Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package forgejo-longterm for
openSUSE:Factory checked in at 2025-07-27 16:26:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/forgejo-longterm (Old)
and /work/SRC/openSUSE:Factory/.forgejo-longterm.new.13279 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "forgejo-longterm"
Sun Jul 27 16:26:52 2025 rev:2 rq:1295902 version:11.0.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/forgejo-longterm/forgejo-longterm.changes
2025-06-12 15:54:46.904972245 +0200
+++
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.13279/forgejo-longterm.changes
2025-07-27 16:26:54.015315422 +0200
@@ -1,0 +2,474 @@
+Sat Jul 26 15:41:51 UTC 2025 - Richard Rahl <rra...@opensuse.org>
+
+- update to 11.0.3:
+ * fixing git security vulnerability
+ * add missing lazy load attribute to images
+ * backport of translation updates
+ * do not ignore automerge while a PR is checking for conflicts
+ * user activation with uppercase email address
+ * collaborator can edit wiki with write access
+ * fix: corrupted wiki unit default permission
+ * fix: skip empty tokens in SearchOptions.Tokens()
+ * fix: make API /repos/{owner}/{repo}/compare/{basehead} work with forks
+ * fix(ui): release: name is overridden with tag name on edit
+ * Revert "fix(api): document is_system_webhook field
+- Update to 11.0.2:
+ * Features
+ - make Forgejo Actions server logs less noisy
+ * Bug fixes
+ - do not fail when release or wiki is set in /repos/migrate API
+ - ignore expired artifacts for quota calculation
+ - pull request cross references
+ - quote reply in Chromium
+ - fix: make hash pattern more strict
+ * Included for completeness but not worth a release note
+ - remove download attribute from external assets
+ - bleve to v2.5.2 with changes made in backport of 2.5.0
+ - show membership of limited orgs
+ - date dependency go to v1.24.3 (v11.0/forgejo)
+ - drop unused @typescript-eslint/parser package
+ - suppress non actionable XORM warnings
+ - aggregate deleted team as ghost team
+ - center footer links
+ - fix force-push compare line layout
+ - parse change-id in the git commit header
+ - Update module github.com/blevesearch/bleve/v2 to v2.5.1 (v11.0/forgejo)
- abandoned
+ - improve force-push compare line layout
+ - Remove "create branch" button on mirrored repos
+ - Update module github.com/msteinert/pam/v2 to v2.1.0 (v11.0/forgejo)
+ - replace ß with ss in normalizeUserName
+ - document is_system_webhook field
+ - remove artificial delay for PR update
+- update to 11.0.1:
+ * If LFS is enabled on a Forgejo instance with [server].LFS_START_SERVER =
+ true, it was possible for a registered user to upload LFS files to a
+ repository to which they only had read access.
+ * A user account with 2fa (two factor authentication) enrolled with a
+ security key was not enforced when using an external account
+ * fix: display the list of tasks in the runner edit page
+ * fix(ui): use gap in switch items
+ * fix(ui/pr): use eye icon for reviews
+ * fix(ui): rescope menu height patch to overflow menu
+ * fix(ui): show commit icon in branch dropdown button when viewing a commit
+ * i18n: backport of translation updates
+ * fix(i18n): prevent incorrect logging on strings missing in JSON locales
+ * chore: replace github.com/go-testfixtures/testfixtures
+ * fix: use linguist-generated for language stats
+ * chore: tune down remote user promotion debug message shown as error
+ * fix: set default restricted for OAuth2 user
+ * chore: merge tests.AddFixtures and unittest.OverrideFixtures
+ * fix(ui): make pagination labels always visible to screenreader
+ * fix: delay-write trace.dat for forgejo diagnosis
+ * Update module github.com/mattn/go-sqlite3 to v1.14.28 (v11.0/forgejo)
+- update to 11.0.0:
+ * add ability to regenerate access tokens
+ * drop SSPI auth support and more Windows files
+ * localize theme names
+ * improve incorrect ROOT_URL warning
+ * admin user view
+ * welcome screen for user dashboard
+ * improve "URL" handling in markdown editor
+ * display to maintainers in pull request when it is editable
+ * simplify pronouns in user settings
+ * split Forgejo landing page template to allow patching or removing Forgejo
+ introduction section
+ * set default release title to tag name
+ * add quota overview
+ * allow opening a single-file diff from file history view
+ * reduce noise in the timeline of issues and pull requests. If certain
+ timeline events are performed within a certain timeframe of each other with
+ no other events in between, they will be combined into a single timeline
+ event, and any contradictory actions will be canceled and not displayed.
+ The older the events, the wider the timeframe will become.
