0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-18 12:22:36 -05:00
Commit graph

19216 commits

Author SHA1 Message Date
Earl Warren
64142ee149 chore(release): link to the standalone release notes file
(cherry picked from commit 0e02397915)
2024-12-19 08:38:46 +00:00
Earl Warren
b07b7f7687 Merge pull request 'Update module golang.org/x/net to v0.33.0 (v7.0/forgejo)' (#6317) from renovate/v7.0/forgejo-golang.org-x-net-0.x into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6317
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-19 07:01:59 +00:00
Earl Warren
be61fd0696
Update module golang.org/x/net to v0.33.0 (license) 2024-12-19 07:14:50 +01:00
Renovate Bot
dc13183803 Update module golang.org/x/net to v0.33.0 2024-12-18 23:16:05 +00:00
Earl Warren
4e0ab47c1c Merge pull request '[v7.0/forgejo] fix: ensure correct ssh public key is used for authentication' (#6252) from earl-warren/forgejo:wip-7.0-ssh into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6252
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-12-12 07:03:49 +00:00
Gusted
f7cb37ca5a
fix: ensure correct ssh public key is used for authentication
- The root cause is described in b4f1988a35
- Move to a fork of `github.com/gliderlabs/ssh` that exposes the
permissions that was chosen by `x/crypto/ssh` after succesfully
authenticating, this is the recommended mitigation by the Golang
security team. The fork exposes this, since `gliderlabs/ssh` instead
relies on context values to do so, which is vulnerable to the same
attack, although partially mitigated by the fix in `x/crypto/ssh` it
would not be good practice and defense deep to rely on it.
- Existing tests covers that the functionality is preserved.
- No tests are added to ensure it fixes the described security, the
exploit relies on non-standard SSH behavior it would be too hard to
craft SSH packets to exploit this.

(cherry picked from commit 3e1b03838e)

Conflicts:
	go.mod
	go.sum
  trivial context conflict
2024-12-12 07:02:14 +01:00
Earl Warren
d77e27304f Merge pull request 'Update module golang.org/x/crypto to v0.31.0 (v7.0/forgejo)' (#6246) from renovate/v7.0/forgejo-golang.org-x-crypto-0.x into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6246
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-12 05:06:14 +00:00
Earl Warren
157dd37035
Update module golang.org/x/crypto to v0.31.0 (licenses) 2024-12-12 05:50:19 +01:00
Renovate Bot
09162b8daf Update module golang.org/x/crypto to v0.31.0 2024-12-12 04:38:24 +00:00
Earl Warren
9191b4d192 Merge pull request '[v7.0/forgejo] chore(ci): set the milestone when a pull request is closed (take 4)' (#6230) from bp-v7.0/forgejo-6f53f7d into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6230
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-10 07:07:29 +00:00
Earl Warren
a23de662eb chore(ci): set the milestone when a pull request is closed (take 4)
The milestone can only be determined to be final when a pull request
is merged.

It is possible that a pull request is opened during the development of
v10 and merged after it is published.

It is also possible that it is permanently closed without being merged.

(cherry picked from commit 6f53f7d007)
2024-12-10 06:21:21 +00:00
Earl Warren
e9381b63be Merge pull request '[v7.0/forgejo] chore(ci): set the milestone when a pull request is open (take 3)' (#6224) from bp-v7.0/forgejo-bf9e19c into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6224
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-09 23:30:26 +00:00
Earl Warren
7259d3b73f chore(ci): set the milestone when a pull request is open (take 3)
pull_request_target runs from the target branch, not the default branch

(cherry picked from commit bf9e19cc21)
2024-12-09 22:56:13 +00:00
Earl Warren
2d1f6d7063 Merge pull request '[v7.0/forgejo] chore(ci): set the milestone when a pull request is open' (#6216) from bp-v7.0/forgejo-1f18d8d into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6216
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-09 16:46:21 +00:00
Earl Warren
abd626eca7
chore(ci): set the milestone when a pull request is open (take 2)
Use the oci:ci image to get jq

