Merge branch 'master' into feature/review-summary

CHANGELOG.md

@@ -139,6 +139,10 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Fix punctuation in English translation (#4958)
  * Fix translation (#4355)
 
+## [1.5.3](https://github.com/go-gitea/gitea/releases/tag/v1.5.3) - 2018-10-31
+* SECURITY
+ * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
+
 ## [1.5.2](https://github.com/go-gitea/gitea/releases/tag/v1.5.2) - 2018-10-09
 * SECURITY
  * Enforce token on api routes (#4840) (#4905)

cmd/admin.go

@@ -6,13 +6,15 @@
 package cmd
 
 import (
+ "errors"
  "fmt"
  "os"
  "text/tabwriter"
 
  "code.gitea.io/git"
  "code.gitea.io/gitea/models"
  "code.gitea.io/gitea/modules/auth/oauth2"
+ "code.gitea.io/gitea/modules/generate"
  "code.gitea.io/gitea/modules/log"
  "code.gitea.io/gitea/modules/setting"
 
@@ -59,10 +61,19 @@ var (
  Value: "custom/conf/app.ini",
  Usage: "Custom configuration file path",
  },
+ cli.BoolFlag{
+ Name: "random-password",
+ Usage: "Generate a random password for the user",
+ },
  cli.BoolFlag{
  Name: "must-change-password",
  Usage: "Force the user to change his/her password after initial login",
  },
+ cli.IntFlag{
+ Name: "random-password-length",
+ Usage: "Length of the random password to be generated",
+ Value: 12,
+ },
  },
  }
 
@@ -277,10 +288,29 @@ func runChangePassword(c *cli.Context) error {
 }
 
 func runCreateUser(c *cli.Context) error {
- if err := argsSet(c, "name", "password", "email"); err != nil {
+ if err := argsSet(c, "name", "email"); err != nil {
  return err
  }
 
+ if c.IsSet("password") && c.IsSet("random-password") {
+ return errors.New("cannot set both -random-password and -password flags")
+ }
+
+ var password string
+
+ if c.IsSet("password") {
+ password = c.String("password")
+ } else if c.IsSet("random-password") {
+ password, err := generate.GetRandomString(c.Int("random-password-length"))
+ if err != nil {
+ return err
+ }
+
+ fmt.Printf("generated random password is '%s'\n", password)
+ } else {
+ return errors.New("must set either password or random-password flag")
+ }
+
  if c.IsSet("config") {
  setting.CustomConf = c.String("config")
  }
@@ -299,7 +329,7 @@ func runCreateUser(c *cli.Context) error {
  if err := models.CreateUser(&models.User{
  Name: c.String("name"),
  Email: c.String("email"),
- Passwd: c.String("password"),
+ Passwd: password,
  IsActive: true,
  IsAdmin: c.Bool("admin"),
  MustChangePassword: changePassword,

cmd/hook.go

@@ -66,7 +66,6 @@ var (
 func hookSetup(logPath string) {
  setting.NewContext()
  log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
- models.LoadConfigs()
 }
 
 func runHookPreReceive(c *cli.Context) error {

cmd/migrate.go

@@ -0,0 +1,52 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+ "code.gitea.io/gitea/models"
+ "code.gitea.io/gitea/models/migrations"
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/setting"
+
+ "github.com/urfave/cli"
+)
+
+// CmdMigrate represents the available migrate sub-command.
+var CmdMigrate = cli.Command{
+ Name: "migrate",
+ Usage: "Migrate the database",
+ Description: "This is a command for migrating the database, so that you can run gitea admin create-user before starting the server.",
+ Action: runMigrate,
+ Flags: []cli.Flag{
+ cli.StringFlag{
+ Name: "config, c",
+ Value: "custom/conf/app.ini",
+ Usage: "Custom configuration file path",
+ },
+ },
+}
+
+func runMigrate(ctx *cli.Context) error {
+ if ctx.IsSet("config") {
+ setting.CustomConf = ctx.String("config")
+ }
+
+ if err := initDB(); err != nil {
+ return err
+ }
+
+ log.Trace("AppPath: %s", setting.AppPath)
+ log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+ log.Trace("Custom path: %s", setting.CustomPath)
+ log.Trace("Log path: %s", setting.LogRootPath)
+ models.LoadConfigs()
+
+ if err := models.NewEngine(migrations.Migrate); err != nil {
+ log.Fatal(4, "Failed to initialize ORM engine: %v", err)
+ return err
+ }
+
+ return nil
+}

cmd/serv.go

@@ -19,7 +19,6 @@ import (
  "code.gitea.io/gitea/modules/pprof"
  "code.gitea.io/gitea/modules/private"
  "code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/modules/util"
 
