Merge branch 'master' into add-default-merge-style

Author: parnic

.drone.yml

@@ -27,7 +27,7 @@ steps:
 
   - name: lint-backend
     pull: always
-    image: golang:1.16
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
       - make lint-backend
     environment:
@@ -37,7 +37,7 @@ steps:
 
   - name: lint-backend-windows
     pull: always
-    image: golang:1.16
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
       - make golangci-lint vet
     environment:
@@ -49,7 +49,7 @@ steps:
 
   - name: lint-backend-gogit
     pull: always
-    image: golang:1.16
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
       - make lint-backend
     environment:
@@ -168,7 +168,7 @@ services:
     image: elasticsearch:7.5.0
 
   - name: minio
-    image: minio/minio:RELEASE.2021-01-16T02-19-44Z
+    image: minio/minio:RELEASE.2021-03-12T00-00-47Z
     commands:
     - minio server /data
     environment:
@@ -223,10 +223,8 @@ steps:
         from_secret: github_read_token
 
   - name: test-mysql
-    image: golang:1.16
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - make test-mysql-migration integration-test-coverage
     environment:
       GOPROXY: off
@@ -238,10 +236,8 @@ steps:
       - build
 
   - name: test-mysql8
-    image: golang:1.16
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - timeout -s ABRT 40m make test-mysql8-migration test-mysql8
     environment:
       GOPROXY: off
@@ -252,10 +248,8 @@ steps:
       - build
 
   - name: test-mssql
-    image: golang:1.16
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - make test-mssql-migration test-mssql
     environment:
       GOPROXY: off
@@ -349,10 +343,8 @@ steps:
       TAGS: bindata gogit sqlite sqlite_unlock_notify
 
   - name: test-sqlite
-    image: golang:1.16
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - timeout -s ABRT 40m make test-sqlite-migration test-sqlite
     environment:
       GOPROXY: off
@@ -363,10 +355,8 @@ steps:
       - build
 
   - name: test-pgsql
-    image: golang:1.16
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - timeout -s ABRT 40m make test-pgsql-migration test-pgsql
     environment:
       GOPROXY: off

.golangci.yml

@@ -26,7 +26,7 @@ linters-settings:
   gocritic:
     disabled-checks:
       - ifElseChain
-      - singleCaseSwitch # Every time this occured in the code, there  was no other way.
+      - singleCaseSwitch # Every time this occurred in the code, there  was no other way.
 
 issues:
   exclude-rules:

CHANGELOG.md

@@ -4,6 +4,19 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4) - 2021-03-07
+
+* SECURITY
+  * Fix issue popups (#14898) (#14899)
+* BUGFIXES
+  * Fix race in LFS ContentStore.Put(...) (#14895) (#14913)
+  * Fix a couple of issues with a feeds (#14897) (#14903)
+  * When transfering repository and database transaction failed, rollback the renames (#14864) (#14902)
+  * Fix race in local storage (#14888) (#14901)
+  * Fix 500 on pull view page if user is not loged in (#14885) (#14886)
+* DOCS
+  * Fix how lfs data path is set (#14855) (#14884)
+
 ## [1.13.3](https://github.com/go-gitea/gitea/releases/tag/v1.13.3) - 2021-03-04
 
 * BREAKING

MAINTAINERS

@@ -39,3 +39,5 @@ David Svantesson <[email protected]> (@davidsvantesson)
 a1012112796 <[email protected]> (@a1012112796)
 Karl Heinz Marbaise <[email protected]> (@khmarbaise)
 Norwin Roosen <[email protected]> (@noerw)
+Kyle Dumont <[email protected]> (@kdumontnu)
+Patrick Schratz <[email protected]> (@pat-s)

Makefile

@@ -127,8 +127,8 @@ GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES))
 #To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
 SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
-SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
-SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
+SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
+SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
 SWAGGER_EXCLUDE := code.gitea.io/sdk
 SWAGGER_NEWLINE_COMMAND := -e '$$a\'
 
@@ -596,7 +596,7 @@ release-darwin: | $(DIST_DIRS)
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) install src.techknowlogick.com/xgo@latest; \
 	fi
-	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

cmd/web.go

@@ -64,7 +64,7 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})
 