(cherry picked from commit ebfe702df6)
2024-12-09 17:43:20 +01:00
Earl Warren
4164e907e6 chore(ci): set the milestone when a pull request is open
(cherry picked from commit 1f18d8d677)
2024-12-09 16:17:28 +00:00
Earl Warren
5dbb2dbe0d Merge pull request '[v7.0/forgejo] fix: dbconsistency check adding missing quotes' (#6132) from bp-v7.0/forgejo-b525eec into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6132
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-03 09:27:58 +00:00
Gusted
2580cece8e Merge pull request 'fix: dbconsistency check adding missing quotes' (#6124) from 71rd/forgejo:dbconsistency-forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6124
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
(cherry picked from commit b525eec82b)
2024-12-03 07:31:41 +00:00
Gusted
f93a7a93a3 Merge pull request '[v7.0/forgejo] fix: Do not delete global Oauth2 applications' (#6056) from bp-v7.0/forgejo-665d5f7-1d5aee6 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6056
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-25 03:10:52 +00:00
Otto Richter
2d75678303 fix: Do not delete global Oauth2 applications
(cherry picked from commit 1d5aee6ef8)
2024-11-23 22:48:34 +00:00
Otto Richter
a3c917b1c1 test: Global OAuth should not be deleted
Expected to fail: Global (instance-wide) OAuth application should not be deleted, but it is

(cherry picked from commit 665d5f7317)
2024-11-23 22:48:34 +00:00
Earl Warren
ed15e04b33 Merge pull request '[v7.0/forgejo] chore(ci): remove unused experimental DNS updates' (#6036) from earl-warren/forgejo:wip-v7.0-dns-update into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6036
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-20 16:48:39 +00:00
Earl Warren
4f85e369ec
chore(ci): remove unused experimental DNS updates
(cherry picked from commit a69943085a)

Conflicts:
	.forgejo/workflows/publish-release.yml
  trivial context conflict
2024-11-20 16:07:33 +00:00
Earl Warren
4c4e27cbd6 Merge pull request '[v7.0/forgejo] fix: 15 November 2024 security fixes batch' (#5976) from earl-warren/forgejo:wip-v7.0-security-15-11 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5976
2024-11-15 12:00:23 +00:00
Earl Warren
579560bd72
chore(release-notes): 15 November 2024 security fixes 2024-11-15 12:10:02 +01:00
Gusted
16419b6fc3
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.

(cherry picked from commit e6bbecb02d)
2024-11-15 12:02:14 +01:00
Gusted
b770282d45
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.

(cherry picked from commit 1ce33aa38d)

v7: Removed migration - XORM can handle this case automatically without migration.

assert.Equal(t, `doesnotexist@example.com`, msgs[0].To) in tests
because v7 does not include the user name to the recipient.
2024-11-15 12:02:14 +01:00
Gusted
5b53a150c0
Improve usage of HMAC output for mailer tokens
- If the incoming mail feature is enabled, tokens are being sent with
outgoing mails. These tokens contains information about what type of
action is allow with such token (such as replying to a certain issue
ID), to verify these tokens the code uses the HMAC-SHA256 construction.
- The output of the HMAC is truncated to 80 bits, because this is
recommended by RFC2104, but RFC2104 actually doesn't recommend this. It
recommends, if truncation should need to take place, it should use
max(80, hash_len/2) of the leftmost bits. For HMAC-SHA256 this works out
to 128 bits instead of the currently used 80 bits.
- Update to token version 2 and disallow any usage of token version 1,
token version 2 are generated with 128 bits of HMAC output.
- Add test to verify the deprecation of token version 1 and a general
MAC check test.

(cherry picked from commit 9508aa7713)
2024-11-15 12:02:09 +01:00
Gusted
3a197f7de2
fix: strict matching of allowed content for sanitizer
- _Simply_ add `^$` to regexp that didn't had it yet, this avoids any
content being allowed that simply had the allowed content as a
substring.
- Fix file-preview regex to have `$` instead of `*`.

(cherry picked from commit 7067cc7da4)

v7: added fix for ref-issue, this is already fixed in forgejo branch but
not backported as it was part of a feature.
2024-11-15 11:59:35 +01:00
Gusted
c2284d871f
fix: anomynous users code search for private/limited user's repository
- Consider private/limited users in the `AccessibleRepositoryCondition`
query, previously this only considered private/limited organization.
This limits the ability for anomynous users to do code search on
private/limited user's repository
- Unit test added.

(cherry picked from commit b70196653f)
2024-11-15 11:59:22 +01:00
Gusted
eb066a472c
fix: require code permissions for branch feed
- The RSS and atom feed for branches exposes details about the code, it
therefore should be guarded by the requirement that the doer has access
to the code of that repository.
- Added integration testing.

(cherry picked from commit 3e3ef76808)
2024-11-15 11:59:08 +01:00
Gusted
7480b6072f
fix: don't show private forks in forks list
- If a repository is forked to a private or limited user/organization,
the fork should not be visible in the list of forks depending on the
doer requesting the list of forks.
- Added integration testing for web and API route.

(cherry picked from commit 061abe6004)
2024-11-15 11:58:58 +01:00
Gusted
656351d028
fix: add ID check for updating push mirror interval
- Ensure that the specified push mirror ID belongs to the requested
repository, otherwise it is possible to modify the intervals of the push
mirrors that do not belong to the requested repository.
- Integration test added.

(cherry picked from commit 786dfc7fb8)
2024-11-15 11:58:37 +01:00
Earl Warren
4ada4bc828 Merge pull request '[v7.0/forgejo] chore(ci): ROLE forgejo-coding & forgejo-testing' (#5953) from earl-warren/forgejo:wip-v7.0-testing-only into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5953
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-14 11:12:35 +00:00
Earl Warren
91ff7f3324
chore(ci): ROLE forgejo-coding & forgejo-testing (part two)
When the CI vars.ROLE is forgejo-coding, it is assumed to be the
repository where collaborative coding happens,
i.e. https://codeberg.org/forgejo/forgejo

When the CI vars.ROLE is forgejo-testing, it is assumed that only codebase
testing is to be run and no other tests such as release build
integration, label constraints, backporting etc.

(cherry picked from commit 068558accd)

Conflicts:
	.forgejo/workflows/testing.yml
  e2e was in .forgejo/workflows/e2e.yml
  and some tests did not exist in v7.0
2024-11-14 10:21:29 +01:00
Earl Warren
900307a3ed
chore(ci): ROLE forgejo-coding & forgejo-testing
When the CI vars.ROLE is forgejo-coding, it is assumed to be the
repository where collaborative coding happens,
i.e. https://codeberg.org/forgejo/forgejo

When the CI vars.ROLE is forgejo-testing, it is assumed that only codebase
testing is to be run and no other tests such as release build
integration, label constraints, backporting etc.

(cherry picked from commit f82840f1ea)

Conflicts:
	.forgejo/workflows/merge-requirements.yml
	.forgejo/workflows/release-notes-assistant-milestones.yml
	.forgejo/workflows/release-notes-assistant.yml
  did not exist back in v7.0
2024-11-14 10:19:49 +01:00
Earl Warren
6ca9686054 Merge pull request '[v7.0/forgejo] chore(release): also copy the release to code.forgejo.org' (#5938) from earl-warren/forgejo:wip-v7.0-mirror into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5938
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-13 18:45:09 +00:00
Earl Warren
c565439eb9
chore(ci): trigger a mirror when a release is publish
Notify https://code.forgejo.org/forgejo/forgejo that a new release was
published by setting the trigger label to
https://code.forgejo.org/forgejo/forgejo/issues/5.

