817c8031f2
* A change introduced in Forgejo v1.21 allows a Forgejo user with write
permission on a repository description to inject a client-side script into
the web page viewed by the visitor. This XSS allows for href in anchor
elements to be set to a javascript: URI in the repository description,
which will execute the specified script upon clicking (and not upon
loading). AllowStandardURLs is now called for the repository description
policy, which ensures that URIs in anchor elements are mailto:, http://
or https:// and thereby disallowing the javascript: URI.
* Do not include trailing EOL character when counting lines
* Add background to reactions on hover
* Prevent uppercase in header of dashboard context selector
* Fix page layout in admin settings
* Ensure all filters are persistent in issue filters
* Allow 4 charachter SHA in /src/commit
- update to 8.0.0:
full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
Highlights:
* remove Microsoft SQL Server support
* introduce a branch/tag dropdown in the code search page
* added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
* API endpoints for managing tag protection.
* add Reviewed-on and Reviewed-by variables to the merge template
* display an error when an issue comment is edited simultaneously by
two users instead of silently overriding one of them
* when installing Forgejo through the built-in installer, open
(self-) registration is now disabled by default
* add support for the reddit and Hubspot OAuth providers.
* CERT management was improved when ENABLE_ACME=true
* language detection in the repository got additional languages
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=31
65 lines
2.0 KiB
Plaintext
65 lines
2.0 KiB
Plaintext
abi <abi/3.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
profile forgejo /usr/bin/forgejo flags=(attach_disconnected) {
|
|
include <abstractions/base>
|
|
include <abstractions/mysql>
|
|
include <abstractions/nameservice>
|
|
include <abstractions/opencl-pocl>
|
|
include <abstractions/openssl>
|
|
include <abstractions/user-tmp>
|
|
include if exists <local/usr.bin.forgejo>
|
|
|
|
network inet stream,
|
|
network inet6 stream,
|
|
|
|
/etc/forgejo/ r,
|
|
/etc/forgejo/conf/app.ini r,
|
|
/etc/forgejo/public/ r,
|
|
/etc/forgejo/public/** r,
|
|
/etc/forgejo/{conf,https,mailer}/ r,
|
|
/etc/gitconfig r,
|
|
/etc/mime.types r,
|
|
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
|
|
/usr/bin/forgejo mr,
|
|
/usr/bin/git mr,
|
|
/usr/bin/gzip mr,
|
|
/usr/bin/{basename,env,git,git-lfs,forgejo,ssh-keygen,gzip} ix,
|
|
/usr/libexec/git/git-write-tree mrix,
|
|
/usr/share/forgejo/** r,
|
|
/usr/share/forgejo/.gitconfig rw,
|
|
/usr/share/forgejo/.gitconfig.lock rw,
|
|
/usr/share/git-core/templates/ r,
|
|
/usr/share/git-core/templates/** r,
|
|
/usr/share/mime/globs2 r,
|
|
/usr/{lib,libexec}/git/git ix,
|
|
/usr/{lib,libexec}/git/git-remote-http ix,
|
|
/var/ r,
|
|
/var/lib/ r,
|
|
/var/lib/forgejo/ r,
|
|
/var/lib/forgejo/.local/** rw,
|
|
/var/lib/forgejo/.ssh/ rw,
|
|
/var/lib/forgejo/.ssh/* rw,
|
|
/var/log/forgejo/ rw,
|
|
/var/log/forgejo/access.log rw,
|
|
/var/log/forgejo/access.log.* w,
|
|
/var/log/forgejo/doctors-* rw,
|
|
@{PROC}/sys/net/core/somaxconn r,
|
|
owner /etc/forgejo/conf/app.ini w,
|
|
owner /tmp/forgejo** rwl,
|
|
owner /tmp/index* rw,
|
|
owner /tmp/patch* rw,
|
|
owner /usr/share/forgejo/** rw,
|
|
owner /var/lib/forgejo/backups/forgejo-dump-*.{zip,tar.gz,tar.xz} rw,
|
|
owner /var/lib/forgejo/data/forgejo-repositories/** rwlk,
|
|
owner /var/lib/forgejo/data/forgejo-repositories/**.git/hooks/** ix,
|
|
owner /var/lib/forgejo/https/** rwlk,
|
|
owner /var/lib/forgejo/{data,indexers,queues,repositories,backups}/ r,
|
|
owner /var/lib/forgejo/{data,indexers,queues,repositories}/** rwk,
|
|
owner /var/log/forgejo/gitea.log w,
|
|
owner @{PROC}/@{pid}/fd/ r,
|
|
owner @{PROC}/@{pid}/{cgroup,cpuset,status,stat,limits} r,
|
|
|
|
}
|