Compare commits

78 Commits

Author SHA256 Message Date
ee94cbde88 Accepting request 1295901 from devel:tools:scm
- update to version 12.0.1:
  * allow for tracked time to be removed again
  * correct image source for quoted reply
  * prevent render failure on faulty org settings post
  * Revert "remove API authentication methods that uses the URL query"
  * upgrade fails or hang at migration[31]: Migrate maven package
    name concatenation
  * make the action feed resilient to database inconsistencies
  * make sure to use unaltered fields when saving a shadow copy
    for updated profiles or comments
  * follow symlinks for local assets
  * use correct ACME default
- remove get-sources.sh, use obs tooling
- include apparmor in Leap 16

- update to version 12.0.0:
  * remove API authentication methods that uses the URL query
  * relax email requirements
  * consider WebAuthn & SSH for instance signing
  * add SSH signing support for instances
  * forgejo docs command is deprecated
  * remove the legacy TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY setting
  * fail if sha is not provided to the POST
    /repos/{owner}/{repo}/contents API endpoint
  * transform fediverse handles
  * add user visibility description in the settings page
  * add model viewer for .glb (GLTF) model in file view
  * show size constraints of custom avatar
  * add links to milestones and projects in issue comments
  * global styling for the kbd tag (forwarded request 1295900 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1295901
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=34
2025-07-27 14:26:39 +00:00
f774f8249c Accepting request 1291760 from devel:tools:scm
- update to 11.0.3:
  * fixing git security vulnerability
  * add missing lazy load attribute to images
  * backport of translation updates
  * do not ignore automerge while a PR is checking for conflicts
  * user activation with uppercase email address
  * collaborator can edit wiki with write access
  * fix: corrupted wiki unit default permission
  * fix: skip empty tokens in SearchOptions.Tokens()
  * fix: make API /repos/{owner}/{repo}/compare/{basehead} work with forks
  * fix(ui): release: name is overridden with tag name on edit
  * Revert "fix(api): document is_system_webhook field (forwarded request 1291759 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1291760
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=33
2025-07-11 19:29:16 +00:00
Richard Rahl
c751cab79b - update to 11.0.3:
* fixing git security vulnerability
  * add missing lazy load attribute to images
  * backport of translation updates
  * do not ignore automerge while a PR is checking for conflicts
  * user activation with uppercase email address
  * collaborator can edit wiki with write access
  * fix: corrupted wiki unit default permission
  * fix: skip empty tokens in SearchOptions.Tokens()
  * fix: make API /repos/{owner}/{repo}/compare/{basehead} work with forks
  * fix(ui): release: name is overridden with tag name on edit
  * Revert "fix(api): document is_system_webhook field

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=76
2025-07-10 18:14:39 +00:00
8dde14ff9c Accepting request 1287177 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1287177
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=32
2025-06-20 14:54:22 +00:00
Richard Rahl
76aa75785a - Update to 11.0.2:
* Features
    - make Forgejo Actions server logs less noisy
  * Bug fixes
    - do not fail when release or wiki is set in /repos/migrate API
    - ignore expired artifacts for quota calculation
    - pull request cross references
    - quote reply in Chromium
    - fix: make hash pattern more strict
  * Included for completeness but not worth a release note
    - remove download attribute from external assets
    - bleve to v2.5.2 with changes made in backport of 2.5.0
    - show membership of limited orgs
    - date dependency go to v1.24.3 (v11.0/forgejo)
    - drop unused @typescript-eslint/parser package
    - suppress non actionable XORM warnings
    - aggregate deleted team as ghost team
    - center footer links
    - fix force-push compare line layout
    - parse change-id in the git commit header
    - Update module github.com/blevesearch/bleve/v2 to v2.5.1 (v11.0/forgejo) - abandoned
    - improve force-push compare line layout
    - Remove "create branch" button on mirrored repos
    - Update module github.com/msteinert/pam/v2 to v2.1.0 (v11.0/forgejo)
    - replace ß with ss in normalizeUserName
    - document is_system_webhook field
    - remove artificial delay for PR update

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=74
2025-06-20 10:14:05 +00:00
37739cc52b Accepting request 1284786 from devel:tools:scm
- conflict all subpackages to forgejoi-longterm equivilent packages (forwarded request 1284784 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1284786
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=31
2025-06-11 14:27:34 +00:00
Richard Rahl
4af0882634 - conflict all subpackages to forgejoi-longterm equivilent packages
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=72
2025-06-11 11:14:07 +00:00
0c4a675dbb Accepting request 1283946 from devel:tools:scm
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1283946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=30
2025-06-10 07:06:02 +00:00
Richard Rahl
bfde83402f - apparmor: allow reading of new data files
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=70
2025-06-02 08:08:30 +00:00
Richard Rahl
3e2b7c0b57 - conflict with forgejo-longterm
- require apparmor profile when apparmor is installed
- use forgejo name rather than macro, sharing as much as possible with
  forgejo-longterm

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=69
2025-05-31 12:54:50 +00:00
74e360e79b Accepting request 1274877 from devel:tools:scm
- update to 11.0.1:
  * If LFS is enabled on a Forgejo instance with [server].LFS_START_SERVER =
    true, it was possible for a registered user to upload LFS files to a
    repository to which they only had read access.
  * A user account with 2fa (two factor authentication) enrolled with a
    security key was not enforced when using an external account
  * fix: display the list of tasks in the runner edit page
  * fix(ui): use gap in switch items
  * fix(ui/pr): use eye icon for reviews
  * fix(ui): rescope menu height patch to overflow menu
  * fix(ui): show commit icon in branch dropdown button when viewing a commit
  * i18n: backport of translation updates
  * fix(i18n): prevent incorrect logging on strings missing in JSON locales
  * chore: replace github.com/go-testfixtures/testfixtures
  * fix: use linguist-generated for language stats
  * chore: tune down remote user promotion debug message shown as error
  * fix: set default restricted for OAuth2 user
  * chore: merge tests.AddFixtures and unittest.OverrideFixtures
  * fix(ui): make pagination labels always visible to screenreader
  * fix: delay-write trace.dat for forgejo diagnosis
  * Update module github.com/mattn/go-sqlite3 to v1.14.28 (v11.0/forgejo) (forwarded request 1274876 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1274877
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=29
2025-05-07 17:16:30 +00:00
Richard Rahl
f67ad385e4 - update to 11.0.1:
* If LFS is enabled on a Forgejo instance with [server].LFS_START_SERVER =
    true, it was possible for a registered user to upload LFS files to a
    repository to which they only had read access.
  * A user account with 2fa (two factor authentication) enrolled with a
    security key was not enforced when using an external account
  * fix: display the list of tasks in the runner edit page
  * fix(ui): use gap in switch items
  * fix(ui/pr): use eye icon for reviews
  * fix(ui): rescope menu height patch to overflow menu
  * fix(ui): show commit icon in branch dropdown button when viewing a commit
  * i18n: backport of translation updates
  * fix(i18n): prevent incorrect logging on strings missing in JSON locales
  * chore: replace github.com/go-testfixtures/testfixtures
  * fix: use linguist-generated for language stats
  * chore: tune down remote user promotion debug message shown as error
  * fix: set default restricted for OAuth2 user
  * chore: merge tests.AddFixtures and unittest.OverrideFixtures
  * fix(ui): make pagination labels always visible to screenreader
  * fix: delay-write trace.dat for forgejo diagnosis
  * Update module github.com/mattn/go-sqlite3 to v1.14.28 (v11.0/forgejo)

