Skip to content

Commit a819e3c

Browse files
65436543
authored
Merge branch 'master' into fix-14854-fix-position-of-buttons-org-home
2 parents 7a2d803 + c03f530 commit a819e3c

File tree

19 files changed

+230
-56
lines changed

19 files changed

+230
-56
lines changed

CHANGELOG.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,19 @@ This changelog goes through all the changes that have been made in each release
44
without substantial changes to our git log; to see the highlights of what has
55
been added to each release, please refer to the [blog](https://blog.gitea.io).
66

7+
## [1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4) - 2021-03-07
8+
9+
* SECURITY
10+
* Fix issue popups (#14898) (#14899)
11+
* BUGFIXES
12+
* Fix race in LFS ContentStore.Put(...) (#14895) (#14913)
13+
* Fix a couple of issues with a feeds (#14897) (#14903)
14+
* When transfering repository and database transaction failed, rollback the renames (#14864) (#14902)
15+
* Fix race in local storage (#14888) (#14901)
16+
* Fix 500 on pull view page if user is not loged in (#14885) (#14886)
17+
* DOCS
18+
* Fix how lfs data path is set (#14855) (#14884)
19+
720
## [1.13.3](https://github.com/go-gitea/gitea/releases/tag/v1.13.3) - 2021-03-04
821

922
* BREAKING

cmd/web.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ func runHTTPRedirector() {
6464
http.Redirect(w, r, target, http.StatusTemporaryRedirect)
6565
})
6666

67-
var err = runHTTP("tcp", source, context2.ClearHandler(handler))
67+
var err = runHTTP("tcp", source, "HTTP Redirector", context2.ClearHandler(handler))
6868

6969
if err != nil {
7070
log.Fatal("Failed to start port redirection: %v", err)
@@ -198,7 +198,7 @@ func listen(m http.Handler, handleRedirector bool) error {
198198
if handleRedirector {
199199
NoHTTPRedirector()
200200
}
201-
err = runHTTP("tcp", listenAddr, context2.ClearHandler(m))
201+
err = runHTTP("tcp", listenAddr, "Web", context2.ClearHandler(m))
202202
case setting.HTTPS:
203203
if setting.EnableLetsEncrypt {
204204
err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
@@ -211,22 +211,22 @@ func listen(m http.Handler, handleRedirector bool) error {
211211
NoHTTPRedirector()
212212
}
213213
}
214-
err = runHTTPS("tcp", listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
214+
err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
215215
case setting.FCGI:
216216
if handleRedirector {
217217
NoHTTPRedirector()
218218
}
219-
err = runFCGI("tcp", listenAddr, context2.ClearHandler(m))
219+
err = runFCGI("tcp", listenAddr, "FCGI Web", context2.ClearHandler(m))
220220
case setting.UnixSocket:
221221
if handleRedirector {
222222
NoHTTPRedirector()
223223
}
224-
err = runHTTP("unix", listenAddr, context2.ClearHandler(m))
224+
err = runHTTP("unix", listenAddr, "Web", context2.ClearHandler(m))
225225
case setting.FCGIUnix:
226226
if handleRedirector {
227227
NoHTTPRedirector()
228228
}
229-
err = runFCGI("unix", listenAddr, context2.ClearHandler(m))
229+
err = runFCGI("unix", listenAddr, "Web", context2.ClearHandler(m))
230230
default:
231231
log.Fatal("Invalid protocol: %s", setting.Protocol)
232232
}

cmd/web_graceful.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,16 +14,16 @@ import (
1414
"code.gitea.io/gitea/modules/log"
1515
)
1616

17-
func runHTTP(network, listenAddr string, m http.Handler) error {
18-
return graceful.HTTPListenAndServe(network, listenAddr, m)
17+
func runHTTP(network, listenAddr, name string, m http.Handler) error {
18+
return graceful.HTTPListenAndServe(network, listenAddr, name, m)
1919
}
2020

