pool/gitea-tea
SHA256
17
0
Fork 3
Code Issues Pull Requests 2 Activity

update to 0.12.0 (remove all four patches, currently checking if they are upstream already) #7

Open
michals wants to merge 1 commits from michals/gitea-tea:leap-16.0 into leap-16.0
pull from: michals/gitea-tea:leap-16.0
merge into: pool:leap-16.0
Conversation 3 Commits 1 Files Changed 10 +70 -272
10 changed files with 70 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_service
View File

@@ -3,7 +3,7 @@
<service name="tar_scm" mode="manual">
<param name="url">https://gitea.com/gitea/tea.git</param>
<param name="scm">git</param>
<param name="revision">61d4e571a7e086f53f5f8a7713151839e1a32151</param>
<param name="revision">refs/tags/v0.12.0</param>
<param name="filename">gitea-tea</param>
<param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
<param name="versionrewrite-pattern">v(.*)\+0</param>

64
fix-CVE-2025-47911.patch
View File

@@ -1,64 +0,0 @@
diff -rubN vendor/golang.org/x/net/html/escape.go vendor-patched/golang.org/x/net/html/escape.go
--- a/vendor/golang.org/x/net/html/escape.go 2025-06-06 12:16:37.000000000 +0200
+++ b/vendor-patched/golang.org/x/net/html/escape.go 2025-10-09 10:38:44.325052734 +0200
@@ -299,7 +299,7 @@
case '\r':
esc = "&#13;"
default:
- panic("unrecognized escape character")
+ panic("html: unrecognized escape character")
}
s = s[i+1:]
if _, err := w.WriteString(esc); err != nil {
diff -rubN vendor/golang.org/x/net/html/parse.go vendor-patched/golang.org/x/net/html/parse.go
--- a/vendor/golang.org/x/net/html/parse.go 2025-10-09 10:39:56.705570069 +0200
+++ b/vendor-patched/golang.org/x/net/html/parse.go 2025-10-09 10:38:59.062361676 +0200
@@ -231,7 +231,14 @@
}
if n.Type == ElementNode {
+ p.insertOpenElement(n)
+ }
+}
+
+func (p *parser) insertOpenElement(n *Node) {
p.oe = append(p.oe, n)
+ if len(p.oe) > 512 {
+ panic("html: open stack of elements exceeds 512 nodes")
}
}
@@ -810,7 +817,7 @@
p.im = inFramesetIM
return true
case a.Base, a.Basefont, a.Bgsound, a.Link, a.Meta, a.Noframes, a.Script, a.Style, a.Template, a.Title:
- p.oe = append(p.oe, p.head)
+ p.insertOpenElement(p.head)
defer p.oe.remove(p.head)
return inHeadIM(p)
case a.Head:
@@ -2324,9 +2331,13 @@
}
}
-func (p *parser) parse() error {
+func (p *parser) parse() (err error) {
+ defer func() {
+ if panicErr := recover(); panicErr != nil {
+ err = fmt.Errorf("%s", panicErr)
+ }
+ }()
// Iterate until EOF. Any other error will cause an early return.
- var err error
for err != io.EOF {
// CDATA sections are allowed only in foreign content.
n := p.oe.top()
@@ -2355,6 +2366,8 @@
// <tag>s. Conversely, explicit <tag>s in r's data can be silently dropped,
// with no corresponding node in the resulting tree.
//
+// Parse will reject HTML that is nested deeper than 512 elements.
+//
// The input is assumed to be UTF-8 encoded.
func Parse(r io.Reader) (*Node, error) {
return ParseWithOptions(r)

