz delete mode 100644 forgejo-src-7.0.2.tar.gz.asc create mode 100644 forgejo-src-7.0.3.tar.gz create mode 100644 forgejo-src-7.0.3.tar.gz.asc diff --git a/forgejo-src-7.0.2.tar.gz b/forgejo-src-7.0.2.tar.gz deleted file mode 100644 index 7364f1b..0000000 --- a/forgejo-src-7.0.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:39b2079be7671f2248dcc36377ae20be65f20695d7f968ae227c0fc55dacca06 -size 54862292 diff --git a/forgejo-src-7.0.2.tar.gz.asc b/forgejo-src-7.0.2.tar.gz.asc deleted file mode 100644 index a191fa6..0000000 --- a/forgejo-src-7.0.2.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZjO6FAAKCRCkthotxZI3 -EG8/AQCcP2vaRefgRGo8VUhtRW5swivjyqfdDEs5cR0W8pBViAEAwInukGi78Ktw -as42wooc0bf0V8IKshGUV3/AnOK6FAE= -=lOwi ------END PGP SIGNATURE----- diff --git a/forgejo-src-7.0.3.tar.gz b/forgejo-src-7.0.3.tar.gz new file mode 100644 index 0000000..08f621c --- /dev/null +++ b/forgejo-src-7.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c9e85222eb27508e74a284cb125df7c6d7cfc31f52c62f1e305d2aeb1bdb7abc +size 54895104 diff --git a/forgejo-src-7.0.3.tar.gz.asc b/forgejo-src-7.0.3.tar.gz.asc new file mode 100644 index 0000000..934fef4 --- /dev/null +++ b/forgejo-src-7.0.3.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- + +iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZk4qfAAKCRCkthotxZI3 +EK/FAP9m98DUdSUB+5LZFmha2VGPm1BtfeC3IMctTI1mpH3ARAD/RovDuiALj+MO +XGkkM8twN732GTGN+QvpSStcbUJCyQk= +=YTAy +-----END PGP SIGNATURE----- diff --git a/forgejo.changes b/forgejo.changes index 0f0b2e8..04e37bb 100644 --- a/forgejo.changes +++ b/forgejo.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Wed May 22 20:41:58 UTC 2024 - Richard Rahl + +- update to 7.0.3: + * CVE-2024-24788: a malformed DNS message in response to a query can + cause the lookup functions to get stuck in an infinite loop + * backticks in mermaid block diagram labels are not sanitized properly + * migration of a repository from gogs fails when it is hosted at a subpath. + * when creating an OAuth2 application the redirect URLs are not enforced to + be mandatory + * the API incorrectly excludes repositories where code is not enabled + * "Allow edits from maintainers" cannot be modified via the pull request web UI + * repository activity feeds (including RSS and Atom feeds) contain + repeated activities + * uploading maven packages with metadata being uploaded separately will fail + * the mail notification sent about commits pushed to pull requests are empty + * inline emails attachments are not properly handled when commenting on an + issue via email + * the links to .zip and tar.gz on the tag list web UI fail + * expanding code diff while previewing a pull request before it is created fails + * the CLI is not able to migrate Forgejo Actions artifacts + * when adopting a repository, the default branch is not taken into account + * when using reverse proxy authentication, logout will not be taken into + account when immediately trying to login afterwards + * pushing to the master branch of a sha256 repository fails + * a very long project column name will make the action menu inaccessible + * a useless error is displayed when the title of a merged pull request is + modified + * workflow badges are not working for workflows that are not running on push + (such as scheduled workflows, and ones that run on tags and pull requests) + ------------------------------------------------------------------- Fri May 3 00:35:37 UTC 2024 - Richard Rahl diff --git a/forgejo.keyring b/forgejo.keyring index d125ac2..31df5df 100644 --- a/forgejo.keyring +++ b/forgejo.keyring @@ -1,6 +1,6 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: Hostname: -Version: Hockeypuck 2.1.1-10-gec3b0e7 +Version: Hockeypuck 2.2 xjMEY3T/yhYJKwYBBAHaRw8BAQdAVxqCQrSbpDNrx8CiTM8PUAVqdCyv2UmBDhpP HZIpoIDNHUZvcmdlam8gPGNvbnRhY3RAZm9yZ2Vqby5vcmc+wsB+BBMWCgDmAhsD diff --git a/forgejo.spec b/forgejo.spec index a399390..f411a8b 100644 --- a/forgejo.spec +++ b/forgejo.spec @@ -30,7 +30,7 @@ %endif %endif Name: forgejo -Version: 7.0.2 +Version: 7.0.3 Release: 0 Summary: Self-hostable forge License: MIT diff --git a/node_modules.obscpio b/node_modules.obscpio index 660ea8d..796dba6 100644 --- a/node_modules.obscpio +++ b/node_modules.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:153a8bb7f7ea231d06759e4ebc681b06ecca9bb559f866b140b5f1d8a84cf922 -size 185700044 +oid sha256:f5ea0007b140d739de145225fce8a34d2e257d06891cdf39ca350e6bd3136236 +size 185686620 diff --git a/node_modules.spec.inc b/node_modules.spec.inc index db22111..196fe6b 100644 --- a/node_modules.spec.inc +++ b/node_modules.spec.inc @@ -665,7 +665,7 @@ Source10663: https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz#/mdurl-2 Source10664: https://registry.npmjs.org/meow/-/meow-13.2.0.tgz#/meow-13.2.0.tgz Source10665: https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz#/merge-stream-2.0.0.tgz Source10666: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz#/merge2-1.4.1.tgz -Source10667: https://registry.npmjs.org/mermaid/-/mermaid-10.9.0.tgz#/mermaid-10.9.0.tgz +Source10667: https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz#/mermaid-10.9.1.tgz Source10668: https://registry.npmjs.org/micromark/-/micromark-3.2.0.tgz#/micromark-3.2.0.tgz Source10669: https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-1.1.0.tgz#/micromark-core-commonmark-1.1.0.tgz Source10670: https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-1.1.0.tgz#/micromark-factory-destination-1.1.0.tgz diff --git a/package-lock.json b/package-lock.json index ca8ce24..47f2b90 100644 --- a/package-lock.json +++ b/package-lock.json @@ -34,7 +34,7 @@ "jquery": "3.7.1", "katex": "0.16.10", "license-checker-webpack-plugin": "0.2.1", - "mermaid": "10.9.0", + "mermaid": "10.9.1", "mini-css-extract-plugin": "2.8.1", "minimatch": "9.0.3", "monaco-editor": "0.47.0", @@ -8232,9 +8232,9 @@ } }, "node_modules/mermaid": { - "version": "10.9.0", - "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.0.tgz", - "integrity": "sha512-swZju0hFox/B/qoLKK0rOxxgh8Cf7rJSfAUc1u8fezVihYMvrJAS45GzAxTVf4Q+xn9uMgitBcmWk7nWGXOs/g==", + "version": "10.9.1", + "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz", + "integrity": "sha512-Mx45Obds5W1UkW1nv/7dHRsbfMM1aOKA2+Pxs/IGHNonygDHwmng8xTHyS9z4KWVi0rbko8gjiBmuwwXQ7tiNA==", "dependencies": { "@braintree/sanitize-url": "^6.0.1", "@types/d3-scale": "^4.0.3",