+ * i18n: make Danish available in UI
+ * Updates from Codeberg Translate
+ * Features
+ * return run_number in workflow dispatch
+ * add more sorting to own repository list
+ * add sort parameter to list issues API
+ * make it possible to track the progress of manually triggered workflows
+ * interpret Precedence: auto_reply as an auto reply
+ * parse multipart/related parts as attachments & guess filename
+ * added missing nuget V2 properties to API
+ * order the user's organization list alphabetically
+ * in code search, add query string for boolean operators and phrase search
+ * in code search, replace fuzzy search with union search for indexer
+ * set default value of UseCompatSSHURI to true
+ * add pronoun privacy option
+ * commit API endpoint to rename an organization
+ * fill website field when migrating from external
+ * commit use Project-URL metadata field to get a PyPI package's homepage URL
+ * improve Forgejo diagnostics
+ * sourcehut webhook: submit SSH URL for private repository or when pre-filled
+ * add configurable cooldown to claim usernames
+ * don't allow blocking the doer
+ * Alt Linux Apt-Rpm repository support for Forgejo packages
+ * add search action jobs for API routes, repo, org and global level
+ * add summary card for repos and releases
+ * add synchronization for SSH keys for OpenID Connect
+ * initial support for localization and pluralization with go-i18n-JSON-v2
format
+ * permit to download patch and diff file between tags and branches
+ * remove SHA1 for support for ssh rsa signing
+ * show link to download directory
+ * validate input for default_{merge,update}_style
+ * include platform information on rubygems compact index API
+ * listening on abstract domain sockets
+ * forbid blocked users from reopening issues
+ * allow collaborators to read their own permissions
+ * more permissive markup commit hash detection
+ * don't give system users roles on comments
+ * fix(ui): make tag dropdown clickable again
+ * fix: match PackageBlob.HashBlake2b definition and migration
+ * fix(UI): i18n: improve naming
+ * fix: package_blob.has_blake2b may be null
+ * fix: redirect to submodule instead of throwing 500 error when viewing
submodule entry
+ * fix(migrations): transfer PR flow information
+ * : fix(i18n): fix several usages of i18n
+ * Update module golang.org/x/net to v0.38.0 (v11.0/forgejo)
+ * 4108-empty-slice-encoded-to-null
+ * chore: branding import path
+ * fix(ui): Do not check for vertical-align
+ * Update module code.forgejo.org/forgejo/act to v1.25.1 (forgejo)
+ * fix ci dashboard e2e test
+ * build: require node v20
+ * Update Node.js to v22 (forgejo)
+ * chore(renovate): update settings for latest version
+ * Update module github.com/buildkite/terminal-to-html/v3 to v3.16.8 (forgejo)
+ * Update module github.com/caddyserver/certmagic to v0.22.2 (forgejo)
+ * Lock file maintenance (forgejo)
+ * Update renovate to v39.212.0 (forgejo)
+ * remove an extraneous } in issue dependencies template
+ * chore(release-notes): Forgejo v10.0.3
+ * Update module github.com/golang-jwt/jwt/v5 to v5.2.2 [SECURITY] (forgejo)
+ * Update module github.com/go-sql-driver/mysql to v1.9.1 (forgejo)
+ * Update mcr.microsoft.com/devcontainers/go Docker tag to v1.24 (forgejo)
+ * chore(release-notes): Forgejo v10.0.2
+ * Update module github.com/redis/go-redis/v9 to v9.7.3 (forgejo)
+ * consider issues in repository accessible via access table
+ * chore(release-notes): Forgejo v7.0.14
+ * chore(renovate): add yamllint to automerge
+ * Update module gitlab.com/gitlab-org/api/client-go to v0.126.0 (forgejo)
+ * Update dependency yamllint to v1.36.2 (forgejo)
+ * chore(dependency): upgrade gof3 v3.10.6
+ * Update dependency eslint-import-resolver-typescript to v4 (forgejo)
+ * chore: add @vitejs/plugin-vue to renovate automerge
+ * Update dependency @vitejs/plugin-vue to v5.2.3 (forgejo)
+ * Lock file maintenance (forgejo)
+ * Update renovate to v39.205.0 (forgejo)
+ * branding: update API descriptions
+ * Update module
+ *
github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker
+ to v3.2.1 (forgejo)
+ * Update dependency yamllint to v1.36.1 (forgejo)
+ * Update data.forgejo.org/oci/bitnami/postgresql Docker tag to v16 (forgejo)