99
fix-CVE-2025-58190.patch
View File

@@ -1,99 +0,0 @@
diff -rubN vendor/golang.org/x/net/html/parse.go vendor-patched/golang.org/x/net/html/parse.go
--- a/vendor/golang.org/x/net/html/parse.go 2025-06-06 12:16:37.000000000 +0200
+++ b/vendor-patched/golang.org/x/net/html/parse.go 2025-10-09 10:12:41.984298856 +0200
@@ -136,7 +136,7 @@
return -1
}
default:
- panic("unreachable")
+ panic(fmt.Sprintf("html: internal error: indexOfElementInScope unknown scope: %d", s))
}
}
switch s {
@@ -179,7 +179,7 @@
return
}
default:
- panic("unreachable")
+ panic(fmt.Sprintf("html: internal error: clearStackToContext unknown scope: %d", s))
}
}
}
@@ -1678,7 +1678,7 @@
return inTableIM(p)
}
-// Section 12.2.6.4.14.
+// Section 13.2.6.4.14.
func inRowIM(p *parser) bool {
switch p.tok.Type {
case StartTagToken:
@@ -1690,7 +1690,9 @@
p.im = inCellIM
return true
case a.Caption, a.Col, a.Colgroup, a.Tbody, a.Tfoot, a.Thead, a.Tr:
- if p.popUntil(tableScope, a.Tr) {
+ if p.elementInScope(tableScope, a.Tr) {
+ p.clearStackToContext(tableRowScope)
+ p.oe.pop()
p.im = inTableBodyIM
return false
}
@@ -1700,22 +1702,28 @@
case EndTagToken:
switch p.tok.DataAtom {
case a.Tr:
- if p.popUntil(tableScope, a.Tr) {
+ if p.elementInScope(tableScope, a.Tr) {
+ p.clearStackToContext(tableRowScope)
+ p.oe.pop()
p.im = inTableBodyIM
return true
}
// Ignore the token.
return true
case a.Table:
- if p.popUntil(tableScope, a.Tr) {
+ if p.elementInScope(tableScope, a.Tr) {
+ p.clearStackToContext(tableRowScope)
+ p.oe.pop()
p.im = inTableBodyIM
return false
}
// Ignore the token.
return true
case a.Tbody, a.Tfoot, a.Thead:
- if p.elementInScope(tableScope, p.tok.DataAtom) {
- p.parseImpliedToken(EndTagToken, a.Tr, a.Tr.String())
+ if p.elementInScope(tableScope, p.tok.DataAtom) && p.elementInScope(tableScope, a.Tr) {
+ p.clearStackToContext(tableRowScope)
+ p.oe.pop()
+ p.im = inTableBodyIM
return false
}
// Ignore the token.
@@ -2222,16 +2230,20 @@
p.acknowledgeSelfClosingTag()
}
case EndTagToken:
- for i := len(p.oe) - 1; i >= 0; i-- {
- if p.oe[i].Namespace == "" {
- return p.im(p)
+ if strings.EqualFold(p.oe[len(p.oe)-1].Data, p.tok.Data) {
+ p.oe = p.oe[:len(p.oe)-1]
+ return true
}
+ for i := len(p.oe) - 1; i >= 0; i-- {
if strings.EqualFold(p.oe[i].Data, p.tok.Data) {
p.oe = p.oe[:i]
+ return true
+ }
+ if i > 0 && p.oe[i-1].Namespace == "" {
break
}
}
- return true
+ return p.im(p)
default:
// Ignore the token.
}

3
gitea-tea-0.11.1.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cb173e6ad5d06372196c90cc08f7039f5925ea6a0854a19d40e77b4d3977f107
size 745960

BIN
gitea-tea-0.12.0.tar.gz LFS Normal file
View File

Binary file not shown.

69
gitea-tea-Fix-termenv-OSC-RGBA-handling.patch
View File

@@ -1,69 +0,0 @@
From d05746ddd9757f4683be930b1ebe040a934b8238 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Thu, 12 Feb 2026 11:34:34 +0100
Subject: [PATCH] Fix termenv OSC RGBA handling
Fixes: #889
---
go.mod | 4 +++-
go.sum | 8 ++++----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/go.mod b/go.mod
index 7c87174..526823d 100644
--- a/go.mod
+++ b/go.mod
@@ -27,6 +27,8 @@ require (
gopkg.in/yaml.v3 v3.0.1
)
+replace github.com/muesli/termenv v0.16.0 => github.com/hramrach/termenv v0.16.1-0.20260212100405-cc30261f3059
+
require (
dario.cat/mergo v1.0.0 // indirect
github.com/42wim/httpsig v1.2.3 // indirect
@@ -63,7 +65,7 @@ require (
github.com/hashicorp/go-version v1.7.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
- github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+ github.com/lucasb-eyer/go-colorful v1.3.0 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-localereader v0.0.1 // indirect
diff --git a/go.sum b/go.sum
index 15737d4..e74ac35 100644
--- a/go.sum
+++ b/go.sum
@@ -120,6 +120,8 @@ github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKe
github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/hramrach/termenv v0.16.1-0.20260212100405-cc30261f3059 h1:xxfLFNkkQNJqA7Tieg/oBg/7Wk24pbEFK1VnbkrnTo8=
+github.com/hramrach/termenv v0.16.1-0.20260212100405-cc30261f3059/go.mod h1:jeqvVfGyGmpCFfP9fK4yIWvxcMb8ApE3EPBq5fCzaaU=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -131,8 +133,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
-github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
+github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag=
+github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
@@ -153,8 +155,6 @@ github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELU
github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
-github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
-github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM=
github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
github.com/olekukonko/ll v0.0.8 h1:sbGZ1Fx4QxJXEqL/6IG8GEFnYojUSQ45dJVwN2FH2fc=
--
2.51.0

61
gitea-tea.changes
View File

@@ -1,3 +1,64 @@
-------------------------------------------------------------------
Fri Feb 20 05:59:44 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 0.12.0:
* New Features
- Add tea actions commands for managing workflow runs and
workflows in #880, #796
- Add tea api subcommand for arbitrary API calls not covered by
existing commands in #879
- Add repository webhook management commands in #798
- Add JSON output support for single PR view in #864
- Add JSON output and file redirection for issue detail view in
#841
- Support creating AGit flow pull requests in #867
* Bug Fixes
- Fix authentication via environment variables when specifying
repo argument in #809
- Fix issue detail view ignoring --owner flag in #899
- Fix PR create crash in #823
- Fix TTY prompt handling in #897
- Fix termenv OSC RGBA handling in #907
- Fix labels delete command and --id flag type in #865
- Fix delete repo command description in #858
- Fix pagination flags for secrets list, webhooks list, and
pull requests list in #853, #852,
- #851
- Enable git worktree support and improve PR create error
handling in #850
- Only prompt for SSH passphrase when necessary in #844
- Only prompt for login confirmation when no default login is
set in #839
- Skip token uniqueness check when using SSH authentication in
#898
- Require non-empty token in GetLoginByToken in #895
- Fix config file permissions to remove group read/write in
#856
* Improvements
- Add file locking for safe concurrent access to config file in
#881
- Improve error messages throughout the CLI in #871
- Send consistent HTTP request headers in #888
- Revert requiring HTTP/HTTPS login URLs; restore SSH as a
login method in #891
- Refactor context into dedicated subpackages in #873, #888
- General code cleanup and improvements in #869, #870
- Add test coverage for login matching in #820
* Build & Dependencies
- Build with Go 1.25 in #886
- Build for Windows aarch64
- Update Gitea SDK version in #868
- Update Nix flake in #872
- Update dependencies including lipgloss v2, urfave/cli v3.6.2,
go-git v5.16.5, and various Go modules in #849, #875, #876,
#878, #884, #885, #900, #901, #904, #905
- Update CI actions (checkout v6, setup-go v6) in #882, #883
- remove patches that do no longer apply:
- fix-CVE-2025-58190.patch
- fix-CVE-2025-47911.patch
- gitea-tea-Fix-termenv-OSC-RGBA-handling.patch
- remove-config-file-group-readwrite-permission-856.patch
-------------------------------------------------------------------
Thu Feb 12 11:58:02 UTC 2026 - Michal Suchanek <msuchanek@suse.de>

9
gitea-tea.spec
View File

@@ -17,18 +17,14 @@
Name: gitea-tea
Version: 0.11.1
Version: 0.12.0
Release: 0
Summary: A command line tool to interact with Gitea servers
License: MIT
URL: https://gitea.com/gitea/tea
Source0: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
Patch0: fix-CVE-2025-58190.patch
Patch1: fix-CVE-2025-47911.patch
Patch2: gitea-tea-Fix-termenv-OSC-RGBA-handling.patch
Patch3: remove-config-file-group-readwrite-permission-856.patch
BuildRequires: golang(API) >= 1.24
BuildRequires: golang(API) >= 1.25
Conflicts: tea
%description
@@ -85,6 +81,7 @@ go run \
install -v -m 0755 -D -t %{buildroot}%{_bindir} tea
./tea completion bash > contrib/autocomplete.sh
sed -i '1d' contrib/autocomplete.sh
install -v -m 0644 -D contrib/autocomplete.sh \
%{buildroot}%{_datadir}/bash-completion/completions/tea

28
remove-config-file-group-readwrite-permission-856.patch
View File

@@ -1,28 +0,0 @@
From f6d4b5fa4fdf4ebb777cc465f9c3ec30c8024548 Mon Sep 17 00:00:00 2001
From: TheFox0x7 <thefox0x7@gmail.com>
Date: Thu, 27 Nov 2025 22:45:25 +0000
Subject: [PATCH] remove group readwrite permission (#856)
closes: https://gitea.com/gitea/tea/issues/855
Reviewed-on: https://gitea.com/gitea/tea/pulls/856
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
---
modules/config/config.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/config/config.go b/modules/config/config.go
index 70443ca..30b59f3 100644
--- a/modules/config/config.go
+++ b/modules/config/config.go
@@ -104,5 +104,5 @@ func saveConfig() error {
if err != nil {
return err
}
- return os.WriteFile(ymlPath, bs, 0o660)
+ return os.WriteFile(ymlPath, bs, 0o600)
}
--
2.51.0

BIN
vendor.tar.gz LFS
View File

Binary file not shown.