fix(gitea): update to v1.17.1 - security
This commit is contained in:
parent
f8704927fb
commit
5662be9478
3 changed files with 46 additions and 122 deletions
|
@ -1,6 +1,6 @@
|
|||
vm_index: 2
|
||||
|
||||
gitea_version: "1.13.0"
|
||||
gitea_version: "1.17.1"
|
||||
gitea_app_name: "dev.ccchb.de"
|
||||
|
||||
# technical:
|
||||
|
@ -14,7 +14,7 @@ gitea_systemd_cap_net_bind_service: true
|
|||
gitea_http_letsencrypt_mail: "webmaster@ccchb.de"
|
||||
|
||||
gitea_ssh_domain: "dev.ccchb.de"
|
||||
gitea_ssh_listen: "[::]"
|
||||
gitea_ssh_listen: "::"
|
||||
gitea_ssh_port: 2222
|
||||
gitea_start_ssh: true
|
||||
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 1aa082a2101c69f8cfc13a31604991b0c3dfa8e5
|
||||
Subproject commit 751d0d724ba63c6251fafad9e80a480d6bc5043f
|
|
@ -1,154 +1,76 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="{{.Language}}" class="theme-{{.SignedUser.Theme}}">
|
||||
<head data-suburl="{{AppSubUrl}}">
|
||||
<html lang="{{.i18n.Lang}}" class="theme-{{.SignedUser.Theme}}">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||||
<title>{{if .Title}}{{.Title | RenderEmojiPlain}} - {{end}} {{if .Repository.Name}}{{.Repository.Name}} - {{end}}{{AppName}} </title>
|
||||
<link rel="manifest" href="{{AppSubUrl}}/manifest.json" crossorigin="use-credentials">
|
||||
<title>{{if .Title}}{{.Title | RenderEmojiPlain}} - {{end}} {{if .Repository.Name}}{{.Repository.Name}} - {{end}}{{AppName}}</title>
|
||||
<link rel="manifest" href="data:{{.ManifestData}}">
|
||||
<meta name="theme-color" content="{{ThemeColorMetaTag}}">
|
||||
<meta name="author" content="{{if .Repository}}{{.Owner.Name}}{{else}}{{MetaAuthor}}{{end}}" />
|
||||
<meta name="description" content="{{if .Repository}}{{.Repository.Name}}{{if .Repository.Description}} - {{.Repository.Description}}{{end}}{{else}}{{MetaDescription}}{{end}}" />
|
||||
<meta name="default-theme" content="{{DefaultTheme}}">
|
||||
<meta name="author" content="{{if .Repository}}{{.Owner.Name}}{{else}}{{MetaAuthor}}{{end}}">
|
||||
<meta name="description" content="{{if .Repository}}{{.Repository.Name}}{{if .Repository.Description}} - {{.Repository.Description}}{{end}}{{else}}{{MetaDescription}}{{end}}">
|
||||
<meta name="keywords" content="{{MetaKeywords}}">
|
||||
<meta name="referrer" content="no-referrer" />
|
||||
<meta name="_csrf" content="{{.CsrfToken}}" />
|
||||
{{if .IsSigned}}
|
||||
<meta name="_uid" content="{{.SignedUser.ID}}" />
|
||||
{{end}}
|
||||
{{if .ContextUser}}
|
||||
<meta name="_context_uid" content="{{.ContextUser.ID}}" />
|
||||
{{end}}
|
||||
{{if .SearchLimit}}
|
||||
<meta name="_search_limit" content="{{.SearchLimit}}" />
|
||||
{{end}}
|
||||
<meta name="referrer" content="no-referrer">
|
||||
{{if .GoGetImport}}
|
||||
<meta name="go-import" content="{{.GoGetImport}} git {{.CloneLink.HTTPS}}">
|
||||
<meta name="go-import" content="{{.GoGetImport}} git {{.RepoCloneLink.HTTPS}}">
|
||||
<meta name="go-source" content="{{.GoGetImport}} _ {{.GoDocDirectory}} {{.GoDocFile}}">
|
||||
{{end}}
|
||||
<script>
|
||||
{{SafeJS `/*
|
||||
@licstart The following is the entire license notice for the
|
||||
JavaScript code in this page.
|
||||
|
||||
Copyright (c) 2016 The Gitea Authors
|
||||
Copyright (c) 2015 The Gogs Authors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
---
|
||||
Licensing information for additional javascript libraries can be found at:
|
||||
{{StaticUrlPrefix}}/vendor/librejs.html
|
||||
|
||||
@licend The above is the entire license notice
|
||||
for the JavaScript code in this page.