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=67
2025-05-06 11:10:01 +00:00
36893c20d3 Accepting request 1270597 from devel:tools:scm
- update to 11.0.0:
  * add ability to regenerate access tokens
  * drop SSPI auth support and more Windows files
  * localize theme names
  * improve incorrect ROOT_URL warning
  * admin user view
  * welcome screen for user dashboard
  * improve "URL" handling in markdown editor
  * display to maintainers in pull request when it is editable
  * simplify pronouns in user settings
  * split Forgejo landing page template to allow patching or removing Forgejo
    introduction section
  * set default release title to tag name
  * add quota overview
  * allow opening a single-file diff from file history view
  * reduce noise in the timeline of issues and pull requests. If certain
    timeline events are performed within a certain timeframe of each other with
    no other events in between, they will be combined into a single timeline
    event, and any contradictory actions will be canceled and not displayed.
    The older the events, the wider the timeframe will become.
  * i18n: make Danish available in UI
  * Updates from Codeberg Translate
  * Features
  * return run_number in workflow dispatch
  * add more sorting to own repository list
  * add sort parameter to list issues API
  * make it possible to track the progress of manually triggered workflows
  * interpret Precedence: auto_reply as an auto reply
  * parse multipart/related parts as attachments & guess filename
  * added missing nuget V2 properties to API (forwarded request 1270596 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1270597
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=28
2025-04-18 14:21:13 +00:00
Richard Rahl
8af51634de - update to 11.0.0:
* add ability to regenerate access tokens
  * drop SSPI auth support and more Windows files
  * localize theme names
  * improve incorrect ROOT_URL warning
  * admin user view
  * welcome screen for user dashboard
  * improve "URL" handling in markdown editor
  * display to maintainers in pull request when it is editable
  * simplify pronouns in user settings
  * split Forgejo landing page template to allow patching or removing Forgejo
    introduction section
  * set default release title to tag name
  * add quota overview
  * allow opening a single-file diff from file history view
  * reduce noise in the timeline of issues and pull requests. If certain
    timeline events are performed within a certain timeframe of each other with
    no other events in between, they will be combined into a single timeline
    event, and any contradictory actions will be canceled and not displayed.
    The older the events, the wider the timeframe will become.
  * i18n: make Danish available in UI
  * Updates from Codeberg Translate
  * Features
  * return run_number in workflow dispatch
  * add more sorting to own repository list
  * add sort parameter to list issues API
  * make it possible to track the progress of manually triggered workflows
  * interpret Precedence: auto_reply as an auto reply
  * parse multipart/related parts as attachments & guess filename
  * added missing nuget V2 properties to API

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=65
2025-04-17 16:10:50 +00:00
cab1a5b1f7 Accepting request 1269826 from devel:tools:scm
- add patch fix-CVE-2025-3445.patch, for fixing bsc#1241245, bsc#2024-0406 (forwarded request 1269825 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1269826
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=27
2025-04-16 18:41:43 +00:00
Richard Rahl
1b8728d8a1 - add patch fix-CVE-2025-3445.patch, for fixing bsc#1241245, bsc#2024-0406
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=63
2025-04-16 08:20:14 +00:00
365d7df36e Accepting request 1255423 from devel:tools:scm
- update to 10.0.3:
  * fix a regression which caused unnecessary escaping of URLs
  * update dependencies
- fix url for the keyring (forwarded request 1255422 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1255423
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=26
2025-03-24 12:28:07 +00:00
Richard Rahl
ac40041bfd - update to 10.0.3:
* fix a regression which caused unnecessary escaping of URLs
  * update dependencies
- fix url for the keyring

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=61
2025-03-23 17:18:08 +00:00
Richard Rahl
e611cd8bd7 - update to 10.0.2:
* update of translations
  * When migrating from a Forgejo version lower than v10, the TOTP secrets
    found to be corrupted are now transparently removed
  * replies to pending review comments no longer generate a notification
  * consider public issues for project boards
  * the rootless Forgejo image version label is not set
  * do not allow SSH url for migration
  * setting.Service.EnableInternalSignIn = false is disabling forgotten password
  * show internal login prompt for account linking
  * enable ssh mirrors in rootless Forgejo images
  * render link in heading correctly in wiki TOC
  * Update module github.com/redis/go-redis/v9
  * fix: consider issues in repository accessible via access table
  * fix(api): miss-spelled description, corrected to public
  * fix: revert issue rendering for <a> element
  * chore(ci): ensure the manually cached Go can be run
  * chore(ci): Get Go binary from GOROOT instead of hardcoded path
  * fix: return 404 for empty repositories
  * fix: delay deleting authorization token
  * fix: native parsing of ssh certificate key
  * fix(ui): hide extra PR property labels on title edit
  * fix: always set stripped slashes on http request
  * fix(ui): hide 'New migration' button on org pages with migrations disabled
  * ui: update language stats layout and click behavior
  * Update dependency go to v1.23.6
- add patch fix-CVE-2025-22869.patch, fixing bsc#1239488, bsc#1239276, bsc#1234574

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=60
2025-03-21 18:29:17 +00:00
cb036f22a3 Accepting request 1253559 from devel:tools:scm
- add README.SUSE to explain SUSE specific things

- apparmor: /var/lib/forgejo/data/home/.gitconfig needs to be
  writable for initial setup

- apparmor: forgot to rename the profile in the %post scriptlet (forwarded request 1253274 from darix)

OBS-URL: https://build.opensuse.org/request/show/1253559
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=25
2025-03-17 21:17:42 +00:00
Richard Rahl
240f59a00e - add README.SUSE to explain SUSE specific things
- apparmor: /var/lib/forgejo/data/home/.gitconfig needs to be
  writable for initial setup

- apparmor: forgot to rename the profile in the %post scriptlet

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=58
2025-03-16 20:50:15 +00:00
fb030e82b2 Accepting request 1252969 from devel:tools:scm
- apparmor: fix wiki editing (forwarded request 1252920 from darix)

OBS-URL: https://build.opensuse.org/request/show/1252969
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=24
2025-03-14 22:51:53 +00:00
Richard Rahl
8e6170f7dd - apparmor: fix wiki editing
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=56
2025-03-14 06:40:13 +00:00
7462f40e76 Accepting request 1252070 from devel:tools:scm
Here is the fix for making the whole nodejs handling work again

- use --legacy-peer-deps to make the node modules handling work
  again (forwarded request 1252069 from darix)

OBS-URL: https://build.opensuse.org/request/show/1252070
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=23
2025-03-11 19:46:22 +00:00
Richard Rahl
8c1b48810c Here is the fix for making the whole nodejs handling work again
- use --legacy-peer-deps to make the node modules handling work
  again

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=54
2025-03-11 13:44:19 +00:00
Richard Rahl
e62e31f00f - move permissions of the log dir and the data dir
from forgejo:forgejo u=rwX,g=rwX,o=
  to   forgejo:forgejo u=rwX,g=rX,o=

- update apparmor profile to a profile that is less broad.

