From a94c9cfc31ecb6baa8fbfd92ad3cd0ea476642cc Mon Sep 17 00:00:00 2001 From: Nathan Owens Date: Thu, 3 Jan 2019 19:43:30 -0600 Subject: [PATCH] gitea: update to 1.6.2 ; fixes CVE Closes: #6570 [via git-merge-pr] --- srcpkgs/gitea/patches/daemon_config.patch | 112 ---------------------- srcpkgs/gitea/template | 21 +++- 2 files changed, 19 insertions(+), 114 deletions(-) delete mode 100644 srcpkgs/gitea/patches/daemon_config.patch diff --git a/srcpkgs/gitea/patches/daemon_config.patch b/srcpkgs/gitea/patches/daemon_config.patch deleted file mode 100644 index fac7575d705..00000000000 --- a/srcpkgs/gitea/patches/daemon_config.patch +++ /dev/null @@ -1,112 +0,0 @@ ---- custom/conf/app.ini.sample.orig 2018-08-12 00:05:18.826497786 -0700 -+++ custom/conf/app.ini.sample 2018-08-12 00:09:09.836302324 -0700 -@@ -7,12 +7,12 @@ - ; App name that shows in every page title - APP_NAME = Gitea: Git with a cup of tea - ; Change it if you run locally --RUN_USER = git -+RUN_USER = _gitea - ; Either "dev", "prod" or "test", default is "dev" --RUN_MODE = dev -+RUN_MODE = prod - - [repository] --ROOT = -+ROOT = /var/lib/gitea/repositories - SCRIPT_TYPE = bash - ; Default ANSI charset - ANSI_CHARSET = -@@ -44,15 +44,15 @@ - - [repository.local] - ; Path for local repository copy. Defaults to `tmp/local-repo` --LOCAL_COPY_PATH = tmp/local-repo -+LOCAL_COPY_PATH = /var/lib/gitea/tmp/local-repo - ; Path for local wiki copy. Defaults to `tmp/local-wiki` --LOCAL_WIKI_PATH = tmp/local-wiki -+LOCAL_WIKI_PATH = /var/lib/gitea/tmp/local-wiki - - [repository.upload] - ; Whether repository file uploads are enabled. Defaults to `true` - ENABLED = true - ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart) --TEMP_PATH = data/tmp/uploads -+TEMP_PATH = /var/lib/gitea/tmp/uploads - ; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type - ALLOWED_TYPES = - ; Max size of each file in megabytes. Defaults to 3MB -@@ -120,7 +120,7 @@ - REDIRECT_OTHER_PORT = false - PORT_TO_REDIRECT = 80 - ; Permission for unix socket --UNIX_SOCKET_PERMISSION = 666 -+UNIX_SOCKET_PERMISSION = 660 - ; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. - ; In most cases you do not need to change the default value. - ; Alter it only if your SSH server node is not the same as HTTP node. -@@ -186,7 +186,7 @@ - ; Enables git-lfs support. true or false, default is false. - LFS_START_SERVER = false - ; Where your lfs files reside, default is data/lfs. --LFS_CONTENT_PATH = data/lfs -+LFS_CONTENT_PATH = /var/lib/gitea/lfs - ; LFS authentication secret, change this yourself - LFS_JWT_SECRET = - ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. -@@ -201,7 +201,7 @@ - - [database] - ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice --DB_TYPE = mysql -+DB_TYPE = sqlite3 - HOST = 127.0.0.1:3306 - NAME = gitea - USER = root -@@ -210,7 +210,7 @@ - ; For "postgres" only, either "disable", "require" or "verify-full" - SSL_MODE = disable - ; For "sqlite3" and "tidb", use absolute path when you start gitea as service --PATH = data/gitea.db -+PATH = /var/lib/gitea/data/gitea.db - ; For "sqlite3" only. Query timeout - SQLITE_TIMEOUT = 500 - ; For iterate buffer, default is 50 -@@ -219,10 +219,10 @@ - LOG_SQL = true - - [indexer] --ISSUE_INDEXER_PATH = indexers/issues.bleve -+ISSUE_INDEXER_PATH = /var/lib/gitea/indexers/issues.bleve - ; repo indexer by default disabled, since it uses a lot of disk space - REPO_INDEXER_ENABLED = false --REPO_INDEXER_PATH = indexers/repos.bleve -+REPO_INDEXER_PATH = /var/lib/gitea/indexers/repos.bleve - UPDATE_BUFFER_LEN = 20 - MAX_FILE_SIZE = 1048576 - -@@ -401,7 +401,7 @@ - SESSION_LIFE_TIME = 86400 - - [picture] --AVATAR_UPLOAD_PATH = data/avatars -+AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars - ; Max Width and Height of uploaded avatars. This is to limit the amount of RAM - ; used when resizing the image. - AVATAR_MAX_WIDTH = 4096 -@@ -435,14 +435,14 @@ - FORMAT = - - [log] --ROOT_PATH = -+ROOT_PATH = /var/log/gitea/ - ; Either "console", "file", "conn", "smtp" or "database", default is "console" - ; Use comma to separate multiple modes, e.g. "console, file" - MODE = console - ; Buffer length of the channel, keep it as it is if you don't know what it is. - BUFFER_LEN = 10000 - ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" --LEVEL = Trace -+LEVEL = Info - - ; For "console" mode only - [log.console] diff --git a/srcpkgs/gitea/template b/srcpkgs/gitea/template index 8a29b1d7d5d..048bedb13dc 100644 --- a/srcpkgs/gitea/template +++ b/srcpkgs/gitea/template @@ -1,6 +1,6 @@ # Template file for 'gitea' pkgname=gitea -version=1.5.3 +version=1.6.2 revision=1 build_style=go go_import_path=code.gitea.io/gitea @@ -30,7 +30,7 @@ license="MIT" homepage="https://gitea.io" changelog="https://github.com/go-gitea/gitea/blob/master/CHANGELOG.md" distfiles="https://github.com/go-gitea/gitea/archive/v${version}.tar.gz" -checksum=3a94982d1fa0549e26e2c86f859bc09dda480a98a6b07ce5682257f3ce7de188 +checksum=a6d726769f8f7a732dd83f15ad167d1930367c2678a9c590bd00e9aac3bc645b system_accounts="_gitea" _gitea_homedir="/var/lib/gitea" @@ -45,6 +45,23 @@ pre_build() { cd $wrksrc } +pre_install() { + sed -i \ + '/RUN_USER/s:git:_gitea: + s:666:660: + /RUN_MODE/s:dev:prod: + /DB_TYPE/s:mysql:sqlite3: + s:ROOT =:& /var/lib/gitea/repositories: + s:tmp/local-repo:/var/lib/gitea/&: + s:tmp/local-wiki:/var/lib/gitea/&: + /TEMP_PATH/s:data/tmp/uploads:/var/lib/gitea/tmp/uploads: + /LFS_CONTENT/s:data/lfs:/var/lib/gitea/lfs: + s:data/gitea.db:/var/lib/gitea/&: + s:indexers/issues.bleve:/var/lib/gitea/&: + s:data/avatars:/var/lib/gitea/&: + s:ROOT_PATH =:& /var/log/gitea:' custom/conf/app.ini.sample +} + post_install() { vlicense LICENSE vsv gitea