-	var err = runHTTP("tcp", source, context2.ClearHandler(handler))
+	var err = runHTTP("tcp", source, "HTTP Redirector", context2.ClearHandler(handler))
 
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
@@ -198,7 +198,7 @@ func listen(m http.Handler, handleRedirector bool) error {
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("tcp", listenAddr, context2.ClearHandler(m))
+		err = runHTTP("tcp", listenAddr, "Web", context2.ClearHandler(m))
 	case setting.HTTPS:
 		if setting.EnableLetsEncrypt {
 			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
@@ -211,22 +211,22 @@ func listen(m http.Handler, handleRedirector bool) error {
 				NoHTTPRedirector()
 			}
 		}
-		err = runHTTPS("tcp", listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
+		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("tcp", listenAddr, context2.ClearHandler(m))
+		err = runFCGI("tcp", listenAddr, "FCGI Web", context2.ClearHandler(m))
 	case setting.UnixSocket:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("unix", listenAddr, context2.ClearHandler(m))
+		err = runHTTP("unix", listenAddr, "Web", context2.ClearHandler(m))
 	case setting.FCGIUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("unix", listenAddr, context2.ClearHandler(m))
+		err = runFCGI("unix", listenAddr, "Web", context2.ClearHandler(m))
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}

cmd/web_graceful.go

@@ -14,16 +14,16 @@ import (
 	"code.gitea.io/gitea/modules/log"
 )
 
-func runHTTP(network, listenAddr string, m http.Handler) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, m)
+func runHTTP(network, listenAddr, name string, m http.Handler) error {
+	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
 }
 
-func runHTTPS(network, listenAddr, certFile, keyFile string, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLS(network, listenAddr, certFile, keyFile, m)
+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLS(network, listenAddr, name, certFile, keyFile, m)
 }
 
-func runHTTPSWithTLSConfig(network, listenAddr string, tlsConfig *tls.Config, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, tlsConfig, m)
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
 
 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@@ -43,9 +43,9 @@ func NoInstallListener() {
 	graceful.GetManager().InformCleanup()
 }
 
-func runFCGI(network, listenAddr string, m http.Handler) error {
+func runFCGI(network, listenAddr, name string, m http.Handler) error {
 	// This needs to handle stdin as fcgi point
-	fcgiServer := graceful.NewServer(network, listenAddr)
+	fcgiServer := graceful.NewServer(network, listenAddr, name)
 
 	err := fcgiServer.ListenAndServe(func(listener net.Listener) error {
 		return fcgi.Serve(listener, m)

cmd/web_letsencrypt.go

@@ -46,14 +46,14 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 		go func() {
 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
+			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
 			if err != nil {
 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 			}
 		}()
 	}
 
-	return runHTTPSWithTLSConfig("tcp", listenAddr, tlsConfig, context2.ClearHandler(m))
+	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, context2.ClearHandler(m))
 }
 
 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {

custom/conf/app.example.ini

@@ -319,6 +319,10 @@ SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sh
 ; For the built-in SSH server, choose the MACs to support for SSH connections,
 ; for system SSH this setting has no effect
 SSH_SERVER_MACS = [email protected], hmac-sha2-256, hmac-sha1, hmac-sha1-96
+; For the built-in SSH server, choose the keypair to offer as the host key
+; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
+; relative paths are made absolute relative to the APP_DATA_PATH
+SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
 ; Directory to create temporary files in when testing public keys using ssh-keygen,
 ; default is the system temporary directory.
 SSH_KEY_TEST_PATH =
@@ -545,6 +549,10 @@ COOKIE_REMEMBER_NAME = gitea_incredible
 ; Reverse proxy authentication header name of user name
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
+; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
+REVERSE_PROXY_LIMIT = 1
+; List of IP addresses and networks seperated by comma of trusted proxy servers. Use `*` to trust all.
+REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
 ; The minimum password length for new Users
 MIN_PASSWORD_LENGTH = 6
 ; Set to true to allow users to import local server paths

docker/root/etc/templates/app.ini

@@ -53,6 +53,8 @@ ROOT_PATH = /data/gitea/log
 [security]
 INSTALL_LOCK = $INSTALL_LOCK
 SECRET_KEY   = $SECRET_KEY
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
 
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION