From 9bd75cd48444299f3ab62f4fe823a3f23a87371db3ac658d870eb00f376c177d Mon Sep 17 00:00:00 2001 From: Richard Rahl Date: Mon, 23 Feb 2026 10:16:57 +0000 Subject: [PATCH] update to 0.12.0 (remove all four patches, currently checking if they are upstream already) OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/gitea-tea?expand=0&rev=35 --- _service | 2 +- fix-CVE-2025-47911.patch | 64 ------------ fix-CVE-2025-58190.patch | 99 ------------------- gitea-tea-0.11.1.tar.gz | 3 - gitea-tea-0.12.0.tar.gz | 3 + gitea-tea-Fix-termenv-OSC-RGBA-handling.patch | 69 ------------- gitea-tea.changes | 61 ++++++++++++ gitea-tea.spec | 9 +- ...-file-group-readwrite-permission-856.patch | 28 ------ vendor.tar.gz | 4 +- 10 files changed, 70 insertions(+), 272 deletions(-) delete mode 100644 fix-CVE-2025-47911.patch delete mode 100644 fix-CVE-2025-58190.patch delete mode 100644 gitea-tea-0.11.1.tar.gz create mode 100644 gitea-tea-0.12.0.tar.gz delete mode 100644 gitea-tea-Fix-termenv-OSC-RGBA-handling.patch delete mode 100644 remove-config-file-group-readwrite-permission-856.patch diff --git a/_service b/_service index 895c03c..a97e18f 100644 --- a/_service +++ b/_service @@ -3,7 +3,7 @@ https://gitea.com/gitea/tea.git git - 61d4e571a7e086f53f5f8a7713151839e1a32151 + refs/tags/v0.12.0 gitea-tea @PARENT_TAG@+@TAG_OFFSET@ v(.*)\+0 diff --git a/fix-CVE-2025-47911.patch b/fix-CVE-2025-47911.patch deleted file mode 100644 index 3619d31..0000000 --- a/fix-CVE-2025-47911.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff -rubN vendor/golang.org/x/net/html/escape.go vendor-patched/golang.org/x/net/html/escape.go ---- a/vendor/golang.org/x/net/html/escape.go 2025-06-06 12:16:37.000000000 +0200 -+++ b/vendor-patched/golang.org/x/net/html/escape.go 2025-10-09 10:38:44.325052734 +0200 -@@ -299,7 +299,7 @@ - case '\r': - esc = " " - default: -- panic("unrecognized escape character") -+ panic("html: unrecognized escape character") - } - s = s[i+1:] - if _, err := w.WriteString(esc); err != nil { -diff -rubN vendor/golang.org/x/net/html/parse.go vendor-patched/golang.org/x/net/html/parse.go ---- a/vendor/golang.org/x/net/html/parse.go 2025-10-09 10:39:56.705570069 +0200 -+++ b/vendor-patched/golang.org/x/net/html/parse.go 2025-10-09 10:38:59.062361676 +0200 -@@ -231,7 +231,14 @@ - } - - if n.Type == ElementNode { -+ p.insertOpenElement(n) -+ } -+} -+ -+func (p *parser) insertOpenElement(n *Node) { - p.oe = append(p.oe, n) -+ if len(p.oe) > 512 { -+ panic("html: open stack of elements exceeds 512 nodes") - } - } - -@@ -810,7 +817,7 @@ - p.im = inFramesetIM - return true - case a.Base, a.Basefont, a.Bgsound, a.Link, a.Meta, a.Noframes, a.Script, a.Style, a.Template, a.Title: -- p.oe = append(p.oe, p.head) -+ p.insertOpenElement(p.head) - defer p.oe.remove(p.head) - return inHeadIM(p) - case a.Head: -@@ -2324,9 +2331,13 @@ - } - } - --func (p *parser) parse() error { -+func (p *parser) parse() (err error) { -+ defer func() { -+ if panicErr := recover(); panicErr != nil { -+ err = fmt.Errorf("%s", panicErr) -+ } -+ }() - // Iterate until EOF. Any other error will cause an early return. -- var err error - for err != io.EOF { - // CDATA sections are allowed only in foreign content. - n := p.oe.top() -@@ -2355,6 +2366,8 @@ - // s. Conversely, explicit s in r's data can be silently dropped, - // with no corresponding node in the resulting tree. - // -+// Parse will reject HTML that is nested deeper than 512 elements. -+// - // The input is assumed to be UTF-8 encoded. - func Parse(r io.Reader) (*Node, error) { - return ParseWithOptions(r) diff --git a/fix-CVE-2025-58190.patch b/fix-CVE-2025-58190.patch deleted file mode 100644 index 15067b6..0000000 --- a/fix-CVE-2025-58190.