diff options
author | Martchus | 2017-11-05 19:32:12 +0100 |
---|---|---|
committer | Martchus | 2017-11-05 19:32:12 +0100 |
commit | 0556b15cf17b53db622c64a04efbe93194d502a0 (patch) | |
tree | b499d985e873bd37fc20bde8923d5dd34a0ba6c5 | |
parent | d6dd7c1df65335f7969f1c087f82a6ed89ec71e4 (diff) | |
download | aur-0556b15cf17b53db622c64a04efbe93194d502a0.tar.gz |
Add missing dependency pam and security patches
-rw-r--r-- | .SRCINFO | 13 | ||||
-rw-r--r-- | 0001-Adjust-config-for-Arch-Linux-package.patch | 4 | ||||
-rw-r--r-- | 0002-Adjust-service-file-for-Arch-Linux-package.patch | 4 | ||||
-rw-r--r-- | 0003-SECURITY-HTML-injection-in-user-search-API.patch | 34 | ||||
-rw-r--r-- | 0004-SECURITY-fix-branch-name-persistent-XSS.patch | 41 | ||||
-rw-r--r-- | PKGBUILD | 16 |
6 files changed, 99 insertions, 13 deletions
@@ -1,9 +1,9 @@ # Generated by mksrcinfo v8 -# Fri Oct 6 14:54:50 UTC 2017 +# Sun Nov 5 18:32:11 UTC 2017 pkgbase = gogs pkgdesc = Self Hosted Git Service written in Go pkgver = 0.11.29 - pkgrel = 3 + pkgrel = 4 epoch = 1 url = https://gogs.io install = gogs.install @@ -14,6 +14,7 @@ pkgbase = gogs license = MIT makedepends = go>=1.3 depends = git>=1.7.1 + depends = pam optdepends = sqlite: SQLite support optdepends = mariadb: MariaDB support optdepends = postgresql: PostgreSQL support @@ -28,9 +29,13 @@ pkgbase = gogs source = gogs-0.11.29::https://github.com/gogits/gogs/archive/v0.11.29.tar.gz source = 0001-Adjust-config-for-Arch-Linux-package.patch source = 0002-Adjust-service-file-for-Arch-Linux-package.patch + source = 0003-SECURITY-HTML-injection-in-user-search-API.patch + source = 0004-SECURITY-fix-branch-name-persistent-XSS.patch sha512sums = 094dd6b5010128b8a68c3b4a2be389593380be527dd1f1c37882cbd7762ae31ff8da824d047acecb9ef31233ab3c576bc5030c90763adfa32d01b5830d12c04b - sha512sums = 8aad23ec5b600a56aee4fd8db8e998d973865dd2e6432ca88e014c024a88ed5d7baa1a65b8ae752364d1e94a2d42795f5ced71b3f11dc2c57eb84ed110f2e3c1 - sha512sums = 01e19a45212a066589fbedbda9a0f2ac803269b855afed422fdcefb455f8e0da993ac11f0d36028858e4516d2d017e4c29f66dcc7b2260dd24022d1501e230a3 + sha512sums = 43a337ccc0932a8e6f538d24ec8e13a7b509d1e7c4da40d2e76339a67b043090ab648b323c08311f5a62f81db19911138b6ff2c74fb9a869a401571d9b3770c5 + sha512sums = 969a29c3d1a9667e285ebd3490a83c5a684fa037a540ba242dcd86fe8294eef0b1247fc996a4926832ba0d8c56b5d843a117c14c7696899cb813b847b861a5cc + sha512sums = dca31ee707586a2c055f549a36cdfd113def1436dfbb8eaf2358347d66c968fdb265e8832f1c8f8041d0fbddda708f5eac37719ab85040024cdf6eb82568a219 + sha512sums = afafb48f86906db3c1385541eba3d02e028cda087067f4ec467b538cc215d5662ba0af8fe488f4ecbb1f6dff96520c47868c1584239540fb41db8781af6eb792 pkgname = gogs diff --git a/0001-Adjust-config-for-Arch-Linux-package.patch b/0001-Adjust-config-for-Arch-Linux-package.patch index 47477db8721d..a6e6bb624b09 100644 --- a/0001-Adjust-config-for-Arch-Linux-package.patch +++ b/0001-Adjust-config-for-Arch-Linux-package.patch @@ -1,7 +1,7 @@ From 73ef207e99b977f830e8a0d5fc98b8f8d25bb3f6 Mon Sep 17 00:00:00 2001 From: Martchus <martchus@gmx.net> Date: Sun, 19 Mar 2017 18:03:36 +0100 -Subject: [PATCH 1/2] Adjust config for Arch Linux package +Subject: [PATCH 1/4] Adjust config for Arch Linux package --- conf/app.ini | 