- create all directories before actually installing files

- make the HOME dir in the service file the same as the user
- migrate existing authorized keys files
  from %{_datadir}/%{name}/.ssh/authorized_keys
  to   %{_sharedstatedir}/%{name}/data/home/.ssh/authorized_keys

- fix file list to lock down permissions more

- don't require the apparmor subpackage when apparmor is installed
  the current profile is rather bad and it should be possible to
  keep it out.

- user should actually use /var/lib/forgejo/data/home

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=53
2025-03-11 12:47:50 +00:00
d0ff9b2e44 Accepting request 1244416 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1244416
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=22
2025-02-09 19:06:57 +00:00
Richard Rahl
c086cbb5af - update to 10.0.1:
* Verify the ID of Forgejo Actions web endpoints belongs to the repository to
    prevent the deletion of runners or variables or the modification of
    variables
  * Enforce permissions on publicly available user or organizations projects to
    not leak information from issues and pull requests that belong to private
    repositories
  * fix(ui): display verified icon for default gpg key
  * fix: load settings for valid user and email check
  * Teach the doctor to remove orphaned two_factor with forgejo doctor check --run check-db-consistency --fix
  * fix: listing tokens must not require basic auth

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=51
2025-02-08 21:51:52 +00:00
515f3dfd8c Accepting request 1238299 from devel:tools:scm
- update to 10.0.0:
  full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.0.md
  * Fix and refactor markdown rendering
  * migrate TOTP secrets to keying
  * Ensure source_id parameter is not skipped when set to 0 and correctly
    filter users in /api/v1/admin/users endpoint
  * Rework user profile settings
  * Rework new repository dialog
  * Show repository size on mobile
  * Add links to commit lists in contributors graph page
  * Add copy path button to file view
  * Put issue actions in a single row on mobile
  * Don't display email in profile settings when hidden
  * Highlight user mention in comments and commit messages
  * When bleve is used for issue search, a fuzzy search now applies to each
    word instead of all of them, as if they were a phrase
  * Add search to releases page
  * Combine review requests comments
  * If you select a portion of a comment and use the 'Quote reply' feature in
    the context menu, only that portion will be quoted
  * Set "your repositories" as the default filter for org dashboards
  * Add button to create a Markdown table in a comment
  * Add a bullet symbol between author and committer
  * Added link to show all Issues/PullRequests
  * Fix Action log UI race condition that occasionally prevents logs from loading
  * Fix wiki search overflowing on wide screens
  * Move "forgot_password"-link to fix login tab order
  * Update help links on page with no workflows
  * Add Low German to list of default languages
  * i18n: Add dummy language for checking translation keys (forwarded request 1238298 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1238299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=21
2025-01-16 19:24:12 +00:00
Richard Rahl
0fe230fb85 - update to 10.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/10.0.0.md
  * Fix and refactor markdown rendering
  * migrate TOTP secrets to keying
  * Ensure source_id parameter is not skipped when set to 0 and correctly
    filter users in /api/v1/admin/users endpoint
  * Rework user profile settings
  * Rework new repository dialog
  * Show repository size on mobile
  * Add links to commit lists in contributors graph page
  * Add copy path button to file view
  * Put issue actions in a single row on mobile
  * Don't display email in profile settings when hidden
  * Highlight user mention in comments and commit messages
  * When bleve is used for issue search, a fuzzy search now applies to each
    word instead of all of them, as if they were a phrase
  * Add search to releases page
  * Combine review requests comments
  * If you select a portion of a comment and use the 'Quote reply' feature in
    the context menu, only that portion will be quoted
  * Set "your repositories" as the default filter for org dashboards
  * Add button to create a Markdown table in a comment
  * Add a bullet symbol between author and committer
  * Added link to show all Issues/PullRequests
  * Fix Action log UI race condition that occasionally prevents logs from loading
  * Fix wiki search overflowing on wide screens
  * Move "forgot_password"-link to fix login tab order
  * Update help links on page with no workflows
  * Add Low German to list of default languages
  * i18n: Add dummy language for checking translation keys

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=49
2025-01-16 16:20:09 +00:00
387a439d8f Accepting request 1230941 from devel:tools:scm
- update to 9.0.3:
  * When Forgejo is configured to run the internal ssh server with
    [server].START_SSH_SERVER=true, it was possible for a registered user to
    impersonate another user
  * Revert "allow synchronizing user status from OAuth2 login providers" Fix
  * wiki search overflowing on wide screens Do not rewrite ssh keys files when
  * deleting a user without one fix: doctor fails with pq: syntax error at or
  * near "." whilst counting
    Authorization token without existing User
  * fix: Do not delete global Oauth2 applications Strict matching of allowed
  * content for sanitizer for asciicast
    and csv rendering
  * fix: remove softbreak from github legacy callout fix: correct permission
  * loading for limited organisation fix: clean up log files that no longer
  * exist fix: return correct type in GetSubModule Improve Swagger documentation
  * for user endpoints fix: normalize guessed languages from enry Show page
  * titles in wiki search results fix(test): TestGitAttributeCheckerError must
  * allow broken pipe fix: check read permissions for code owner review requests
  * fix: use better code to group UID and stopwatches fix: api repo compare with
  * commit hashes bug: correctly generate oauth2 jwt signing key
- disable gpg verification for this release (forwarded request 1230940 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1230941
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=20
2024-12-15 11:37:19 +00:00
Richard Rahl
e5d80c70f5 Accepting request 1230940 from home:rrahl0
- update to 9.0.3:
  * When Forgejo is configured to run the internal ssh server with
    [server].START_SSH_SERVER=true, it was possible for a registered user to
    impersonate another user
  * Revert "allow synchronizing user status from OAuth2 login providers" Fix
  * wiki search overflowing on wide screens Do not rewrite ssh keys files when
  * deleting a user without one fix: doctor fails with pq: syntax error at or
  * near "." whilst counting
    Authorization token without existing User
  * fix: Do not delete global Oauth2 applications Strict matching of allowed
  * content for sanitizer for asciicast
    and csv rendering
  * fix: remove softbreak from github legacy callout fix: correct permission
  * loading for limited organisation fix: clean up log files that no longer
  * exist fix: return correct type in GetSubModule Improve Swagger documentation
  * for user endpoints fix: normalize guessed languages from enry Show page
  * titles in wiki search results fix(test): TestGitAttributeCheckerError must
  * allow broken pipe fix: check read permissions for code owner review requests
  * fix: use better code to group UID and stopwatches fix: api repo compare with
  * commit hashes bug: correctly generate oauth2 jwt signing key
- disable gpg verification for this release

OBS-URL: https://build.opensuse.org/request/show/1230940
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=47
2024-12-13 22:55:16 +00:00
700f71c09f Accepting request 1224537 from devel:tools:scm
- update to 9.0.2:
  * it was possible to use a token sent via email for secondary email validation
    to reset the password instead. In other words, a token sent for a given
    action (registration, password reset or secondary email validation) could
    be used to perform a different action.
  * a fork of a public repository would show in the list of forks, even if its
    owner was not a public user or organization.
  * the members of an organization team with read access to a repository (e.g.
    to read issues) but no read access to the code could read the RSS or atom
    feeds which include the commit activity. Reading the RSS or atom feeds is
    now denied unless the team has read permissions on the code.
  * the tokens used when replying by email to issues or pull requests were
    weaker than the rfc2104 recommendations.
  * a registered user could modify the update frequency of any push mirror.
  * it was possible to use basic authorization (i.e. user:password) for requests
    to the API even when security keys were enrolled for a user.
  * some markup sanitation rules were not as strong as they could be.
  * when Forgejo is configured to enable instance wide search (e.g. with bleve),
    results found in the repositories of private or limited users were displayed
    to anonymous visitors.
  * fix: handle renamed dependency for cargo registry.
  * support www.github.com for migrations.
  * move forgot_password-link to fix login tab order.
  * code owners will not be mentioned when a pull request comes from a forked
    repository.
  * labels are missing in the pull request payload removing a label.
  * in a Forgejo Actions workflow, the unlabeled event type for pull requests
    was incorrectly mapped to the labeled event type.
  * when a Forgejo Actions issue or pull request workflow is triggered by an
    labeled or unlabeled event type, it misses information about the label added (forwarded request 1224536 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1224537
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=19
2024-11-17 15:41:40 +00:00
Richard Rahl
b2b5be77cc - update to 9.0.2:
* it was possible to use a token sent via email for secondary email validation
    to reset the password instead. In other words, a token sent for a given
    action (registration, password reset or secondary email validation) could
    be used to perform a different action.
  * a fork of a public repository would show in the list of forks, even if its
    owner was not a public user or organization.
  * the members of an organization team with read access to a repository (e.g.
    to read issues) but no read access to the code could read the RSS or atom
    feeds which include the commit activity. Reading the RSS or atom feeds is
    now denied unless the team has read permissions on the code.
  * the tokens used when replying by email to issues or pull requests were
    weaker than the rfc2104 recommendations.
  * a registered user could modify the update frequency of any push mirror.
  * it was possible to use basic authorization (i.e. user:password) for requests
    to the API even when security keys were enrolled for a user.
  * some markup sanitation rules were not as strong as they could be.
  * when Forgejo is configured to enable instance wide search (e.g. with bleve),
    results found in the repositories of private or limited users were displayed
    to anonymous visitors.
  * fix: handle renamed dependency for cargo registry.
  * support www.github.com for migrations.
  * move forgot_password-link to fix login tab order.
  * code owners will not be mentioned when a pull request comes from a forked
    repository.
  * labels are missing in the pull request payload removing a label.
  * in a Forgejo Actions workflow, the unlabeled event type for pull requests
    was incorrectly mapped to the labeled event type.
  * when a Forgejo Actions issue or pull request workflow is triggered by an
    labeled or unlabeled event type, it misses information about the label added

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=45
2024-11-16 03:41:20 +00:00
24f0157146 Accepting request 1218913 from devel:tools:scm
- update to 9.0.1:
  * Forgejo generates a token which is used to authenticate web endpoints that
    are only meant to be used internally, for instance when the SSH daemon is
    used to push a commit with Git. The verification of this token was not done
    in constant time and was susceptible to timing attacks.
  * Because of a missing permission check, the branch used to propose a pull
    request to a repository can always be deleted by the user performing the merge.
  * Fix boolean inputs in workflow_dispatch
  * package arch database not updating when uploading "any" architecture
  * correct SQL query for active issues
  * specify default value for EXPLORE_DEFAULT_SORT.
  * fix: Add recentupdated as recognized sort option
  * Update dependency mermaid to v11.3.0 (v9.0/forgejo)
  * Always update expiration time when creating an artifact
  * Update scheduled tasks even if changes are pushed by "ActionsUser"
  * Fix disable 2fa bug
  * i18n: update of translations from Codeberg Translate
  * fix: make branch protection work for new branches
  * link to security policy in security.txt
  * fix: don't show truncated comments in RSS/Atom feeds
  * fix: typo on releases for source code downloads
  * Revert "add gap between branch dropdown and PR button"
  * fix: Don't double escape delete branch text
  * fix: Add server logging for OAuth server errors
  * forgejo-cli is now a symlink and cannot be used for sanity checks
  * fix: correct documentation for non 200 responses in swagger
- forgejo is since 9.0.0 GPL-3.0-or-later (forwarded request 1218912 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1218913
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=18
2024-10-29 13:35:58 +00:00
Richard Rahl
ce6404f852 - update to 9.0.1:
* Forgejo generates a token which is used to authenticate web endpoints that
    are only meant to be used internally, for instance when the SSH daemon is
    used to push a commit with Git. The verification of this token was not done
    in constant time and was susceptible to timing attacks.
  * Because of a missing permission check, the branch used to propose a pull
    request to a repository can always be deleted by the user performing the merge.
  * Fix boolean inputs in workflow_dispatch
  * package arch database not updating when uploading "any" architecture
  * correct SQL query for active issues
  * specify default value for EXPLORE_DEFAULT_SORT.
  * fix: Add recentupdated as recognized sort option
  * Update dependency mermaid to v11.3.0 (v9.0/forgejo)
  * Always update expiration time when creating an artifact
  * Update scheduled tasks even if changes are pushed by "ActionsUser"
  * Fix disable 2fa bug
  * i18n: update of translations from Codeberg Translate
  * fix: make branch protection work for new branches
  * link to security policy in security.txt
  * fix: don't show truncated comments in RSS/Atom feeds
  * fix: typo on releases for source code downloads
  * Revert "add gap between branch dropdown and PR button"
  * fix: Don't double escape delete branch text
  * fix: Add server logging for OAuth server errors
  * forgejo-cli is now a symlink and cannot be used for sanity checks
  * fix: correct documentation for non 200 responses in swagger
- forgejo is since 9.0.0 GPL-3.0-or-later

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=43
2024-10-29 05:44:32 +00:00
f38a5bd8a9 Accepting request 1208671 from devel:tools:scm
- update to 9.0.0:
  * OIDC integrations that POST to /login/oauth/introspect without sending HTTP
    basic authentication will now fail
  * The public scope of an application token does not filter out private repositories,
    organizations or packages in some cases
  * Drop support to build Forgejo with the optional go-git Git backend
  * Set created_by as the default filter for /issues and /pulls
  * Set fuzzy as default for issue search.
  * Improve commit graph layout.
  * Add support for iconify icons.
  * Allow multi-line relationship labels.
  * Adds architecture diagrams which allows users to show relations between services.
  * Improve diffs generated by Forgejo.
  * Add rel="nofollow" to in-list labels.
  * Distinguish between new tags, releases and pre-releases on activity page.
  * Highlighted code search results.
  * Refactor repo migration items.
  * Add package counter to repo/user/org overview pages.
  * Replace vue-bar-graph with chart.js.
  * Add more emoji and code block rendering in issues.
  * Bad spacing on new release page.
  * Milestone assignment in new issue.
  * git-grep: ensure bounded default for MatchesPerFile.
  * Incorrect go to citation button.
  * Incorrect HTMX support for profile card.
  * Accessibility keyboard support for test actions.
  * Update pull request icons.
  * "Assign to me" button on PR and Issues.
  * Add architecture-specific removal support for arch package.
  * Add bin to Composer Metadata. (forwarded request 1208670 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1208671
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=17
2024-10-18 13:55:25 +00:00
Richard Rahl
08961a0cfc - update to 9.0.0:
* OIDC integrations that POST to /login/oauth/introspect without sending HTTP
    basic authentication will now fail
  * The public scope of an application token does not filter out private repositories,
    organizations or packages in some cases
  * Drop support to build Forgejo with the optional go-git Git backend
  * Set created_by as the default filter for /issues and /pulls
  * Set fuzzy as default for issue search.
  * Improve commit graph layout.
  * Add support for iconify icons.
  * Allow multi-line relationship labels.
  * Adds architecture diagrams which allows users to show relations between services.
  * Improve diffs generated by Forgejo.
  * Add rel="nofollow" to in-list labels.
  * Distinguish between new tags, releases and pre-releases on activity page.
  * Highlighted code search results.
  * Refactor repo migration items.
  * Add package counter to repo/user/org overview pages.
  * Replace vue-bar-graph with chart.js.
  * Add more emoji and code block rendering in issues.
  * Bad spacing on new release page.
  * Milestone assignment in new issue.
  * git-grep: ensure bounded default for MatchesPerFile.
  * Incorrect go to citation button.
  * Incorrect HTMX support for profile card.
  * Accessibility keyboard support for test actions.
  * Update pull request icons.
  * "Assign to me" button on PR and Issues.
  * Add architecture-specific removal support for arch package.
  * Add bin to Composer Metadata.

