Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

forgejo-8.0.1-1.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: forgejo Distribution: openSUSE Tumbleweed
Version: 8.0.1 Vendor: openSUSE
Release: 1.1 Build date: Fri Aug 9 23:25:45 2024
Group: Development/Tools/Version Control Build host: reproducible
Size: 111406075 Source RPM: forgejo-8.0.1-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://forgejo.org
Summary: Self-hostable forge
Providing Git hosting for your project, friends, company or community? Forgejo (/for'd͡ʒe.jo/ inspired by forĝejo
– the Esperanto word for forge) has you covered with its intuitive interface, light and easy hosting and a lot of builtin functionality.

Provides

Requires

License

MIT

Changelog

* Fri Aug 09 2024 Richard Rahl <rrahl0@opensuse.org>
  - update to 8.0.1:
    * A change introduced in Forgejo v1.21 allows a Forgejo user with write
      permission on a repository description to inject a client-side script into
      the web page viewed by the visitor. This XSS allows for href in anchor
      elements to be set to a javascript: URI in the repository description,
      which will execute the specified script upon clicking (and not upon
      loading). AllowStandardURLs is now called for the repository description
      policy, which ensures that URIs in anchor elements are mailto:, http://
      or https:// and thereby disallowing the javascript: URI.
    * Do not include trailing EOL character when counting lines
    * Add background to reactions on hover
    * Prevent uppercase in header of dashboard context selector
    * Fix page layout in admin settings
    * Ensure all filters are persistent in issue filters
    * Allow 4 charachter SHA in /src/commit
  - update to 8.0.0:
    full changelog at https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#8-0-0
    Highlights:
    * remove Microsoft SQL Server support
    * introduce a branch/tag dropdown in the code search page
    * added support for fuzzy searching in /user/repo/issues and /user/repo/pulls
    * API endpoints for managing tag protection.
    * add Reviewed-on and Reviewed-by variables to the merge template
    * display an error when an issue comment is edited simultaneously by
      two users instead of silently overriding one of them
    * when installing Forgejo through the built-in installer, open
      (self-) registration is now disabled by default
    * add support for the reddit and Hubspot OAuth providers.
    * CERT management was improved when ENABLE_ACME=true
    * language detection in the repository got additional languages
    * add an immutable tarball link to archive download headers for Nix
    * Show the AGit label on merged pull requests
  - fix apparmor profile
  - set sqlite3 as the default installation database
  - add a rule for firewalld
* Fri Aug 09 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
  - update to 7.0.7:
    This is a security release. See the documentation for more
    information on the upgrade procedure.
    * Security
    - A change introduced in Forgejo v1.21 allows a Forgejo user
      with write permission on a repository description to inject a
      client-side script into the web page viewed by the visitor.
      This XSS allows for href in anchor elements to be set to a
      javascript: URI in the repository description, which will
      execute the specified script upon clicking (and not upon
      loading). AllowStandardURLs is now called for the repository
      description policy, which ensures that URIs in anchor
      elements are mailto:, http:// or https:// and thereby
      disallowing the javascript: URI.
    * Bug fixes
    - PR (backported): disallow javascript: URI in the repository
      description
    * Localization
    - PR (backported): i18n: backport of #4568 #4668 and #4783 to
      v7
* Thu Aug 01 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
  - update to 7.0.6:
    * Two frontend features were removed because a license
      incompatibility was discovered. Read more in the companion blog
      post.
    - PR (backported from): Mermaid rendering: %%{init:
      {"flowchart": {"defaultRenderer": "elk"}} }%% will now fail
      because ELK is no longer included.
    - PR (backported from): Repository citation: Removed the
      ability to export citations in APA format.
    * User Interface bug fixes
    - PR (backported from): Replace vue-bar-graph with chart.js
    - PR (backported from): Show AGit label on merged PR
    - PR (backported from): Fix mobile UI for organisation creation
    * Bug fixes
    - PR (backported from): fix(api): issue state change is not
      idempotent
    - PR (backported from): Reserve the devtest username
    - PR (backported from): fix(actions): no edited event triggered
      when a title is changed
    - PR (backported from): Load attachments for
      /issues/comments/{id}
    - PR (backported from): When searching for users, page the
      results by default, and respect the default paging limits
    - PR (backported from): the "View command line instructions"
      link in pull requests and the "Copy content" button in file
      editor are not accessible
    - PR (backported from): Use correct SHA in GetCommitPullRequest
    * Localization
    - PR (backported from): Update of translations from Weblate
    - PR: Update of translations from Weblate
    - PR (backported from): 3 translation updates from Weblate - PR
      1, PR 2, PR 3
* Mon Jul 15 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
  - fix typo Environemnt in forgejo.service
* Fri Jul 05 2024 Richard Rahl <rrahl0@opensuse.org>
  - update to 7.0.5:
    * Fixed: CVE-2024-24791 - GO-2024-2963 Denial of service due to improper
      100-continue handling in net/http
    * Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead
      of Default URLs" checkbox (missing checkbox, irrelevant fields).
    * Fixed: git push to an adopted repository fails.
    * Fixed: markdown doesn't render math within brackets
    * Fixed: selecting the "No Project" filter in the issue/pull request list has no effect
    * Fixed: error 500 when processing crafted TIFF files.
    * Fixed: wrong placeholder text in the form for adding repository collaborator.
* Sun Jun 16 2024 Richard Rahl <rrahl0@disroot.org>
  - update to 7.0.4:
    * Fixed: CVE-2024-24789: the archive/zip package's handling of certain types
      of invalid zip files differs from the behavior of most zip implementations.
      This misalignment could be exploited to create an zip file with contents that
      vary depending on the implementation reading the file.
    * the OAuth2 implementation does not always require authentication for public
      clients, a requirement of RFC 6749 Section 10.2
    * forgejo migrate-storage --type actions-artifacts always fails because it picks the wrong path.
    * avatar files can be found in storage while they do not exist in the database.
    * repository admins are always denied the right to force merge and instance admins
      are subject to restrictions to merge that must only apply to repository admins.
    * non conformance with the Nix tarball fetcher immutable link protocol.
    * migrated activities (such as reviews) are mapped to the user who initiated the
      migration rather than the Ghost user, if the external user cannot be mapped to a
      local one. This mapping mismatch leads to internal server errors in some cases.
    * a v7.0.0 regression causes [admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true to always be ignored.
    * using a subquery for user deletion is a performance bottleneck when using mariadb 10
      because only mariadb 11 takes advantage of the available index.
    * a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
    * SourceHut Builds webhook fail when the triggers field is used.
    * the label list rendering in the issue and pull request timeline is displayed on
      multiple lines instead of a single one.
    * Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
    * automerge does not happen when the approval count reaches the required threshold.
    * the FORCE_PRIVATE=true setting is not consistently enforced.
    * CSRF validation errors when OAuth is not enabled.
    * headlines in rendered org-mode do not have a margin on the top
* Wed May 22 2024 Richard Rahl <rrahl0@disroot.org>
  - update to 7.0.3:
    * CVE-2024-24788: a malformed DNS message in response to a query can
      cause the lookup functions to get stuck in an infinite loop
    * backticks in mermaid block diagram labels are not sanitized properly
    * migration of a repository from gogs fails when it is hosted at a subpath.
    * when creating an OAuth2 application the redirect URLs are not enforced to
      be mandatory
    * the API incorrectly excludes repositories where code is not enabled
    * "Allow edits from maintainers" cannot be modified via the pull request web UI
    * repository activity feeds (including RSS and Atom feeds) contain
      repeated activities
    * uploading maven packages with metadata being uploaded separately will fail
    * the mail notification sent about commits pushed to pull requests are empty
    * inline emails attachments are not properly handled when commenting on an
      issue via email
    * the links to .zip and tar.gz on the tag list web UI fail
    * expanding code diff while previewing a pull request before it is created fails
    * the CLI is not able to migrate Forgejo Actions artifacts
    * when adopting a repository, the default branch is not taken into account
    * when using reverse proxy authentication, logout will not be taken into
      account when immediately trying to login afterwards
    * pushing to the master branch of a sha256 repository fails
    * a very long project column name will make the action menu inaccessible
    * a useless error is displayed when the title of a merged pull request is
      modified
    * workflow badges are not working for workflows that are not running on push
      (such as scheduled workflows, and ones that run on tags and pull requests)
* Fri May 03 2024 Richard Rahl <rrahl0@disroot.org>
  - update to 7.0.2:
    * regression where subscribing to or unsubscribing from an issue in a
      repository with no code produced an internal server error.
    * regression makes all the refs sent in Gitea webhooks to be full refs and
      might break Woodpecker CI pipelines triggered on tag (CI_COMMIT_TAG
      contained the full ref). This issue has been fixed in the main branch of
      Woodpecker CI as well.
    * the webhook branch filter wrongly applied the match on the full ref for
      branch creation and deletion (wrongly skipping events).
    * toggling the WIP state of a pull request is possible from the sidebar,
      but not from the footer.
    * when mentioning a user, the markup post-processor does not handle the case
      where the mentioned user does not exist: it tries to skip to the next node,
      which in turn, ended up skipping the rest of the line.
    * excessive and unnecessary database queries when a user with no repositories
      is viewing their dashboard.
    * duplicate status check contexts show in the branch protection settings.
    * profile info fails to render german singular translation.
    * inline attachments of incoming emails (as they occur for example with Apple
      Mail) are not attached to comments.
* Sat Apr 27 2024 Richard Rahl <rrahl0@disroot.org>
  - update to 7.0.1:
    * LFS data corruption when running the forgejo doctor check --fix CLI command
      or setting [cron.gc_lfs].ENABLED=true (the default is false)
    * non backward compatible change in the forgejo admin user create CLI command
    * error 500 because of an incorrect evaluation of the template when visiting
      the LFS settings of a repository
    * GET /repos/{owner}/{name} API endpoint always returns an empty string for
      the object_format_name field
    * fuzzy search may fail with bleve
* Thu Apr 25 2024 Richard Rahl <rrahl0@disroot.org>
  - update to 7.0.0:
    This is only an excerpt from the full changelog, which you can find
    in your RELEASE-NOTES.md or at
    https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-0
    * MySQL 8.0 or PostgreSQL 12 are the minimum supported versions.
      The database must be migrated before upgrading.
      The requirements regarding SQLite did not change.
    * The per_page parameter is no longer a synonym for limit in the
      /repos/{owner}/{repo}/releases API endpoint.
    * The date format of the created and last_update fields of the
      /repos/{owner}/{repo}/push_mirrors and /repos/{owner}/{repo}/push_mirrors
      API endpoint changed to be timestamps instead of numbers.
    * Labels used by pprof endpoint have been changed
    * The fogejo admin user create CLI command requires a password change
      by default when creating the first user
* Sat Apr 20 2024 Richard Rahl <rrahl0@disroot.org>
  - update to 1.21.11-1:
    * error 500 on tag creation when a workflow exists
  - update to 1.21.11-0:
    * Fixed a privilege escalation through git push options that
      allows any user to change the visibility of any repository they can see,
      regardless of their level of access.
    * Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run
      from the same domain as the forge, via
      /{owner}/{repo}/render/branch/{branch}/{filename} URLs.
    * Close file in upload function
    * Prevent registering runners for deleted repositories.
      Prevents 500 Internal Server Error in admin interface.
    * More reliable pagination support when migrating from gitbucket
    * Fix automerge when used with actions
  - fix apparmor profile
* Fri Apr 05 2024 Richard Rahl <rrahl0@proton.me>
  - update to 1.21.10-0:
    * CVE-2023-45288 which permits an attacker to cause an HTTP/2 endpoint to
      read arbitrary amounts of header data
    * Fix to not remove repository avatars when the doctor runs with --fix
      on the repository archives.
    * Detect protected branch on branch rename.
    * Don't delete inactive emails explicitly.
    * Fix user interface when a review is deleted without refreshing.
    * Fix paths when finding files via the web interface that were not escaped.
    * Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org.
    * Fix duplicate migrated milestones.
    * Fix inline math blocks can't be preceeded/followed by alphanumerical
      characters.
* Thu Mar 28 2024 Richard Rahl <rrahl0@proton.me>
  - increase golang dep to 1.22, to imitate the CI/CD of forgejo
  - revise how the apparmor package gets build + add selinux
* Sat Mar 23 2024 Richard Rahl <user@localhost>
  - update to 1.21.8-0:
    * Fix /api/v1/{owner}/{repo}/issue_templates which was always failing with a
      500 error.
    * Prevent error 500 on /user/settings/security when SignedUser has a linked
      account from a deactivated authentication source.
    * Fix error 500 when pushing release to an empty repo.
    * Fix incorrect rendering csv file when file size is larger than UI.CSV.MaxFileSize.
    * Fix error 500 when deleting account with incorrect password or unsupported login type.
    * handle user-defined name anchors like [Link](#link) linking to <a name="link"></a>Link.
    * Use correct head commit for CODEOWNER.
    * Fix manual merge button.
    * Make meilisearch do exact search for issues.
    * Fix PR creation via api between branches of same repo with head field namespaced.
* Fri Mar 08 2024 Richard Rahl <rrahl0@proton.me>
  - add apparmor profile leeched off of the gitea packaging
  - update to 1.21.7-0:
    * Fix tarball/zipball download bug.
    * Ensure HasIssueContentHistory takes into account comment_id.
    * The google.golang.org/protobuf module was bumped to version v1.33.0 to fix
      a bug in the google.golang.org/protobuf/encoding/protojson package which
      could cause the Unmarshal function to enter an infinite loop when handling
      some invalid inputs
* Fri Feb 09 2024 Richard Rahl <rrahl0@proton.me>
  - initial packaging

Files

/etc/forgejo
/etc/forgejo/conf
/etc/forgejo/conf/app.ini
/usr/bin/forgejo
/usr/bin/gitea
/usr/lib/systemd/system/forgejo.service
/usr/lib/sysusers.d/forgejo.conf
/usr/share/doc/packages/forgejo
/usr/share/doc/packages/forgejo/CONTRIBUTING.md
/usr/share/doc/packages/forgejo/README.md
/usr/share/doc/packages/forgejo/RELEASE-NOTES.md
/usr/share/forgejo
/usr/share/forgejo/conf
/usr/share/forgejo/https
/usr/share/forgejo/mailer
/usr/share/licenses/forgejo
/usr/share/licenses/forgejo/LICENSE
/var/lib/forgejo
/var/lib/forgejo/data
/var/lib/forgejo/https
/var/lib/forgejo/indexers
/var/lib/forgejo/queues
/var/lib/forgejo/repositories
/var/log/forgejo


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Aug 31 00:07:14 2024