Skip to content

Disallow urlencoded new lines in git protocol paths if there is a port#13521

Merged
zeripath merged 1 commit into
go-gitea:masterfrom
zeripath:no-ports-for-git-protocol
Nov 11, 2020
Merged

Disallow urlencoded new lines in git protocol paths if there is a port#13521
zeripath merged 1 commit into
go-gitea:masterfrom
zeripath:no-ports-for-git-protocol

Conversation

@zeripath
Copy link
Copy Markdown
Contributor

@zeripath zeripath commented Nov 11, 2020

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Disallow urlencoded new lines in git protocol paths if there is a port
8116f7b 
Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.14.0 milestone Nov 11, 2020
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Nov 11, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 11, 2020
@zeripath zeripath merged commit 5d932b3 into go-gitea:master Nov 11, 2020
@zeripath zeripath deleted the no-ports-for-git-protocol branch November 11, 2020 20:34
6543 pushed a commit to 6543-forks/gitea that referenced this pull request Nov 11, 2020
@zeripath @6543
Disallow urlencoded new lines in git protocol paths if there is a port (
bf7f5ee 
go-gitea#13521)

Signed-off-by: Andrew Thornton <art27@cantab.net>
@6543 6543 mentioned this pull request Nov 11, 2020
Merged
6543 pushed a commit to 6543-forks/gitea that referenced this pull request Nov 11, 2020
@zeripath @6543
Disallow urlencoded new lines in git protocol paths if there is a port (
679efbd 
go-gitea#13521)

Signed-off-by: Andrew Thornton <art27@cantab.net>
@6543 6543 mentioned this pull request Nov 11, 2020
Merged
@6543 6543 added the backport/done All backports for this PR have been created label Nov 11, 2020
@6543
Copy link
Copy Markdown
Member

6543 commented Nov 11, 2020

Backports:

lafriks pushed a commit that referenced this pull request Nov 11, 2020
@6543 @zeripath
Disallow urlencoded new lines in git protocol paths if there is a port (
122f8f8 
#13521) (#13524)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
lafriks pushed a commit that referenced this pull request Nov 11, 2020
@6543 @zeripath
Disallow urlencoded new lines in git protocol paths if there is a port (
480efbd 
#13521) (#13525)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
@lafriks lafriks added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Nov 11, 2020
@stypr stypr mentioned this pull request Nov 16, 2020
Merged
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 22, 2020
www/gitea: Update to 1.12.6
167c377 
    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
MFH:		2020Q4
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521


git-svn-id: svn+ssh://svn.freebsd.org/ports/head@556058 35697150-7ecd-e111-bb59-0022644237b5
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 22, 2020
@assistcontrol
MFH: r552525 r556058
f89a86b 
Approved by:	portmgr (with hat)

www/gitea: Update to 1.12.5

Changes: https://github.com/go-gitea/gitea/releases/tag/v1.12.5

PR:		250372
Approved by:	maintainer

www/gitea: Update to 1.12.6

    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 22, 2020
@assistcontrol
www/gitea: Update to 1.12.6
69af755 
    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
MFH:		2020Q4
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521
Jehops pushed a commit to Jehops/freebsd-ports-legacy that referenced this pull request Nov 22, 2020
@assistcontrol
www/gitea: Update to 1.12.6
7963963 
    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
MFH:		2020Q4
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521


git-svn-id: svn+ssh://svn.freebsd.org/ports/head@556058 35697150-7ecd-e111-bb59-0022644237b5
@go-gitea go-gitea locked and limited conversation to collaborators Dec 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny Awaiting requested review from lunny

@techknowlogick techknowlogick Awaiting requested review from techknowlogick

@lafriks lafriks Awaiting requested review from lafriks

2 more reviewers

@mrsdizzie mrsdizzie mrsdizzie approved these changes

@jolheiser jolheiser jolheiser approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

Projects

None yet

Milestone

1.14.0

Development

Successfully merging this pull request may close these issues.

6 participants

@zeripath @6543 @mrsdizzie @jolheiser @lafriks @GiteaBot