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=41
2024-10-17 15:53:44 +00:00
5643d3ff6d Accepting request 1206564 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1206564
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=16
2024-10-10 20:10:58 +00:00
Richard Rahl
d5738d2684 - add dont-strip.patch for not stripping the main binary (so we can
create debuginfo package)

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=39
2024-10-09 15:38:00 +00:00
Richard Rahl
7f8373dfb5 OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=38 2024-10-09 07:30:04 +00:00
Richard Rahl
7d16792097 Add package environment-to-ini for OCI containers. Reasoning behing this is I've got little bit frustrated with official docker rootless image and tried to remake it for testing, profit and fun with kiwi (https://build.opensuse.org/package/show/home:illuusio:images/container-forgejo-kiwi) before submitting fixes upstream. I noticed that environment-to-ini is missing. It's useless for most of the human kind but if you like to test official script and mimic original then it's crucial.
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=37
2024-10-09 05:56:04 +00:00
d04fb1c3c3 Accepting request 1199856 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1199856
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=15
2024-09-10 19:14:19 +00:00
Richard Rahl
bec8f74dc0 - update to 8.0.3:
* replace v-html with v-text in branch search inputbox for XSS protection
  * mitigate CVE-2024-43788 (upgrade webpack)
  * Translation updates

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=35
2024-09-10 09:34:24 +00:00
52adfa3933 Accepting request 1197495 from devel:tools:scm
- update to 8.0.2:
  * Overflow for images on project cards.
  * Allow unreacting from comment popover.
  * The scope of application tokens is not verified when writing
    containers or Conan packages.
  * When a Forgejo Actions workflow includes a workflow_dispatch with
    inputs and other events (for instance push), it is silently ignored
    because of a parsing error.
  * Automerge on AGit pull requests is ignored.
  * Show lock owner instead of repo owner on LFS setting page.
  * Render plain text file if the LFS object doesn't exist.
  * Panic of ssh public key page after deletion of an auth source.
  * Add missing repository type filter parameters to pager.
  * Reverted a change from Gitea which prevented allow/reject reviews on
    merged or closed PRs. This change was not considered by the Forgejo
    UI team and there is a consensus that it feels like a regression,
    since it interferes with workflows known to be used by Forgejo users
    without providing a tangible benefit.
  * Run full PR checks on AGit push.
  * Updated translations (forwarded request 1197494 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1197495
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=14
2024-08-30 11:32:11 +00:00
Richard Rahl
ccfa715678 - update to 8.0.2:
* Overflow for images on project cards.
  * Allow unreacting from comment popover.
  * The scope of application tokens is not verified when writing
    containers or Conan packages.
  * When a Forgejo Actions workflow includes a workflow_dispatch with
    inputs and other events (for instance push), it is silently ignored
    because of a parsing error.
  * Automerge on AGit pull requests is ignored.
  * Show lock owner instead of repo owner on LFS setting page.
  * Render plain text file if the LFS object doesn't exist.
  * Panic of ssh public key page after deletion of an auth source.
  * Add missing repository type filter parameters to pager.
  * Reverted a change from Gitea which prevented allow/reject reviews on
    merged or closed PRs. This change was not considered by the Forgejo
    UI team and there is a consensus that it feels like a regression,
    since it interferes with workflows known to be used by Forgejo users
    without providing a tangible benefit.
  * Run full PR checks on AGit push.
  * Updated translations

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=33
2024-08-29 16:30:48 +00:00
fe1055e9bc Accepting request 1193293 from devel:tools:scm
- update to 8.0.1:
  * A change introduced in Forgejo v1.21 allows a Forgejo user with write
    permission on a repository description to inject a client-side script into
    the web page viewed by the visitor. This XSS allows for href in anchor
    elements to be set to a javascript: URI in the repository description,
    which will execute the specified script upon clicking (and not upon
    loading). AllowStandardURLs is now called for the repository description
    policy, which ensures that URIs in anchor elements are mailto:, http:// 
    or https:// and thereby disallowing the javascript: URI.
  * Do not include trailing EOL character when counting lines
  * Add background to reactions on hover
  * Prevent uppercase in header of dashboard context selector
  * Fix page layout in admin settings
  * Ensure all filters are persistent in issue filters
  * Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
  full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
  Highlights:
    * remove Microsoft SQL Server support
    * introduce a branch/tag dropdown in the code search page
    * added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
    * API endpoints for managing tag protection.
    * add Reviewed-on and Reviewed-by variables to the merge template
    * display an error when an issue comment is edited simultaneously by
      two users instead of silently overriding one of them
    * when installing Forgejo through the built-in installer, open
      (self-) registration is now disabled by default
    * add support for the reddit and Hubspot OAuth providers.
    * CERT management was improved when ENABLE_ACME=true
    * language detection in the repository got additional languages (forwarded request 1193292 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1193293
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=13
2024-08-12 10:31:30 +00:00
Richard Rahl
817c8031f2 - update to 8.0.1:
* A change introduced in Forgejo v1.21 allows a Forgejo user with write
    permission on a repository description to inject a client-side script into
    the web page viewed by the visitor. This XSS allows for href in anchor
    elements to be set to a javascript: URI in the repository description,
    which will execute the specified script upon clicking (and not upon
    loading). AllowStandardURLs is now called for the repository description
    policy, which ensures that URIs in anchor elements are mailto:, http:// 
    or https:// and thereby disallowing the javascript: URI.
  * Do not include trailing EOL character when counting lines
  * Add background to reactions on hover
  * Prevent uppercase in header of dashboard context selector
  * Fix page layout in admin settings
  * Ensure all filters are persistent in issue filters
  * Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
  full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
  Highlights:
    * remove Microsoft SQL Server support
    * introduce a branch/tag dropdown in the code search page
    * added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
    * API endpoints for managing tag protection.
    * add Reviewed-on and Reviewed-by variables to the merge template
    * display an error when an issue comment is edited simultaneously by
      two users instead of silently overriding one of them
    * when installing Forgejo through the built-in installer, open
      (self-) registration is now disabled by default
    * add support for the reddit and Hubspot OAuth providers.
    * CERT management was improved when ENABLE_ACME=true
    * language detection in the repository got additional languages

OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=31
2024-08-11 22:22:28 +00:00
ffec6c3cf3 Accepting request 1193061 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1193061
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=12
2024-08-10 17:07:58 +00:00
Richard Rahl
3ee08f8470 update to 7.0.7
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=29
2024-08-09 21:10:26 +00:00
011ebefb7f Accepting request 1191022 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1191022
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=11
2024-08-01 20:06:10 +00:00
Richard Rahl
3b35cb0d92 Accepting request 1190962 from home:ojkastl_buildservice:Branch_devel_tools_scm
update to 7.0.6

OBS-URL: https://build.opensuse.org/request/show/1190962
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=27
2024-08-01 16:34:02 +00:00
8991b556a6 Accepting request 1187532 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1187532
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=10
2024-07-24 13:29:43 +00:00
Richard Rahl
66d7ac17a7 Accepting request 1187469 from home:ojkastl_buildservice:Branch_devel_tools_scm
fix typo Environemnt in forgejo.service

OBS-URL: https://build.opensuse.org/request/show/1187469
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=25
2024-07-15 09:29:16 +00:00
62a5b41381 Accepting request 1185732 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1185732
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=9
2024-07-05 17:50:37 +00:00
Richard Rahl
bdd8956398 Accepting request 1185730 from home:rrahl0:upgrades
- update to 7.0.5:
  * Fixed: CVE-2024-24791 - GO-2024-2963 Denial of service due to improper 
    100-continue handling in net/http
  * Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead 
    of Default URLs" checkbox (missing checkbox, irrelevant fields).
  * Fixed: git push to an adopted repository fails.
  * Fixed: markdown doesn't render math within brackets
  * Fixed: selecting the "No Project" filter in the issue/pull request list has no effect
  * Fixed: error 500 when processing crafted TIFF files.
  * Fixed: wrong placeholder text in the form for adding repository collaborator.

OBS-URL: https://build.opensuse.org/request/show/1185730
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=23
2024-07-05 07:49:29 +00:00
235842a651 Accepting request 1181170 from devel:tools:scm
- update to 7.0.4:
  * Fixed: CVE-2024-24789: the archive/zip package's handling of certain types
    of invalid zip files differs from the behavior of most zip implementations.
    This misalignment could be exploited to create an zip file with contents that
    vary depending on the implementation reading the file.
  * the OAuth2 implementation does not always require authentication for public
    clients, a requirement of RFC 6749 Section 10.2
  * forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
  * avatar files can be found in storage while they do not exist in the database.
  * repository admins are always denied the right to force merge and instance admins
    are subject to restrictions to merge that must only apply to repository admins.
  * non conformance with the Nix tarball fetcher immutable link protocol.
  * migrated activities (such as reviews) are mapped to the user who initiated the
    migration rather than the Ghost user, if the external user cannot be mapped to a
    local one. This mapping mismatch leads to internal server errors in some cases.
  *  a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
  * using a subquery for user deletion is a performance bottleneck when using mariadb 10
    because only mariadb 11 takes advantage of the available index.
  * a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
  * SourceHut Builds webhook fail when the triggers field is used.
  * the label list rendering in the issue and pull request timeline is displayed on
    multiple lines instead of a single one.
  * Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
  * automerge does not happen when the approval count reaches the required threshold.
  * the FORCE_PRIVATE=true setting is not consistently enforced.
  * CSRF validation errors when OAuth is not enabled.
  * headlines in rendered org-mode do not have a margin on the top (forwarded request 1181169 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1181170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=8
2024-06-17 17:29:50 +00:00
Richard Rahl
3982bdbf67 Accepting request 1181169 from home:rrahl0:upgrades
- update to 7.0.4:
  * Fixed: CVE-2024-24789: the archive/zip package's handling of certain types
    of invalid zip files differs from the behavior of most zip implementations.
    This misalignment could be exploited to create an zip file with contents that
    vary depending on the implementation reading the file.
  * the OAuth2 implementation does not always require authentication for public
    clients, a requirement of RFC 6749 Section 10.2
  * forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
  * avatar files can be found in storage while they do not exist in the database.
  * repository admins are always denied the right to force merge and instance admins
    are subject to restrictions to merge that must only apply to repository admins.
  * non conformance with the Nix tarball fetcher immutable link protocol.
  * migrated activities (such as reviews) are mapped to the user who initiated the
    migration rather than the Ghost user, if the external user cannot be mapped to a
    local one. This mapping mismatch leads to internal server errors in some cases.
  *  a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
  * using a subquery for user deletion is a performance bottleneck when using mariadb 10
    because only mariadb 11 takes advantage of the available index.
  * a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
  * SourceHut Builds webhook fail when the triggers field is used.
  * the label list rendering in the issue and pull request timeline is displayed on
    multiple lines instead of a single one.
  * Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
  * automerge does not happen when the approval count reaches the required threshold.
  * the FORCE_PRIVATE=true setting is not consistently enforced.
  * CSRF validation errors when OAuth is not enabled.
  * headlines in rendered org-mode do not have a margin on the top

OBS-URL: https://build.opensuse.org/request/show/1181169
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=21
2024-06-16 13:05:45 +00:00
9f1f8a62cb Accepting request 1175962 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1175962
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=7
2024-05-23 13:35:17 +00:00
Richard Rahl
7288b74937 Accepting request 1175961 from home:rrahl0:upgrades
- update to 7.0.3:
  * CVE-2024-24788: a malformed DNS message in response to a query can
    cause the lookup functions to get stuck in an infinite loop
  * backticks in mermaid block diagram labels are not sanitized properly
  * migration of a repository from gogs fails when it is hosted at a subpath.
  * when creating an OAuth2 application the redirect URLs are not enforced to
    be mandatory
  * the API incorrectly excludes repositories where code is not enabled
  * "Allow edits from maintainers" cannot be modified via the pull request web UI
  * repository activity feeds (including RSS and Atom feeds) contain
    repeated activities
  * uploading maven packages with metadata being uploaded separately will fail
  * the mail notification sent about commits pushed to pull requests are empty
  * inline emails attachments are not properly handled when commenting on an
    issue via email
  * the links to .zip and tar.gz on the tag list web UI fail
  * expanding code diff while previewing a pull request before it is created fails
  * the CLI is not able to migrate Forgejo Actions artifacts
  * when adopting a repository, the default branch is not taken into account
  * when using reverse proxy authentication, logout will not be taken into
    account when immediately trying to login afterwards
  * pushing to the master branch of a sha256 repository fails
  * a very long project column name will make the action menu inaccessible
  * a useless error is displayed when the title of a merged pull request is
    modified
  * workflow badges are not working for workflows that are not running on push
    (such as scheduled workflows, and ones that run on tags and pull requests)