|
||||
*/`}}
|
||||
</script>
|
||||
<script>
|
||||
window.config = {
|
||||
AppVer: '{{AppVer}}',
|
||||
AppSubUrl: '{{AppSubUrl}}',
|
||||
StaticUrlPrefix: '{{StaticUrlPrefix}}',
|
||||
UseServiceWorker: {{UseServiceWorker}},
|
||||
csrf: '{{.CsrfToken}}',
|
||||
HighlightJS: {{if .RequireHighlightJS}}true{{else}}false{{end}},
|
||||
Minicolors: {{if .RequireMinicolors}}true{{else}}false{{end}},
|
||||
SimpleMDE: {{if .RequireSimpleMDE}}true{{else}}false{{end}},
|
||||
Tribute: {{if .RequireTribute}}true{{else}}false{{end}},
|
||||
U2F: {{if .RequireU2F}}true{{else}}false{{end}},
|
||||
Heatmap: {{if .EnableHeatmap}}true{{else}}false{{end}},
|
||||
heatmapUser: {{if .HeatmapUser}}'{{.HeatmapUser}}'{{else}}null{{end}},
|
||||
NotificationSettings: {
|
||||
MinTimeout: {{NotificationSettings.MinTimeout}},
|
||||
TimeoutStep: {{NotificationSettings.TimeoutStep}},
|
||||
MaxTimeout: {{NotificationSettings.MaxTimeout}},
|
||||
EventSourceUpdateTime: {{NotificationSettings.EventSourceUpdateTime}},
|
||||
},
|
||||
{{if .RequireTribute}}
|
||||
tributeValues: [
|
||||
{{ range .Assignees }}
|
||||
{key: '{{.Name}} {{.FullName}}', value: '{{.Name}}',
|
||||
name: '{{.Name}}', fullname: '{{.FullName}}', avatar: '{{.RelAvatarLink}}'},
|
||||
{{ end }}
|
||||
],
|
||||
{{end}}
|
||||
};
|
||||
</script>
|
||||
<link rel="shortcut icon" href="{{StaticUrlPrefix}}/img/favicon.png">
|
||||
<link rel="mask-icon" href="{{StaticUrlPrefix}}/img/gitea-safari.svg" color="#609926">
|
||||
<link rel="fluid-icon" href="{{StaticUrlPrefix}}/img/gitea-lg.png" title="{{AppName}}">
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/vendor/assets/font-awesome/css/font-awesome.min.css">
|
||||
{{if .RequireSimpleMDE}}
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/vendor/plugins/simplemde/simplemde.min.css">
|
||||
{{if .FeedURL}}
|
||||
<link rel="alternate" type="application/atom+xml" title="" href="{{.FeedURL}}.atom">
|
||||
<link rel="alternate" type="application/rss+xml" title="" href="{{.FeedURL}}.rss">
|
||||
{{end}}
|
||||
|
||||
{{if .RequireTribute}}
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/vendor/plugins/tribute/tribute.css">
|
||||
{{end}}
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/fomantic/semantic.min.css?v={{MD5 AppVer}}">
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/css/index.css?v={{MD5 AppVer}}">
|
||||
<link rel="icon" href="{{AssetUrlPrefix}}/img/favicon.svg" type="image/svg+xml">
|
||||
<link rel="alternate icon" href="{{AssetUrlPrefix}}/img/favicon.png" type="image/png">
|
||||
<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/index.css?v={{MD5 AppVer}}">
|
||||
{{template "base/head_script" .}}
|
||||
<noscript>
|
||||
<style>
|
||||
.dropdown:hover > .menu { display: block; }
|
||||
.ui.secondary.menu .dropdown.item > .menu { margin-top: 0; }
|
||||
</style>
|
||||
</noscript>
|
||||
{{if .RequireMinicolors}}
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/vendor/plugins/jquery.minicolors/jquery.minicolors.css">
|
||||
{{end}}
|
||||
<style class="list-search-style"></style>
|
||||
{{if .PageIsUserProfile}}
|
||||
<meta property="og:title" content="{{.Owner.Name}}" />
|
||||
<meta property="og:type" content="profile" />
|
||||
<meta property="og:image" content="{{.Owner.AvatarLink}}" />
|
||||
<meta property="og:url" content="{{.Owner.HTMLURL}}" />
|
||||
<meta property="og:title" content="{{.Owner.DisplayName}}">
|
||||
<meta property="og:type" content="profile">
|
||||
<meta property="og:image" content="{{.Owner.AvatarLink}}">