21-
func runHTTPS(network, listenAddr, certFile, keyFile string, m http.Handler) error {
22-
return graceful.HTTPListenAndServeTLS(network, listenAddr, certFile, keyFile, m)
21+
func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
22+
return graceful.HTTPListenAndServeTLS(network, listenAddr, name, certFile, keyFile, m)
2323
}
2424

25-
func runHTTPSWithTLSConfig(network, listenAddr string, tlsConfig *tls.Config, m http.Handler) error {
26-
return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, tlsConfig, m)
25+
func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
26+
return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
2727
}
2828

2929
// NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@@ -43,9 +43,9 @@ func NoInstallListener() {
4343
graceful.GetManager().InformCleanup()
4444
}
4545

46-
func runFCGI(network, listenAddr string, m http.Handler) error {
46+
func runFCGI(network, listenAddr, name string, m http.Handler) error {
4747
// This needs to handle stdin as fcgi point
48-
fcgiServer := graceful.NewServer(network, listenAddr)
48+
fcgiServer := graceful.NewServer(network, listenAddr, name)
4949

5050
err := fcgiServer.ListenAndServe(func(listener net.Listener) error {
5151
return fcgi.Serve(listener, m)

cmd/web_letsencrypt.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,14 +46,14 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
4646
go func() {
4747
log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
4848
// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
49-
var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
49+
var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
5050
if err != nil {
5151
log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
5252
}
5353
}()
5454
}
5555

56-
return runHTTPSWithTLSConfig("tcp", listenAddr, tlsConfig, context2.ClearHandler(m))
56+
return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, context2.ClearHandler(m))
5757
}
5858

5959
func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {

custom/conf/app.example.ini

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -319,6 +319,10 @@ SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sh
319319
; For the built-in SSH server, choose the MACs to support for SSH connections,
320320
; for system SSH this setting has no effect
321321
SSH_SERVER_MACS = [email protected], hmac-sha2-256, hmac-sha1, hmac-sha1-96
322+
; For the built-in SSH server, choose the keypair to offer as the host key
323+
; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
324+
; relative paths are made absolute relative to the APP_DATA_PATH
325+
SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
322326
; Directory to create temporary files in when testing public keys using ssh-keygen,
323327
; default is the system temporary directory.
324328
SSH_KEY_TEST_PATH =

docs/content/doc/advanced/config-cheat-sheet.en-us.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -256,6 +256,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
256256
- `SSH_SERVER_CIPHERS`: **aes128-ctr, aes192-ctr, aes256-ctr, [email protected], arcfour256, arcfour128**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
257257
- `SSH_SERVER_KEY_EXCHANGES`: **diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, [email protected]**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
258258
- `SSH_SERVER_MACS`: **[email protected], hmac-sha2-256, hmac-sha1, hmac-sha1-96**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
259+
- `SSH_SERVER_HOST_KEYS`: **ssh/gitea.rsa, ssh/gogs.rsa**: For the built-in SSH server, choose the keypairs to offer as the host key. The private key should be at `SSH_SERVER_HOST_KEY` and the public `SSH_SERVER_HOST_KEY.pub`. Relative paths are made absolute relative to the `APP_DATA_PATH`. If no key exists a 4096 bit RSA key will be created for you.
259260
- `SSH_KEY_TEST_PATH`: **/tmp**: Directory to create temporary files in when testing public keys using ssh-keygen, default is the system temporary directory.
260261
- `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
261262
- `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.

models/issue.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,9 @@ func (issue *Issue) loadTotalTimes(e Engine) (err error) {
9797

9898
// IsOverdue checks if the issue is overdue
9999
func (issue *Issue) IsOverdue() bool {
100+
if issue.IsClosed {
101+
return issue.ClosedUnix >= issue.DeadlineUnix
102+
}
100103
return timeutil.TimeStampNow() >= issue.DeadlineUnix
101104
}
102105

models/issue_milestone.go

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,8 +63,10 @@ func (m *Milestone) AfterLoad() {
6363
}
6464