OBS-URL: https://build.opensuse.org/request/show/1175961
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=19
2024-05-22 20:56:36 +00:00
0dd0c110ed Accepting request 1171483 from devel:tools:scm
- update to 7.0.2:
  * regression where subscribing to or unsubscribing from an issue in a
    repository with no code produced an internal server error.
  * regression makes all the refs sent in Gitea webhooks to be full refs and
    might break Woodpecker CI pipelines triggered on tag (CI_COMMIT_TAG
    contained the full ref). This issue has been fixed in the main branch of
    Woodpecker CI as well.
  *  the webhook branch filter wrongly applied the match on the full ref for
     branch creation and deletion (wrongly skipping events).
  * toggling the WIP state of a pull request is possible from the sidebar,
    but not from the footer.
  * when mentioning a user, the markup post-processor does not handle the case
    where the mentioned user does not exist: it tries to skip to the next node,
    which in turn, ended up skipping the rest of the line.
  * excessive and unnecessary database queries when a user with no repositories
    is viewing their dashboard.
  * duplicate status check contexts show in the branch protection settings.
  * profile info fails to render german singular translation.
  * inline attachments of incoming emails (as they occur for example with Apple
    Mail) are not attached to comments. (forwarded request 1171482 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1171483
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=6
2024-05-03 17:45:42 +00:00
Richard Rahl
15a49f0606 Accepting request 1171482 from home:rrahl0:upgrades
- update to 7.0.2:
  * regression where subscribing to or unsubscribing from an issue in a
    repository with no code produced an internal server error.
  * regression makes all the refs sent in Gitea webhooks to be full refs and
    might break Woodpecker CI pipelines triggered on tag (CI_COMMIT_TAG
    contained the full ref). This issue has been fixed in the main branch of
    Woodpecker CI as well.
  *  the webhook branch filter wrongly applied the match on the full ref for
     branch creation and deletion (wrongly skipping events).
  * toggling the WIP state of a pull request is possible from the sidebar,
    but not from the footer.
  * when mentioning a user, the markup post-processor does not handle the case
    where the mentioned user does not exist: it tries to skip to the next node,
    which in turn, ended up skipping the rest of the line.
  * excessive and unnecessary database queries when a user with no repositories
    is viewing their dashboard.
  * duplicate status check contexts show in the branch protection settings.
  * profile info fails to render german singular translation.
  * inline attachments of incoming emails (as they occur for example with Apple
    Mail) are not attached to comments.

OBS-URL: https://build.opensuse.org/request/show/1171482
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=17
2024-05-03 00:56:40 +00:00
85025834d3 Accepting request 1170483 from devel:tools:scm
Forwarded request #1170482 from rrahl0

- update to 7.0.1:
  * LFS data corruption when running the forgejo doctor check --fix CLI command
    or setting [cron.gc_lfs].ENABLED=true (the default is false)
  * non backward compatible change in the forgejo admin user create CLI command
  * error 500 because of an incorrect evaluation of the template when visiting
    the LFS settings of a repository
  * GET /repos/{owner}/{name} API endpoint always returns an empty string for
    the object_format_name field
  * fuzzy search may fail with bleve

OBS-URL: https://build.opensuse.org/request/show/1170483
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=5
2024-04-28 19:50:09 +00:00
Richard Rahl
19088581ea Accepting request 1170482 from home:rrahl0:upgrades
- update to 7.0.1:
  * LFS data corruption when running the forgejo doctor check --fix CLI command
    or setting [cron.gc_lfs].ENABLED=true (the default is false)
  * non backward compatible change in the forgejo admin user create CLI command
  * error 500 because of an incorrect evaluation of the template when visiting
    the LFS settings of a repository
  * GET /repos/{owner}/{name} API endpoint always returns an empty string for
    the object_format_name field
  * fuzzy search may fail with bleve

OBS-URL: https://build.opensuse.org/request/show/1170482
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=15
2024-04-27 15:04:13 +00:00
1fcb4fe7c3 Accepting request 1170088 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1170088
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=4
2024-04-25 18:49:37 +00:00
Richard Rahl
6ca9eae56a Accepting request 1170087 from home:rrahl0:upgrades
- update to 7.0.0:
  This is only an excerpt from the full changelog, which you can find
  in your RELEASE-NOTES.md or at
  https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
  * MySQL 8.0 or PostgreSQL 12 are the minimum supported versions.
    The database must be migrated before upgrading.
    The requirements regarding SQLite did not change.
  * The per_page parameter is no longer a synonym for limit in the
    /repos/{owner}/{repo}/releases API endpoint.
  * The date format of the created and last_update fields of the 
    /repos/{owner}/{repo}/push_mirrors and /repos/{owner}/{repo}/push_mirrors
    API endpoint changed to be timestamps instead of numbers.
  * Labels used by pprof endpoint have been changed
  * The fogejo admin user create CLI command requires a password change
    by default when creating the first user

OBS-URL: https://build.opensuse.org/request/show/1170087
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=13
2024-04-25 02:47:42 +00:00
f26bea8e46 Accepting request 1169377 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1169377
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=3
2024-04-21 18:27:41 +00:00
Richard Rahl
7a35a0dddc Accepting request 1169375 from home:rrahl0:upgrades
update to 1.21.11-1

OBS-URL: https://build.opensuse.org/request/show/1169375
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=11
2024-04-20 14:15:17 +00:00
c4b3083495 Accepting request 1165706 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1165706
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=2
2024-04-08 15:38:33 +00:00
Richard Rahl
fb22e5ed3d Accepting request 1165705 from home:rrahl0:branches:devel:tools:scm
- update to 1.21.10-0:
  * CVE-2023-45288 which permits an attacker to cause an HTTP/2 endpoint to
    read arbitrary amounts of header data
  * Fix to not remove repository avatars when the doctor runs with --fix
    on the repository archives.
  * Detect protected branch on branch rename.
  * Don't delete inactive emails explicitly.
  * Fix user interface when a review is deleted without refreshing.
  * Fix paths when finding files via the web interface that were not escaped.
  * Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org.
  * Fix duplicate migrated milestones.
  * Fix inline math blocks can't be preceeded/followed by alphanumerical
    characters.

OBS-URL: https://build.opensuse.org/request/show/1165705
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=9
2024-04-05 19:02:52 +00:00
b909a1ba9a Accepting request 1164515 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1164515
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=1
2024-04-04 20:26:31 +00:00
Richard Rahl
22388ccb98 Accepting request 1164510 from home:rrahl0:branches:devel:tools:scm
- increase golang dep to 1.22, to imitate the CI/CD of forgejo
- revise how the apparmor package gets build + add selinux

OBS-URL: https://build.opensuse.org/request/show/1164510
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=7
2024-04-04 08:14:51 +00:00
Richard Rahl
35e84d159a Accepting request 1160993 from home:rrahl0:branches:devel:tools:scm
- update to 1.21.8-0:
  * Fix /api/v1/{owner}/{repo}/issue_templates which was always failing with a
    500 error.
  * Prevent error 500 on /user/settings/security when SignedUser has a linked
    account from a deactivated authentication source.
  * Fix error 500 when pushing release to an empty repo.
  * Fix incorrect rendering csv file when file size is larger than UI.CSV.MaxFileSize.
  * Fix error 500 when deleting account with incorrect password or unsupported login type.
  * handle user-defined name anchors like [Link](#link) linking to <a name="link"></a>Link.
  * Use correct head commit for CODEOWNER.
  * Fix manual merge button.
  * Make meilisearch do exact search for issues.
  * Fix PR creation via api between branches of same repo with head field namespaced.

