Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disallow urlencoded new lines in git protocol paths if there is a port #13521

Merged
merged 1 commit into from
Nov 11, 2020
Merged

Disallow urlencoded new lines in git protocol paths if there is a port #13521

merged 1 commit into from
Nov 11, 2020

Conversation

zeripath
Copy link
Contributor

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Disallow urlencoded new lines in git protocol paths if there is a port
8116f7b 
Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.14.0 milestone Nov 11, 2020
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Nov 11, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 11, 2020
@zeripath zeripath merged commit 5d932b3 into go-gitea:master Nov 11, 2020
@zeripath zeripath deleted the no-ports-for-git-protocol branch November 11, 2020 20:34
6543 pushed a commit to 6543-forks/gitea that referenced this pull request Nov 11, 2020
@zeripath @6543
Disallow urlencoded new lines in git protocol paths if there is a port (
bf7f5ee 
go-gitea#13521)

Signed-off-by: Andrew Thornton <art27@cantab.net>
@6543 6543 mentioned this pull request Nov 11, 2020
Merged
6543 pushed a commit to 6543-forks/gitea that referenced this pull request Nov 11, 2020
@zeripath @6543
Disallow urlencoded new lines in git protocol paths if there is a port (
679efbd 
go-gitea#13521)

Signed-off-by: Andrew Thornton <art27@cantab.net>
@6543 6543 mentioned this pull request Nov 11, 2020
Merged
@6543 6543 added the backport/done All backports for this PR have been created label Nov 11, 2020
@6543
Copy link
Member

6543 commented Nov 11, 2020

Backports:

lafriks pushed a commit that referenced this pull request Nov 11, 2020
@6543 @zeripath
Disallow urlencoded new lines in git protocol paths if there is a port (
122f8f8 
#13521) (#13524)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
lafriks pushed a commit that referenced this pull request Nov 11, 2020
@6543 @zeripath
Disallow urlencoded new lines in git protocol paths if there is a port (
480efbd 
#13521) (#13525)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
@lafriks lafriks added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Nov 11, 2020
@stypr stypr mentioned this pull request Nov 16, 2020
Merged
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 22, 2020
www/gitea: Update to 1.12.6
167c377 
    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
MFH:		2020Q4
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521


git-svn-id: svn+ssh://svn.freebsd.org/ports/head@556058 35697150-7ecd-e111-bb59-0022644237b5
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 22, 2020
@assistcontrol
MFH: r552525 r556058
f89a86b 
Approved by:	portmgr (with hat)

www/gitea: Update to 1.12.5

Changes: https://github.com/go-gitea/gitea/releases/tag/v1.12.5

PR:		250372
Approved by:	maintainer

www/gitea: Update to 1.12.6

    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521
uqs pushed a commit to freebsd/freebsd-ports that referenced this pull request Nov 22, 2020
@assistcontrol
www/gitea: Update to 1.12.6
69af755 
    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
MFH:		2020Q4
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521
Jehops pushed a commit to Jehops/freebsd-ports-legacy that referenced this pull request Nov 22, 2020
@assistcontrol
www/gitea: Update to 1.12.6
7963963 
    SECURITY
        Prevent git operations for inactive users (#13527) (#13537)
        Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
    BUGFIXES
        API should only return Json (#13511) (#13564)
        Fix before and since query arguments at API (#13559) (#13560)
        Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
        Fix link detection in repository description with tailing ‘_’ (#13407) (#13408)
        Remove obsolete change of email on profile page (#13341) (#13348)
        Fix permission check on get Reactions API endpoints (#13344) (#13346)
        Add migrated pulls to pull request task queue (#13331) (#13335)
        API deny wrong pull creation options (#13308) (#13327)
        Fix initial commit page & binary munching problem (#13249) (#13259)
        Fix diff parsing (#13157) (#13136) (#13139)
        Return error 404 not 500 from API if team does not exist (#13118) (#13119)
        Prohibit automatic downgrades (#13108) (#13111)
        Fix GitLab Migration Option AuthToken (#13101)
        GitLab Label Color Normalizer (#12793) (#13100)
        Log the underlying panic in runMigrateTask (#13096) (#13098)
        Fix attachments list in edit comment (#13036) (#13097)
        Fix deadlock when deleting team user (#13093)
        Fix error create comment on outdated file (#13041) (#13042)
        Fix repository create/delete event webhooks (#13008) (#13027)
        Fix internal server error on README in submodule (#13006) (#13016)

PR:		251296
Submitted by:	maintainer
MFH:		2020Q4
Security:	go-gitea/gitea#13527
		go-gitea/gitea#13521


git-svn-id: svn+ssh://svn.freebsd.org/ports/head@556058 35697150-7ecd-e111-bb59-0022644237b5
@go-gitea go-gitea locked and limited conversation to collaborators Dec 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mrsdizzie mrsdizzie mrsdizzie approved these changes

@jolheiser jolheiser jolheiser approved these changes

@lunny lunny Awaiting requested review from lunny

@techknowlogick techknowlogick Awaiting requested review from techknowlogick

@lafriks lafriks Awaiting requested review from lafriks

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.14.0
Development

Successfully merging this pull request may close these issues.
6 participants
@zeripath @6543 @mrsdizzie @jolheiser @lafriks @GiteaBot