31 +++++++++++++++++++------------ @@ -92,5 +92,5 @@ index fc43868e9..bc78b8d8c 100644 ; Use comma to separate multiple modes, e.g. "console, file" MODE = console -- -2.14.2 +2.15.0 diff --git a/0002-Adjust-service-file-for-Arch-Linux-package.patch b/0002-Adjust-service-file-for-Arch-Linux-package.patch index 05dcf23d67f8..efdafe67c3bc 100644 --- a/0002-Adjust-service-file-for-Arch-Linux-package.patch +++ b/0002-Adjust-service-file-for-Arch-Linux-package.patch @@ -1,7 +1,7 @@ From 6c229c932878e189e3a785c337a1c5d1cdbea2c3 Mon Sep 17 00:00:00 2001 From: Martchus <martchus@gmx.net> Date: Sun, 19 Mar 2017 18:04:48 +0100 -Subject: [PATCH 2/2] Adjust service file for Arch Linux package +Subject: [PATCH 2/4] Adjust service file for Arch Linux package --- scripts/systemd/gogs.service | 10 +++++----- @@ -30,5 +30,5 @@ index 9f105bf8e..07ffa1f66 100644 [Install] WantedBy=multi-user.target -- -2.14.2 +2.15.0 diff --git a/0003-SECURITY-HTML-injection-in-user-search-API.patch b/0003-SECURITY-HTML-injection-in-user-search-API.patch new file mode 100644 index 000000000000..3fe930ff609e --- /dev/null +++ b/0003-SECURITY-HTML-injection-in-user-search-API.patch @@ -0,0 +1,34 @@ +From f331f09bbd849c0aa568f704a09e81ff77fc50f8 Mon Sep 17 00:00:00 2001 +From: Unknwon <u@gogs.io> +Date: Sat, 14 Oct 2017 23:53:20 -0400 +Subject: [PATCH 3/4] SECURITY: HTML injection in user search API + +Reported by Tim Hawes. +--- + routes/api/v1/user/user.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/routes/api/v1/user/user.go b/routes/api/v1/user/user.go +index dbf727def..8326eea57 100644 +--- a/routes/api/v1/user/user.go ++++ b/routes/api/v1/user/user.go +@@ -12,6 +12,7 @@ import ( + "github.com/gogits/gogs/models" + "github.com/gogits/gogs/models/errors" + "github.com/gogits/gogs/pkg/context" ++ "github.com/gogits/gogs/pkg/markup" + ) + + func Search(c *context.APIContext) { +@@ -39,7 +40,7 @@ func Search(c *context.APIContext) { + ID: users[i].ID, + UserName: users[i].Name, + AvatarUrl: users[i].AvatarLink(), +- FullName: users[i].FullName, ++ FullName: markup.Sanitize(users[i].FullName), + } + if c.IsLogged { + results[i].Email = users[i].Email +-- +2.15.0 + diff --git a/0004-SECURITY-fix-branch-name-persistent-XSS.patch b/0004-SECURITY-fix-branch-name-persistent-XSS.patch new file mode 100644 index 000000000000..36c424342c3c --- /dev/null +++ b/0004-SECURITY-fix-branch-name-persistent-XSS.patch @@ -0,0 +1,41 @@ +From 3025fe70a794d70e3422784401f9ad04d0d71032 Mon Sep 17 00:00:00 2001 +From: Unknwon <u@gogs.io> +Date: Sun, 15 Oct 2017 00:07:46 -0400 +Subject: [PATCH 4/4] SECURITY: fix branch name persistent XSS + +Reported by Carl Hattenfels. +--- + templates/repo/editor/commit_form.tmpl | 3 ++- + templates/repo/issue/view_title.tmpl | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl +index 6aee9f1d1..6ee6300ff 100644 +--- a/templates/repo/editor/commit_form.tmpl ++++ b/templates/repo/editor/commit_form.tmpl +@@ -14,7 +14,8 @@ + <input type="radio" class="js-quick-pull-choice-option" name="commit_choice" value="direct" {{if eq .commit_choice "direct"}}checked{{end}}> + <label> + <i class="octicon octicon-git-commit" height="16" width="14"></i> +- {{.i18n.Tr "repo.editor.commit_directly_to_this_branch" .BranchName | Safe}} ++ {{$branchName := .BranchName | Str2html}} ++ {{.i18n.Tr "repo.editor.commit_directly_to_this_branch" $branchName | Safe}} + </label> + </div> + </div> +diff --git a/templates/repo/issue/view_title.tmpl b/templates/repo/issue/view_title.tmpl +index 3f3b62e65..4650ba4c8 100644 +--- a/templates/repo/issue/view_title.tmpl ++++ b/templates/repo/issue/view_title.tmpl +@@ -28,7 +28,7 @@ + {{if .Issue.PullRequest.HasMerged}} + {{ $mergedStr:= TimeSince .Issue.PullRequest.Merged $.Lang }} + <a {{if gt .Issue.PullRequest.Merger.ID 0}}href="{{.Issue.PullRequest.Merger.HomeLink}}"{{end}}>{{.Issue.PullRequest.Merger.Name}}</a> +- <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Safe}}</span> ++ <span class="pull-desc">{{$.i18n.Tr "repo.pulls.merged_title_desc" .NumCommits .HeadTarget .BaseTarget $mergedStr | Str2html}}</span> + {{else}} + <a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.Name}}</a> + <span class="pull-desc">{{$.i18n.Tr "repo.pulls.title_desc" .NumCommits .HeadTarget .BaseTarget | Str2html}}</span> +-- +2.15.0 + @@ -8,13 +8,13 @@ _gourl=github.com/gogits/$_pkgname pkgname=$_pkgname pkgver=0.11.29 -pkgrel=3 +pkgrel=4 epoch=1 pkgdesc='Self Hosted Git Service written in Go' arch=('i686' 'x86_64' 'armv6h' 'armv7h') url="https://$_pkgname.io" license=('MIT') -depends=('git>=1.7.1') +depends=('git>=1.7.1' 'pam') optdepends=('sqlite: SQLite support' 'mariadb: MariaDB support' 'postgresql: PostgreSQL support' @@ -28,10 +28,14 @@ backup=("etc/$_pkgname/app.ini") install=$_pkgname.install source=("$_pkgname-$pkgver::https://github.com/$_orga/$_pkgname/archive/v${pkgver}.tar.gz" '0001-Adjust-config-for-Arch-Linux-package.patch' - '0002-Adjust-service-file-for-Arch-Linux-package.patch') + '0002-Adjust-service-file-for-Arch-Linux-package.patch' + '0003-SECURITY-HTML-injection-in-user-search-API.patch' + '0004-SECURITY-fix-branch-name-persistent-XSS.patch') sha512sums=('094dd6b5010128b8a68c3b4a2be389593380be527dd1f1c37882cbd7762ae31ff8da824d047acecb9ef31233ab3c576bc5030c90763adfa32d01b5830d12c04b' - '8aad23ec5b600a56aee4fd8db8e998d973865dd2e6432ca88e014c024a88ed5d7baa1a65b8ae752364d1e94a2d42795f5ced71b3f11dc2c57eb84ed110f2e3c1' - '01e19a45212a066589fbedbda9a0f2ac803269b855afed422fdcefb455f8e0da993ac11f0d36028858e4516d2d017e4c29f66dcc7b2260dd24022d1501e230a3') + '43a337ccc0932a8e6f538d24ec8e13a7b509d1e7c4da40d2e76339a67b043090ab648b323c08311f5a62f81db19911138b6ff2c74fb9a869a401571d9b3770c5' + '969a29c3d1a9667e285ebd3490a83c5a684fa037a540ba242dcd86fe8294eef0b1247fc996a4926832ba0d8c56b5d843a117c14c7696899cb813b847b861a5cc' + 'dca31ee707586a2c055f549a36cdfd113def1436dfbb8eaf2358347d66c968fdb265e8832f1c8f8041d0fbddda708f5eac37719ab85040024cdf6eb82568a219' + 'afafb48f86906db3c1385541eba3d02e028cda087067f4ec467b538cc215d5662ba0af8fe488f4ecbb1f6dff96520c47868c1584239540fb41db8781af6eb792') _goroot='/usr/lib/go' prepare() { @@ -62,6 +66,8 @@ prepare() { cd "$GOPATH/src/${_gourl}" patch -Np1 -i "$srcdir/0001-Adjust-config-for-Arch-Linux-package.patch" patch -Np1 -i "$srcdir/0002-Adjust-service-file-for-Arch-Linux-package.patch" + patch -Np1 -i "$srcdir/0003-SECURITY-HTML-injection-in-user-search-API.patch" + patch -Np1 -i "$srcdir/0004-SECURITY-fix-branch-name-persistent-XSS.patch" } build() { |