+ * Update dependency @playwright/test to v1.51.0 (forgejo)
+ * Update vitest monorepo to v3.0.8 (forgejo)
+ * Update linters (forgejo)
+ * Update dependency happy-dom to v17.4.4 (forgejo)
+ * Update dependency @stoplight/spectral-cli to v6.14.3 (forgejo)
+ * perf: avoid sorting team names for ComposeMetas
+ * chore(runner): return errors created by connect
+ * perf: optimize converting releases to feed items
+ * [gitea] week 2025-12 cherry pick (gitea/main -> forgejo)
+ * Update dependency mermaid to v11.5.0 (forgejo)
+ * Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.3
(forgejo)
+ * chore(ui): remove unused template "shared/user/blocked_users"
+ * handle deleted user modifying event state in gitlab migration
+ * Update dependency yamllint to v1.36.0 (forgejo)
+ * i18n: ensure consistent indent style for next locales
+ * fix(api): miss-spelled description, corrected to public
+ * Update module github.com/go-webauthn/webauthn to v0.12.2 (forgejo)
+ * Update module github.com/minio/minio-go/v7 to v7.0.88 (forgejo)
+ * Lock file maintenance (forgejo)
+ * Update renovate to v39.195.1 (forgejo)
+ * ui: improve branch/tag dropdown selector consistency
+ * Update module github.com/msteinert/pam to v2 (forgejo)
+ * Update linters (forgejo)
+ * Update dependency happy-dom to v17.4.3 (forgejo)
+ * Update dependency globals to v16 (forgejo)
+ * Update dependency eslint-plugin-vue to v10 (forgejo)
+ * Update dependency eslint-plugin-unicorn to v57 (forgejo)
+ * Update dependency @stylistic/eslint-plugin-js to v4 (forgejo)
+ * Update Node.js to v22 (forgejo)
+ * [gitea] week 2025-11 cherry pick (gitea/main -> forgejo)
+ * fix(ui): use usual and consistent size for project icons of 16
+ * fix(ui): improve milestone/project header consistency
+ * chore(ui): improve svg icon margin consistency
+ * revert issue rendering for <a> element
+ * chore: modernize import
+ * fix(i18n): make HasKey aware of newStyleMessages
+ * feat(ui themes): better place for theme list ctx, testing
+ * chore(ui): always use primary button color inside modals
+ * fix(ui): 2fa verify alignment
+ * Update module google.golang.org/grpc to v1.71.0 (forgejo)
+ * i18n: use ellipsis character
+ * Update module golang.org/x/tools/cmd/deadcode to v0.31.0 (forgejo)
+ * Update module golang.org/x/oauth2 to v0.28.0 (forgejo)
+ * Update module github.com/caddyserver/certmagic to v0.22.0 (forgejo)
+ * Update module golang.org/x/image to v0.25.0 (forgejo)
+ * Update module golang.org/x/crypto to v0.36.0 (forgejo)
+ * Update module github.com/urfave/cli/v2 to v2.27.6 (forgejo)
+ * improve error handling of commit rendering
+ * Update module golang.org/x/net to v0.36.0 (forgejo)
+ * Update module github.com/prometheus/client_golang to v1.21.1 (forgejo)
+ * correct logging if caller has generics
+ * Update module github.com/golangci/golangci-lint/cmd/golangci-lint to
v1.64.6 (forgejo)
+ * Update dependency go to v1.24.1 (forgejo)
+ * introduce distant federation server mock
+ * fix the modularity for migration v18
+ * Update module github.com/opencontainers/image-spec to v1.1.1 (forgejo)
+ * [gitea] week 2025-10 cherry pick (gitea/main -> forgejo)
+ * feat(build): linter for missing msgid definitions
+ * Fix: Force all repo tab buttons to be the same height
+ * Lock file maintenance (forgejo)
+ * Update renovate to v39.185.0 (forgejo)
+ * fix(ui): add header to org settings /blocked users page
+ * fix(ui): use discussions icon in issue list entries
+ * Update module github.com/jhillyerd/enmime/v2 to v2.1.0 (forgejo)
+ * i18n(en): a few source fixes
+ * Update module github.com/PuerkitoBio/goquery to v1.10.2 (forgejo)
+ * Update dependency happy-dom to v17.1.8 (forgejo)
+ * Update dependency @stylistic/stylelint-plugin to v3.1.2 (forgejo)
+ * Update module code.forgejo.org/f3/gof3/v3 to v3.10.4 (forgejo)
+ * chore(ci): ensure the manually cached Go can be run
+ * chore(upgrade): switch to code.forgejo.org/forgejo/levelqueue
+ * Update module github.com/ProtonMail/go-crypto to v1.1.6 (forgejo)
+ * Update module golang.org/x/oauth2 to v0.27.0 (forgejo)
+ * Update module golang.org/x/crypto to v0.35.0 (forgejo)
+ * Update module golang.org/x/tools/gopls to v0.18.1 (forgejo)
+ * job list response to avoid wrapped body.