It is only ever useful when a stable release is published, the
experimental releases are not mirrored. But it is triggered in all
cases. This will waste a few mirror check daily, when experimental
releases are built. This is an improvement compared to the current
situation where mirrors are checked hourly:

* Instead of being checked 24 times per day it will be down to less
  than 5
* The mirror happens immediately after the release is published
  instead of waiting for the next run of the cron job.

If a mirror operation is in progress, as evidenced by the presence of
the trigger label on the issure, it means two releases are being
published. Wait up to 1h for the mirror to complete and remove the
trigger label.

(cherry picked from commit 7492330721)

Conflicts:
	.forgejo/workflows/publish-release.yml
  trivial context conflict
2024-11-13 18:03:45 +01:00
Otto
b94044407f Merge pull request '[v7.0/forgejo] chore(renovate): only run if renovate workflow changed' (#5860) from bp-v7.0/forgejo-2eeb2fc into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5860
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-08 12:58:01 +00:00
Michael Kriese
2cba5eadb1 chore(renovate): only run if renovate workflow changed
(cherry picked from commit 2eeb2fcd35)
2024-11-08 12:42:50 +00:00
Renovate Bot
a2d5560782 Update dependency happy-dom to v15 [SECURITY] (v7.0/forgejo) (#5853)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-08 09:44:46 +00:00
Earl Warren
2148397813 Merge pull request '[v7.0/forgejo] chore(ci): notify the k8s cluster about experimental releases [skip ci]' (#5808) from earl-warren/forgejo:wip-v7.0-next-digest into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5808
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-04 14:14:57 +00:00
Earl Warren
b81dfaf2b3
chore(ci): the k8s cluster uses the root container
v7.next.forgejo.org is legacy and was created with a root container
image as an exception.

https://code.forgejo.org/infrastructure/k8s-cluster/issues/30#issuecomment-17221
2024-11-04 14:46:00 +01:00
Earl Warren
305ec55b10
[v7.0/forgejo] chore(ci): notify the k8s cluster about experimental releases
This is in preparation of the migration of the v*.next.forgejo.org
instances currently managed at https://code.forgejo.org/infrastructure/k8s

The key difference is that the former system relies on ad-hoc scripts
and creates one k8s cluster for each instance, sharing nothing between
them.

The newer k8s cluster is used for all and requires significantly less
ad-hoc tooling.

See also:

* https://code.forgejo.org/infrastructure/next-digest
* https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/k8s.md#updating-v-next-forgejo-org

(cherry picked from commit dab156b452)
2024-11-04 14:37:59 +01:00
Earl Warren
ec3321a02d Merge pull request 'Update dependency mermaid to v10.9.3 [SECURITY] (v7.0/forgejo)' (#5725) from renovate/v7.0/forgejo-npm-mermaid-vulnerability into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5725
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-28 07:59:16 +00:00
Earl Warren
20848116a6 Merge pull request '[v7.0/forgejo] use constant time check for internal token' (#5723) from bp-v7.0/forgejo-53231ba into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5723
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-28 07:21:14 +00:00
Renovate Bot
23dc779f94 Update dependency mermaid to v10.9.3 [SECURITY] 2024-10-28 06:28:51 +00:00
Gusted
1f40efc60b fix(sec): use constant time check for internal token
(cherry picked from commit 53231bad61)
2024-10-28 06:17:16 +00:00
Earl Warren
cc343f27e9 Merge pull request '[v7.0/forgejo] add permission check to 'delete branch after merge'' (#5720) from earl-warren/forgejo:wip-v7.0-delete-branch into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5720
2024-10-28 06:15:56 +00:00
Gusted
5488ec7d96
security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.

(cherry picked from commit 266e0b2ce9)

Conflicts:
	tests/integration/pull_merge_test.go
  trivial context conflict
2024-10-28 06:32:10 +01:00