Accepting request 1193061 from devel:tools:scm

OBS-URL: https://build.opensuse.org/request/show/1193061 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=12
2024-08-10 17:07:58 +00:00 · 2024-08-10 17:07:58 +00:00 · ffec6c3cf3
commit ffec6c3cf3
parent 011ebefb7f 3ee08f8470
6 changed files with 35 additions and 11 deletions
--- a/forgejo-src-7.0.6.tar.gz
+++ b/forgejo-src-7.0.6.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b33ca271d4d8ecf00ce80d2ee14888d40265ab648b880fd9bb9916bf9e88b15b
-size 53489756
--- a/forgejo-src-7.0.6.tar.gz.asc
+++ b/forgejo-src-7.0.6.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZqjZygAKCRCkthotxZI3
-EJmNAP9IiHThCEotiYrOt3YzdOeaEAM3vfLzyf4PN1jWibbiogEAzGyWuho+MH8z
-9TqdaLJIF/T3L62r/TgZ+mlZ0HHkLQM=
-=ExB8
-----END PGP SIGNATURE-----
--- a/forgejo-src-7.0.7.tar.gz
+++ b/forgejo-src-7.0.7.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba66fa2bf335149d6bda0a943bcbb2021af3692f10c10ede646cdcabfe762029
+size 53549049
--- a/forgejo-src-7.0.7.tar.gz.asc
+++ b/forgejo-src-7.0.7.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZrYTZAAKCRCkthotxZI3
+EPgYAP9o2VTTDnul4cDr6xEfw9k90sk323uk4WhcSktc+qgxqwEAmUKcJ4pk7scZ
+O2O5Ru3o7nomtBPrflFoGJXKO8ACrQ8=
+=7IAF
+-----END PGP SIGNATURE-----
--- a/forgejo.changes
+++ b/forgejo.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Fri Aug  9 18:13:59 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- update to 7.0.7:
+  This is a security release. See the documentation for more
+  information on the upgrade procedure.
+  * Security
+    - A change introduced in Forgejo v1.21 allows a Forgejo user
+      with write permission on a repository description to inject a
+      client-side script into the web page viewed by the visitor.
+      This XSS allows for href in anchor elements to be set to a
+      javascript: URI in the repository description, which will
+      execute the specified script upon clicking (and not upon
+      loading). AllowStandardURLs is now called for the repository
+      description policy, which ensures that URIs in anchor
+      elements are mailto:, http:// or https:// and thereby
+      disallowing the javascript: URI.
+  * Bug fixes
+    - PR (backported): disallow javascript: URI in the repository
+      description
+  * Localization
+    - PR (backported): i18n: backport of #4568 #4668 and #4783 to
+      v7
+
 -------------------------------------------------------------------
 Thu Aug  1 10:50:53 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

--- a/forgejo.spec
+++ b/forgejo.spec
@ -30,7 +30,7 @@
 %endif
 %endif
 Name:           forgejo
-Version:        7.0.6
+Version:        7.0.7
 Release:        0
 Summary:        Self-hostable forge
 License:        MIT