+ * Update https://data.forgejo.org/forgejo/forgejo-build-publish action to
v5.3.4 (forgejo)
+ * Update https://data.forgejo.org/forgejo/forgejo-build-publish action to
v5.3.3 (forgejo)
+ * Update renovate to v39.178.1 (forgejo)
+ * chore: add empty secret table fixtures
+ * Update data.forgejo.org/oci/golang Docker tag to v1.24 (forgejo)
+ * feat(ui): include MIME type for archive links in folder download
+ * fix(ui): improvements around folder download
+ * i18n(en): shorten banner text for archived repos
+ * [gitea] week 2025-09 cherry pick (gitea/main -> forgejo)
+ * fix(repo): return code 400 instead of 500 for invalid archive type
+ * Update module golang.org/x/crypto to v0.34.0 (forgejo)
+ * Fix invalid swagger syntax of $ref with sibling
+ * Update x/tools (forgejo)
+ * Update module github.com/prometheus/client_golang to v1.21.0 (forgejo)
+ * Update module github.com/meilisearch/meilisearch-go to v0.31.0 (forgejo)
+ * fix(example conf): add .webp to ALLOWED_TYPES
+ * linting: fix typos, add toml validation
+ * Update Zig gitignore
+ * return 404 for empty repositories
+ * Update module github.com/buildkite/terminal-to-html/v3 to v3.16.6 (forgejo)
+ * Lock file maintenance (forgejo)
+ * Update renovate to v39.171.2 (forgejo)
+ * chore: add a make option to disable stripping binaries for debug builds
+ * Revert "Update module github.com/minio/minio-go/v7 to v7.0.86 (forgejo)
(#6945)"
+ * feat(ui): add MIME types for generated archives
+ * i18n: translation updates from Gitea
+ * forgejo migrations numbering in comments and rename latest migration file
+ * native parsing of ssh certificate key
+ * Update dependency happy-dom to v17 (forgejo)
+ * Update golang packages to v1.24 (forgejo) (minor)
+ * Update module github.com/minio/minio-go/v7 to v7.0.86 (forgejo)
+ * Also substitute COPYRIGHT HOLDER and the organization in BSD 4-Clause
license
+ * delay deleting authorization token
+ * i18n: reword archive.title and archive.title.date in english locale
+ * Update dependency webpack to v5.98.0 (forgejo)
+ * feat(ui): always show restart button for Actions jobs
+ * Update dependency globals to v15.15.0 (forgejo)
+ * Update module github.com/buildkite/terminal-to-html/v3 to v3.16.5 (forgejo)
+ * Add possibility of removed content to 404 page
+ * Reduce links in chat notifications to avoid multiple previews
+ * Update dependency esbuild-loader to v4.3.0 (forgejo)
+ * fix(ui): hide extra PR property labels on title edit
+ * Update module golang.org/x/net to v0.35.0 (forgejo)
+ * Update dependency postcss to v8.5.2 (forgejo)
+ * Fix api returns internal server error when not found should be returned
+ * fix(ui): release: set default release title to tag name
+ * fix(ui): use "organization name" in coldown messages for orgs
+ * Lock file maintenance (forgejo)
+ * Update module github.com/minio/minio-go/v7 to v7.0.85 (forgejo)
+ * Update renovate to v39.164.1 (forgejo)
+ * always set stripped slashes on http request
+ * [gitea] week 2025-07 cherry pick (gitea/main -> forgejo)
+ * chore(api): Improve description for repoCheckCollaborator
+ * chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL (again)
[skip ci]
+ * chore(release-notes): fix Forgejo v10.0.1 & v7.0.13 blog post URL
+ * fix(ui): hide 'New migration' button on org pages with migrations disabled
(#6850)
+ * chore(release-notes): Forgejo v7.0.13
+ * chore(release-notes): Forgejo v10.0.1
++++ 177 more lines (skipped)
++++ between
/work/SRC/openSUSE:Factory/forgejo-longterm/forgejo-longterm.changes
++++ and
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.13279/forgejo-longterm.changes
Old:
----
fix-CVE-2025-22869.patch
fix-CVE-2025-3445.patch
forgejo-src-10.0.3.tar.gz
forgejo-src-10.0.3.tar.gz.asc