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -rubN vendor/golang.org/x/net/html/parse.go vendor-patched/golang.org/x/net/html/parse.go ---- a/vendor/golang.org/x/net/html/parse.go 2025-06-06 12:16:37.000000000 +0200 -+++ b/vendor-patched/golang.org/x/net/html/parse.go 2025-10-09 10:12:41.984298856 +0200 -@@ -136,7 +136,7 @@ - return -1 - } - default: -- panic("unreachable") -+ panic(fmt.Sprintf("html: internal error: indexOfElementInScope unknown scope: %d", s)) - } - } - switch s { -@@ -179,7 +179,7 @@ - return - } - default: -- panic("unreachable") -+ panic(fmt.Sprintf("html: internal error: clearStackToContext unknown scope: %d", s)) - } - } - } -@@ -1678,7 +1678,7 @@ - return inTableIM(p) - } - --// Section 12.2.6.4.14. -+// Section 13.2.6.4.14. - func inRowIM(p *parser) bool { - switch p.tok.Type { - case StartTagToken: -@@ -1690,7 +1690,9 @@ - p.im = inCellIM - return true - case a.Caption, a.Col, a.Colgroup, a.Tbody, a.Tfoot, a.Thead, a.Tr: -- if p.popUntil(tableScope, a.Tr) { -+ if p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() - p.im = inTableBodyIM - return false - } -@@ -1700,22 +1702,28 @@ - case EndTagToken: - switch p.tok.DataAtom { - case a.Tr: -- if p.popUntil(tableScope, a.Tr) { -+ if p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() - p.im = inTableBodyIM - return true - } - // Ignore the token. - return true - case a.Table: -- if p.popUntil(tableScope, a.Tr) { -+ if p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() - p.im = inTableBodyIM - return false - } - // Ignore the token. - return true - case a.Tbody, a.Tfoot, a.Thead: -- if p.elementInScope(tableScope, p.tok.DataAtom) { -- p.parseImpliedToken(EndTagToken, a.Tr, a.Tr.String()) -+ if p.elementInScope(tableScope, p.tok.DataAtom) && p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() -+ p.im = inTableBodyIM - return false - } - // Ignore the token. -@@ -2222,16 +2230,20 @@ - p.acknowledgeSelfClosingTag() - } - case EndTagToken: -- for i := len(p.oe) - 1; i >= 0; i-- { -- if p.oe[i].Namespace == "" { -- return p.im(p) -+ if strings.EqualFold(p.oe[len(p.oe)-1].Data, p.tok.Data) { -+ p.oe = p.oe[:len(p.oe)-1] -+ return true - } -+ for i := len(p.oe) - 1; i >= 0; i-- { - if strings.EqualFold(p.oe[i].Data, p.tok.Data) { - p.oe = p.oe[:i] -+ return true -+ } -+ if i > 0 && p.oe[i-1].Namespace == "" { - break - } - } -- return true -+ return p.im(p) - default: - // Ignore the token. - } diff --git a/gitea-tea-0.11.1.tar.gz b/gitea-tea-0.11.1.tar.gz deleted file mode 100644 index 8bc8f42..0000000 --- a/gitea-tea-0.11.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cb173e6ad5d06372196c90cc08f7039f5925ea6a0854a19d40e77b4d3977f107 -size 745960 diff --git a/gitea-tea-0.12.0.tar.gz b/gitea-tea-0.12.0.tar.gz new file mode 100644 index 0000000..e42cfc6 --- /dev/null +++ b/gitea-tea-0.12.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d5998c7c2bb32e0626536142f75b4c7d4f5fb604919ddb4834346dcdc9716d08 +size 789117 diff --git a/gitea-tea-Fix-termenv-OSC-RGBA-handling.patch b/gitea-tea-Fix-termenv-OSC-RGBA-handling.patch deleted file mode 100644 index e41dde8..0000000 --- a/gitea-tea-Fix-termenv-OSC-RGBA-handling.patch +++ /dev/null @@ -1,69 +0,0 @@ -From d05746ddd9757f4683be930b1ebe040a934b8238 Mon Sep 17 00:00:00 2001 -From: Michal Suchanek -Date: Thu, 12 Feb 2026 11:34:34 +0100 -Subject: [PATCH] Fix termenv OSC RGBA handling - -Fixes: #889 ---- - go.mod | 4 +++- - go.sum | 8 ++++---- - 2 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/go.mod b/go.mod -index 7c87174..526823d 100644 ---- a/go.mod -+++ b/go.mod -@@ -27,6 +27,8 @@ require ( - gopkg.in/yaml.v3 v3.0.1 - ) - -+replace github.com/muesli/termenv v0.16.0 => github.com/hramrach/termenv v0.16.1-0.20260212100405-cc30261f3059 -+ - require ( - dario.cat/mergo v1.0.0 // indirect - github.com/42wim/httpsig v1.2.3 // indirect -@@ -63,7 +65,7 @@ require ( - github.com/hashicorp/go-version v1.7.0 // indirect - github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/kevinburke/ssh_config v1.2.0 // indirect -- github.com/lucasb-eyer/go-colorful v1.2.0 // indirect -+ github.com/lucasb-eyer/go-colorful v1.3.0 // indirect - github.com/mattn/go-colorable v0.1.14 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-localereader v0.0.1 // indirect -diff --git a/go.sum b/go.sum -index 15737d4..e74ac35 100644 ---- a/go.sum -+++ b/go.sum -@@ -120,6 +120,8 @@ github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKe - github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= - github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= - github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= -+github.com/hramrach/termenv v0.16.1-0.20260212100405-cc30261f3059 h1:xxfLFNkkQNJqA7Tieg/oBg/7Wk24pbEFK1VnbkrnTo8= -+github.com/hramrach/termenv v0.16.1-0.20260212100405-cc30261f3059/go.mod h1:jeqvVfGyGmpCFfP9fK4yIWvxcMb8ApE3EPBq5fCzaaU= - github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= - github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= - github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= -@@ -131,8 +133,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= - github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= - github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= - github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= --github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= --github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= -+github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag= -+github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= - github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= - github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= - github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -@@ -153,8 +155,6 @@ github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELU - github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= - github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= - github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= --github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc= --github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk= - github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM= - github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y= - github.com/olekukonko/ll v0.0.8 h1:sbGZ1Fx4QxJXEqL/6IG8GEFnYojUSQ45dJVwN2FH2fc= --- -2.51.0 - diff --git a/gitea-tea.changes b/gitea-tea.changes index 3e3171e..accec07 100644 --- a/gitea-tea.changes +++ b/gitea-tea.changes @@ -1,3 +1,64 @@ +------------------------------------------------------------------- +Fri Feb 20 05:59:44 UTC 2026 - Johannes Kastl + +- update to 0.12.0: + * New Features + - Add tea actions commands for managing workflow runs and + workflows in #880, #796 + - Add tea api subcommand for arbitrary API calls not covered by + existing commands in #879 + - Add repository webhook management commands in #798 + - Add JSON output support for single PR view in #864 + - Add JSON output and file redirection for issue detail view in + #841 + - Support creating AGit flow pull requests in #867 + * Bug Fixes + - Fix authentication via environment variables when specifying + repo argument in #809 + - Fix issue detail view ignoring --owner flag in #899 + - Fix PR create crash in #823 + - Fix TTY prompt handling in #897 + - Fix termenv OSC RGBA handling in #907 + - Fix labels delete command and --id flag type in #865 + - Fix delete repo command description in #858 + - Fix pagination flags for secrets list, webhooks list, and + pull requests list in #853, #852, + - #851 + - Enable git worktree support and improve PR create