|
||||
<meta property="og:url" content="{{.Owner.HTMLURL}}">
|
||||
{{if .Owner.Description}}
|
||||
<meta property="og:description" content="{{.Owner.Description}}">
|
||||
{{end}}
|
||||
{{else if .Repository}}
|
||||
{{if .Issue}}
|
||||
<meta property="og:title" content="{{.Issue.Title}}" />
|
||||
<meta property="og:url" content="{{.Issue.HTMLURL}}" />
|
||||
<meta property="og:title" content="{{.Issue.Title}}">
|
||||
<meta property="og:url" content="{{.Issue.HTMLURL}}">
|
||||
{{if .Issue.Content}}
|
||||
<meta property="og:description" content="{{.Issue.Content}}" />
|
||||
<meta property="og:description" content="{{.Issue.Content}}">
|
||||
{{end}}
|
||||
{{else}}
|
||||
<meta property="og:title" content="{{.Repository.Name}}" />
|
||||
<meta property="og:url" content="{{.Repository.HTMLURL}}" />
|
||||
<meta property="og:title" content="{{.Repository.Name}}">
|
||||
<meta property="og:url" content="{{.Repository.HTMLURL}}">
|
||||
{{if .Repository.Description}}
|
||||
<meta property="og:description" content="{{.Repository.Description}}" />
|
||||
<meta property="og:description" content="{{.Repository.Description}}">
|
||||
{{end}}
|
||||
{{end}}
|
||||
<meta property="og:type" content="object" />
|
||||
<meta property="og:image" content="{{.Repository.Owner.AvatarLink}}" />
|
||||
<meta property="og:type" content="object">
|
||||
{{if .Repository.AvatarLink}}
|
||||
<meta property="og:image" content="{{.Repository.AvatarLink}}">
|
||||
{{else}}
|
||||
<meta property="og:image" content="{{.Repository.Owner.AvatarLink}}">
|
||||
{{end}}
|
||||
{{else}}
|
||||
<meta property="og:title" content="{{AppName}}">
|
||||
<meta property="og:type" content="website" />
|
||||
<meta property="og:image" content="{{StaticUrlPrefix}}/img/gitea-lg.png" />
|
||||
<meta property="og:url" content="{{AppUrl}}" />
|
||||
<meta property="og:type" content="website">
|
||||
<meta property="og:image" content="{{AssetUrlPrefix}}/img/logo.png">
|
||||
<meta property="og:url" content="{{AppUrl}}">
|
||||
<meta property="og:description" content="{{MetaDescription}}">
|
||||
{{end}}
|
||||
<meta property="og:site_name" content="{{AppName}}" />
|
||||
<meta property="og:site_name" content="{{AppName}}">
|
||||
{{if .IsSigned }}
|
||||
{{ if ne .SignedUser.Theme "gitea" }}
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/css/theme-{{.SignedUser.Theme}}.css?v={{MD5 AppVer}}">
|
||||
<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/theme-{{.SignedUser.Theme | PathEscape}}.css?v={{MD5 AppVer}}">
|
||||
{{end}}
|
||||
{{else if ne DefaultTheme "gitea"}}
|
||||
<link rel="stylesheet" href="{{StaticUrlPrefix}}/css/theme-{{DefaultTheme}}.css?v={{MD5 AppVer}}">
|
||||
<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/theme-{{DefaultTheme | PathEscape}}.css?v={{MD5 AppVer}}">
|
||||
{{end}}
|
||||
{{template "custom/header" .}}
|
||||
</head>
|
||||
|
@ -161,12 +83,14 @@
|
|||
{{template "custom/body_inner_pre" .}}
|
||||
|
||||
{{if not .PageIsInstall}}
|
||||
<div class="ui top secondary stackable main menu following bar light inverted">
|
||||
<div class="ui top secondary stackable main menu following bar light inverted no-vertical-tabs">
|
||||
{{template "base/head_navbar" .}}
|
||||
</div><!-- end bar -->
|
||||
{{end}}
|
||||
{{/*
|
||||
|
||||
{{if false}}
|
||||
{{/* to make html structure "likely" complete to prevent IDE warnings */}}
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
*/}}
|
||||
{{end}}
|
||||
|
|
Loading…
Reference in a new issue