get-sources.sh
vendor.tar.gz
New:
----
forgejo-src-11.0.3.tar.gz
forgejo-src-11.0.3.tar.gz.asc
node_modules.sums
----------(Old B)----------
Old:- include apparmor for Leap 16
- remove fix-CVE-2025-22869.patch fix-CVE-2025-3445.patch, upstream
updated their dependencies
Old:- include apparmor for Leap 16
- remove fix-CVE-2025-22869.patch fix-CVE-2025-3445.patch, upstream
updated their dependencies
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ forgejo-longterm.spec ++++++
--- /var/tmp/diff_new_pack.np6NuW/_old 2025-07-27 16:27:01.719633393 +0200
+++ /var/tmp/diff_new_pack.np6NuW/_new 2025-07-27 16:27:01.723633559 +0200
@@ -16,21 +16,16 @@
#
-%if 0%{?suse_version} > 1600
+%if 0%{?suse_version} >= 1600
%bcond_without selinux
%bcond_without apparmor
%else
-%if 0%{?suse_version} == 1600
-%bcond_without selinux
-%bcond_with apparmor
-%else
-# Leap & SLE
+# Leap & SLE 15.X
%bcond_with selinux
%bcond_without apparmor
%endif
-%endif
Name: forgejo-longterm
-Version: 10.0.3
+Version: 11.0.3
Release: 0
Summary: Self-hostable forge
License: GPL-3.0-or-later
@@ -51,12 +46,9 @@
Source11: forgejo.firewalld
Source12: forgejo-abstraction.apparmor
Source13: forgejo-hooks-abstraction.apparmor
-Source14: vendor.tar.gz
-Source98: README.SUSE
-Source99: get-sources.sh
+Source14: node_modules.sums
+Source99: README.SUSE
Patch0: custom-app.ini.patch
-Patch1: fix-CVE-2025-22869.patch
-Patch2: fix-CVE-2025-3445.patch
BuildRequires: golang(API) >= 1.24
## node >= 20
%if 0%{?suse_version} == 1500
@@ -65,6 +57,7 @@
%else
BuildRequires: nodejs-packaging
%endif
+BuildRequires: fdupes
BuildRequires: firewall-macros
BuildRequires: firewalld
BuildRequires: local-npm-registry
@@ -142,9 +135,8 @@
%prep
%autosetup -p1 -n forgejo-src-%{version}
-tar xf %{SOURCE14} -C %{_builddir}/forgejo-src-%{version}/
local-npm-registry %{_sourcedir} install --include=dev --legacy-peer-deps
-cp %{SOURCE98} .
+cp %{SOURCE99} .
%build
%sysusers_generate_pre %{SOURCE6} forgejo forgejo.conf
@@ -204,6 +196,8 @@
#firewalld service file
install -D -m 0644 %{SOURCE11}
%{buildroot}%{_prefix}/lib/firewalld/services/forgejo.xml
+%fdupes %{buildroot}
+
%pre -f forgejo.pre
%service_add_pre forgejo.service
++++++ _service ++++++
--- /var/tmp/diff_new_pack.np6NuW/_old 2025-07-27 16:27:02.023645941 +0200
+++ /var/tmp/diff_new_pack.np6NuW/_new 2025-07-27 16:27:02.027646106 +0200
@@ -1,6 +1,10 @@
<?xml version="1.0" ?>
<services>
<service name="download_files" mode="manual" />
+ <service name="extract_file" mode="manual">
+ <param name="archive">forgejo-src-*.tar.gz</param>
+ <param name="files">forgejo-src-*/package-lock.json</param>
+ </service>
<service name="node_modules" mode="manual">
<param name="cpio">node_modules.obscpio</param>
<param name="output">node_modules.spec.inc</param>
++++++ forgejo-src-10.0.3.tar.gz -> forgejo-src-11.0.3.tar.gz ++++++
/work/SRC/openSUSE:Factory/forgejo-longterm/forgejo-src-10.0.3.tar.gz
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.13279/forgejo-src-11.0.3.tar.gz
differ: char 12, line 1
++++++ node_modules.obscpio ++++++
/work/SRC/openSUSE:Factory/forgejo-longterm/node_modules.obscpio
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.13279/node_modules.obscpio
differ: char 20377, line 85
++++++ node_modules.spec.inc ++++++
++++ 2230 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/forgejo-longterm/node_modules.spec.inc
++++ and
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.13279/node_modules.spec.inc
++++++ node_modules.sums ++++++
++++ 1103 lines (skipped)
++++++ package-lock.json ++++++
++++ 8484 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/forgejo-longterm/package-lock.json
++++ and
/work/SRC/openSUSE:Factory/.forgejo-longterm.new.13279/package-lock.json