6565
m.DeadlineString = m.DeadlineUnix.Format("2006-01-02")
66-
if timeutil.TimeStampNow() >= m.DeadlineUnix {
67-
m.IsOverdue = true
66+
if m.IsClosed {
67+
m.IsOverdue = m.ClosedDateUnix >= m.DeadlineUnix
68+
} else {
69+
m.IsOverdue = timeutil.TimeStampNow() >= m.DeadlineUnix
6870
}
6971
}
7072

modules/graceful/server.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,11 +48,11 @@ type Server struct {
4848
}
4949

5050
// NewServer creates a server on network at provided address
51-
func NewServer(network, address string) *Server {
51+
func NewServer(network, address, name string) *Server {
5252
if GetManager().IsChild() {
53-
log.Info("Restarting new server: %s:%s on PID: %d", network, address, os.Getpid())
53+
log.Info("Restarting new %s server: %s:%s on PID: %d", name, network, address, os.Getpid())
5454
} else {
55-
log.Info("Starting new server: %s:%s on PID: %d", network, address, os.Getpid())
55+
log.Info("Starting new %s server: %s:%s on PID: %d", name, network, address, os.Getpid())
5656
}
5757
srv := &Server{
5858
wg: sync.WaitGroup{},

modules/graceful/server_http.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ import (
99
"net/http"
1010
)
1111

12-
func newHTTPServer(network, address string, handler http.Handler) (*Server, ServeFunction) {
13-
server := NewServer(network, address)
12+
func newHTTPServer(network, address, name string, handler http.Handler) (*Server, ServeFunction) {
13+
server := NewServer(network, address, name)
1414
httpServer := http.Server{
1515
ReadTimeout: DefaultReadTimeOut,
1616
WriteTimeout: DefaultWriteTimeOut,
@@ -25,21 +25,21 @@ func newHTTPServer(network, address string, handler http.Handler) (*Server, Serv
2525

2626
// HTTPListenAndServe listens on the provided network address and then calls Serve
2727
// to handle requests on incoming connections.
28-
func HTTPListenAndServe(network, address string, handler http.Handler) error {
29-
server, lHandler := newHTTPServer(network, address, handler)
28+
func HTTPListenAndServe(network, address, name string, handler http.Handler) error {
29+
server, lHandler := newHTTPServer(network, address, name, handler)
3030
return server.ListenAndServe(lHandler)
3131
}
3232

3333
// HTTPListenAndServeTLS listens on the provided network address and then calls Serve
3434
// to handle requests on incoming connections.
35-
func HTTPListenAndServeTLS(network, address, certFile, keyFile string, handler http.Handler) error {
36-
server, lHandler := newHTTPServer(network, address, handler)
35+
func HTTPListenAndServeTLS(network, address, name, certFile, keyFile string, handler http.Handler) error {
36+
server, lHandler := newHTTPServer(network, address, name, handler)
3737
return server.ListenAndServeTLS(certFile, keyFile, lHandler)
3838
}
3939

4040
// HTTPListenAndServeTLSConfig listens on the provided network address and then calls Serve
4141
// to handle requests on incoming connections.
42-
func HTTPListenAndServeTLSConfig(network, address string, tlsConfig *tls.Config, handler http.Handler) error {
43-
server, lHandler := newHTTPServer(network, address, handler)
42+
func HTTPListenAndServeTLSConfig(network, address, name string, tlsConfig *tls.Config, handler http.Handler) error {
43+
server, lHandler := newHTTPServer(network, address, name, handler)
4444
return server.ListenAndServeTLSConfig(tlsConfig, lHandler)
4545
}

modules/setting/setting.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,7 @@ var (
132132
ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"`
133133
ServerKeyExchanges []string `ini:"SSH_SERVER_KEY_EXCHANGES"`
134134
ServerMACs []string `ini:"SSH_SERVER_MACS"`
135+
ServerHostKeys []string `ini:"SSH_SERVER_HOST_KEYS"`
135136
KeyTestPath string `ini:"SSH_KEY_TEST_PATH"`
136137
KeygenPath string `ini:"SSH_KEYGEN_PATH"`
137138
AuthorizedKeysBackup bool `ini:"SSH_AUTHORIZED_KEYS_BACKUP"`
@@ -157,6 +158,7 @@ var (
157158
KeygenPath: "ssh-keygen",
158159
MinimumKeySizeCheck: true,
159160
MinimumKeySizes: map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2048},
161+
ServerHostKeys: []string{"ssh/gitea.rsa", "ssh/gogs.rsa"},
160162
}
161163