error + handling in #850 + - Only prompt for SSH passphrase when necessary in #844 + - Only prompt for login confirmation when no default login is + set in #839 + - Skip token uniqueness check when using SSH authentication in + #898 + - Require non-empty token in GetLoginByToken in #895 + - Fix config file permissions to remove group read/write in + #856 + * Improvements + - Add file locking for safe concurrent access to config file in + #881 + - Improve error messages throughout the CLI in #871 + - Send consistent HTTP request headers in #888 + - Revert requiring HTTP/HTTPS login URLs; restore SSH as a + login method in #891 + - Refactor context into dedicated subpackages in #873, #888 + - General code cleanup and improvements in #869, #870 + - Add test coverage for login matching in #820 + * Build & Dependencies + - Build with Go 1.25 in #886 + - Build for Windows aarch64 + - Update Gitea SDK version in #868 + - Update Nix flake in #872 + - Update dependencies including lipgloss v2, urfave/cli v3.6.2, + go-git v5.16.5, and various Go modules in #849, #875, #876, + #878, #884, #885, #900, #901, #904, #905 + - Update CI actions (checkout v6, setup-go v6) in #882, #883 +- remove patches that do no longer apply: + - fix-CVE-2025-58190.patch + - fix-CVE-2025-47911.patch + - gitea-tea-Fix-termenv-OSC-RGBA-handling.patch + - remove-config-file-group-readwrite-permission-856.patch + ------------------------------------------------------------------- Thu Feb 12 11:58:02 UTC 2026 - Michal Suchanek diff --git a/gitea-tea.spec b/gitea-tea.spec index 58924fe..8ee236f 100644 --- a/gitea-tea.spec +++ b/gitea-tea.spec @@ -17,18 +17,14 @@ Name: gitea-tea -Version: 0.11.1 +Version: 0.12.0 Release: 0 Summary: A command line tool to interact with Gitea servers License: MIT URL: https://gitea.com/gitea/tea Source0: %{name}-%{version}.tar.gz Source1: vendor.tar.gz -Patch0: fix-CVE-2025-58190.patch -Patch1: fix-CVE-2025-47911.patch -Patch2: gitea-tea-Fix-termenv-OSC-RGBA-handling.patch -Patch3: remove-config-file-group-readwrite-permission-856.patch -BuildRequires: golang(API) >= 1.24 +BuildRequires: golang(API) >= 1.25 Conflicts: tea %description @@ -85,6 +81,7 @@ go run \ install -v -m 0755 -D -t %{buildroot}%{_bindir} tea ./tea completion bash > contrib/autocomplete.sh +sed -i '1d' contrib/autocomplete.sh install -v -m 0644 -D contrib/autocomplete.sh \ %{buildroot}%{_datadir}/bash-completion/completions/tea diff --git a/remove-config-file-group-readwrite-permission-856.patch b/remove-config-file-group-readwrite-permission-856.patch deleted file mode 100644 index afe0c00..0000000 --- a/remove-config-file-group-readwrite-permission-856.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f6d4b5fa4fdf4ebb777cc465f9c3ec30c8024548 Mon Sep 17 00:00:00 2001 -From: TheFox0x7 -Date: Thu, 27 Nov 2025 22:45:25 +0000 -Subject: [PATCH] remove group readwrite permission (#856) - -closes: https://gitea.com/gitea/tea/issues/855 -Reviewed-on: https://gitea.com/gitea/tea/pulls/856 -Reviewed-by: Lunny Xiao -Co-authored-by: TheFox0x7 -Co-committed-by: TheFox0x7 ---- - modules/config/config.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/config/config.go b/modules/config/config.go -index 70443ca..30b59f3 100644 ---- a/modules/config/config.go -+++ b/modules/config/config.go -@@ -104,5 +104,5 @@ func saveConfig() error { - if err != nil { - return err - } -- return os.WriteFile(ymlPath, bs, 0o660) -+ return os.WriteFile(ymlPath, bs, 0o600) - } --- -2.51.0 - diff --git a/vendor.tar.gz b/vendor.tar.gz index 2cc9928..d2747ee 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f8740a7f9985d4ce74757ff68687876cae091aead71618cbc042c3bc750e7463 -size 6307150 +oid sha256:ff515f644c6da077d919c12429590f35750a320364932c0797cea3c1c97d9842 +size 5994872 -- 2.51.1