OBS-URL: https://build.opensuse.org/request/show/1160993
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=6
2024-03-23 21:36:41 +00:00
Richard Rahl
b2c8cd471a Accepting request 1160096 from home:rrahl0:branches:devel:tools:scm
.

OBS-URL: https://build.opensuse.org/request/show/1160096
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=5
2024-03-21 12:27:58 +00:00
Richard Rahl
e5096b53ec Accepting request 1156263 from home:rrahl0:upgrades
add apparmor profile

OBS-URL: https://build.opensuse.org/request/show/1156263
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=4
2024-03-08 07:39:42 +00:00
Richard Rahl
affc28b574 OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=3 2024-03-08 07:01:06 +00:00
Richard Rahl
b5a87578fc Accepting request 1155549 from home:rrahl0:upgrades
update to 1.21.7-0

OBS-URL: https://build.opensuse.org/request/show/1155549
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=2
2024-03-06 12:32:29 +00:00
Martin Pluskal
c149997e35 Accepting request 1150056 from home:rrahl0
OBS-URL: https://build.opensuse.org/request/show/1150056
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=1
2024-02-25 08:22:07 +00:00
22 changed files with 0 additions and 144 deletions

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1d48d2aafa88f7a4ca8d38d93dc084bb762902d401da2a0b547fb7628b29853
size 56895191

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b7eaf60caff5453b8e715bdb39d3b5b768ac8122c6d2c53f382b49a82bd67805
size 58914252

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQPUnz5Oj0NCSXTxV7QqCAFDhYJ5QUCaAAENAAKCRDQqCAFDhYJ
5eXdAP0Vxk0QG0bptAOFDQI0vtHTTDbUdJO1ob04thSyhYpe4wD/brgrPUI5VPbo
JVmAg/1WZa/8FdWUEZ0Eq+L87KrbgA0=
=JQUI
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:de6646704769ae69e80feeb8aef0ae6fffad84602fc2d003a49c903e36f9d06d
size 55477978

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQPUnz5Oj0NCSXTxV7QqCAFDhYJ5QUCaFKJBAAKCRDQqCAFDhYJ
5To3AP9Vohbmt4WlJn2IlHId7YToqc4cwXObJnvYtw1PYzJqWAD8CP9sRyCqwyfy
umw+vKJIeNoJ8kDewVVJXZkvtwstKAA=
=FxSw
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:13dc8d6c2a829899c9b4f89451438e70962a9366ff41ce6db10c7bc4a4cce520
size 55567487

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQPUnz5Oj0NCSXTxV7QqCAFDhYJ5QUCaG+8GQAKCRDQqCAFDhYJ
5WiZAQCoq8Th0qZeVz7UhuBxtidCj123RoSX1ts95oqX3x27AgEA/AiXccU/iHGz
LGwlveC5bMhg71iXrP+O1yKqf2CJxQQ=
=G//g
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:647efd8b70e312e1d8aa349a535bae1c9cce5c095a7a2ebe0d0b0ec84ff1e198
size 55031691

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZoWjbAAKCRCkthotxZI3
EOPsAQDia3FAbVWnztj3h+SqLvI+7faAzVy2IMGsQpOrPuHleAEAsf+PqLn3rzz2
CWqTPCo4MWRuYUi6ELY3SS4Xug/DgAM=
=DqT0
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b33ca271d4d8ecf00ce80d2ee14888d40265ab648b880fd9bb9916bf9e88b15b
size 53489756

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZqjZygAKCRCkthotxZI3
EJmNAP9IiHThCEotiYrOt3YzdOeaEAM3vfLzyf4PN1jWibbiogEAzGyWuho+MH8z
9TqdaLJIF/T3L62r/TgZ+mlZ0HHkLQM=
=ExB8
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:284b2cc2a609d1766bb61f20cea7c6a9e2a34a9972f243d4962df2a24d15204a
size 53413049

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZrYYFgAKCRCkthotxZI3
EHz8AP90KeP3zRxXpllCJkXngANdUYN4wajU50u8p73dUY2jWAD/Wn87xN7RbrVd
0U3wPsUy4Memvg4WYavNWBOEwDtTtww=
=JG8G
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:36929dbc206753f80766ea59b35adaf3cb28ed53fc89ac8640271f8766673546
size 53459258

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZtB4+QAKCRCkthotxZI3
EI/zAQCAYMjC1aNDQi173NnEsZ+6157ZngCPoT9YB3gzzmOaFAD+LQEyZ3PrsrJe
/d8N+5Wyvj7ymLsUWzyTNpVZOtaNjQM=
=jAB5
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:21364d6c1635711189f25da5dc343b3b28e8ade20a5f00202301ccc364adc1d2
size 53905348

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZw/5ogAKCRCkthotxZI3
EKC/AP9zdT9HGtdr1R84h8wJfMQryhV2VHQ0DZIvHL3OJU1OgAEAmT7X00H/MgRB
oNnConnjMe+xLtIntIFitFFXd971oQ0=
=JQRz
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6748c49677374947eb619b13f9ede983682ae117b8c0405442cc9afc847c4040
size 53961959

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZx+nywAKCRCkthotxZI3
ENlLAQCGXdYLfhCxIU8bKx+n2hvTvkbJPmPxs7FVhDtggAuq5gEAxubIGrthDqw9
Qr9g7bvuMR7solGMkjzsB73IHqMsXwU=
=g0qb
-----END PGP SIGNATURE-----

View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4de691751256e75258573815f14406905999e991c1d9790c6069dfef47319e1d
size 53992927

View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZzeoLwAKCRCkthotxZI3
EH4iAP9XuioervFeW/MxfUHj1/zL2knDYYZAKnuWcPi19BytYwEA3KxcVlrvTgWL
oZBSoqn0BWtIkmlOtRxDxu8mBGXrRgw=
=/4OE
-----END PGP SIGNATURE-----

View File

@@ -1,41 +0,0 @@
#!/usr/bin/sh
set -e
if [[ -z "$1" ]]; then
echo "Please enter the version you want to update to";
exit 1;
fi
VERSION="$1"
echo "++++++++++++++++++++++++++++++++++++++++++++++"
echo "patching spec file and downloading the tarball"
echo "++++++++++++++++++++++++++++++++++++++++++++++"
sed -i -e 's|Version: .*|Version: '${VERSION}'|g' forgejo.spec
osc service ra download_files
echo "++++++++++++++++++++++++++++++++++++++++++++++"
echo "extracting package-lock.json"
echo "++++++++++++++++++++++++++++++++++++++++++++++"
tar xf forgejo-src-${VERSION}.tar.gz forgejo-src-${VERSION}/package-lock.json
cp forgejo-src-${VERSION}/package-lock.json .
echo "++++++++++++++++++++++++++++++++++++++++++++++"
echo "Downloading node_modules"
echo "++++++++++++++++++++++++++++++++++++++++++++++"
osc service ra node_modules
echo "++++++++++++++++++++++++++++++++++++++++++++++"
echo "Cleanup Step"
echo "++++++++++++++++++++++++++++++++++++++++++++++"
rm -r forgejo-src-${VERSION}
rm node_modules.sums
echo "++++++++++++++++++++++++++++++++++++++++++++++"
echo "Done! Have fun building and testing"
echo "++++++++++++++++++++++++++++++++++++++++++++++"