162164
// Security settings
@@ -698,6 +700,11 @@ func NewContext() {
698700
if err = Cfg.Section("server").MapTo(&SSH); err != nil {
699701
log.Fatal("Failed to map SSH settings: %v", err)
700702
}
703+
for i, key := range SSH.ServerHostKeys {
704+
if !filepath.IsAbs(key) {
705+
SSH.ServerHostKeys[i] = filepath.Join(AppDataPath, key)
706+
}
707+
}
701708

702709
SSH.KeygenPath = sec.Key("SSH_KEYGEN_PATH").MustString("ssh-keygen")
703710
SSH.Port = sec.Key("SSH_PORT").MustInt(22)

modules/ssh/ssh.go

Lines changed: 22 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -259,28 +259,38 @@ func Listen(host string, port int, ciphers []string, keyExchanges []string, macs
259259
},
260260
}
261261

262-
keyPath := filepath.Join(setting.AppDataPath, "ssh/gogs.rsa")
263-
isExist, err := util.IsExist(keyPath)
264-
if err != nil {
265-
log.Fatal("Unable to check if %s exists. Error: %v", keyPath, err)
262+
keys := make([]string, 0, len(setting.SSH.ServerHostKeys))
263+
for _, key := range setting.SSH.ServerHostKeys {
264+
isExist, err := util.IsExist(key)
265+
if err != nil {
266+
log.Fatal("Unable to check if %s exists. Error: %v", setting.SSH.ServerHostKeys, err)
267+
}
268+
if isExist {
269+
keys = append(keys, key)
270+
}
266271
}
267-
if !isExist {
268-
filePath := filepath.Dir(keyPath)
272+
273+
if len(keys) == 0 {
274+
filePath := filepath.Dir(setting.SSH.ServerHostKeys[0])
269275

270276
if err := os.MkdirAll(filePath, os.ModePerm); err != nil {
271277
log.Error("Failed to create dir %s: %v", filePath, err)
272278
}
273279

274-
err := GenKeyPair(keyPath)
280+
err := GenKeyPair(setting.SSH.ServerHostKeys[0])
275281
if err != nil {
276282
log.Fatal("Failed to generate private key: %v", err)
277283
}
278-
log.Trace("New private key is generated: %s", keyPath)
284+
log.Trace("New private key is generated: %s", setting.SSH.ServerHostKeys[0])
285+
keys = append(keys, setting.SSH.ServerHostKeys[0])
279286
}
280287

281-
err = srv.SetOption(ssh.HostKeyFile(keyPath))
282-
if err != nil {
283-
log.Error("Failed to set Host Key. %s", err)
288+
for _, key := range keys {
289+
log.Info("Adding SSH host key: %s", key)
290+
err := srv.SetOption(ssh.HostKeyFile(key))
291+
if err != nil {
292+
log.Error("Failed to set Host Key. %s", err)
293+
}
284294
}
285295

286296
go listen(&srv)
@@ -291,7 +301,7 @@ func Listen(host string, port int, ciphers []string, keyExchanges []string, macs
291301
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
292302
// Private Key generated is PEM encoded
293303
func GenKeyPair(keyPath string) error {
294-
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
304+
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
295305
if err != nil {
296306
return err
297307
}

modules/ssh/ssh_graceful.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ import (
1212
)
1313

1414
func listen(server *ssh.Server) {
15-
gracefulServer := graceful.NewServer("tcp", server.Addr)
15+
gracefulServer := graceful.NewServer("tcp", server.Addr, "SSH")
1616

1717
err := gracefulServer.ListenAndServe(server.Serve)
1818
if err != nil {

0 commit comments

Comments
 (0)