  "github.com/Unknwon/com"
  "github.com/dgrijalva/jwt-go"
@@ -49,20 +48,9 @@ var CmdServ = cli.Command{
  },
 }
 
-func setup(logPath string) error {
+func setup(logPath string) {
  setting.NewContext()
  log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
- models.LoadConfigs()
-
- if setting.UseSQLite3 || setting.UseTiDB {
- workPath := setting.AppWorkPath
- if err := os.Chdir(workPath); err != nil {
- log.GitLogger.Fatal(4, "Failed to change directory %s: %v", workPath, err)
- }
- }
-
- setting.NewXORMLogService(true)
- return models.SetEngine()
 }
 
 func parseCmd(cmd string) (string, string) {
@@ -101,10 +89,7 @@ func runServ(c *cli.Context) error {
  if c.IsSet("config") {
  setting.CustomConf = c.String("config")
  }
-
- if err := setup("serv.log"); err != nil {
- fail("System init failed", fmt.Sprintf("setup: %v", err))
- }
+ setup("serv.log")
 
  if setting.SSH.Disabled {
  println("Gitea: SSH has been disabled")
@@ -175,9 +160,9 @@ func runServ(c *cli.Context) error {
  }
  os.Setenv(models.EnvRepoName, reponame)
 
- repo, err := models.GetRepositoryByOwnerAndName(username, reponame)
+ repo, err := private.GetRepositoryByOwnerAndName(username, reponame)
  if err != nil {
- if models.IsErrRepoNotExist(err) {
+ if strings.Contains(err.Error(), "Failed to get repository: repository does not exist") {
  fail(accessDenied, "Repository does not exist: %s/%s", username, reponame)
  }
  fail("Internal error", "Failed to get repository: %v", err)
@@ -214,7 +199,7 @@ func runServ(c *cli.Context) error {
  fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
  }
 
- key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
+ key, err := private.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
  if err != nil {
  fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
  }
@@ -225,23 +210,22 @@ func runServ(c *cli.Context) error {
  if key.Mode < requestedMode {
  fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
  }
+
  // Check if this deploy key belongs to current repository.
- if !models.HasDeployKey(key.ID, repo.ID) {
+ has, err := private.HasDeployKey(key.ID, repo.ID)
+ if err != nil {
+ fail("Key access denied", "Failed to access internal api: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
+ }
+ if !has {
  fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
  }
 
  // Update deploy key activity.
- deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID)
- if err != nil {
- fail("Internal error", "GetDeployKey: %v", err)
- }
-
- deployKey.UpdatedUnix = util.TimeStampNow()
- if err = models.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
+ if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil {
  fail("Internal error", "UpdateDeployKey: %v", err)
  }
  } else {
- user, err = models.GetUserByKeyID(key.ID)
+ user, err = private.GetUserByKeyID(key.ID)
  if err != nil {
  fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
  }
@@ -252,20 +236,24 @@ func runServ(c *cli.Context) error {
  user.Name, repoPath)
  }
 
- mode, err := models.AccessLevel(user.ID, repo)
+ mode, err := private.AccessLevel(user.ID, repo.ID)
  if err != nil {
  fail("Internal error", "Failed to check access: %v", err)
- } else if mode < requestedMode {
+ } else if *mode < requestedMode {
  clientMessage := accessDenied
- if mode >= models.AccessModeRead {
+ if *mode >= models.AccessModeRead {
  clientMessage = "You do not have sufficient authorization for this action"
  }
  fail(clientMessage,
  "User %s does not have level %v access to repository %s",
  user.Name, requestedMode, repoPath)
  }
 
- if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {
+ check, err := private.CheckUnitUser(user.ID, repo.ID, user.IsAdmin, unitType)
+ if err != nil {
+ fail("You do not have allowed for this action", "Failed to access internal api: [user.Name: %s, repoPath: %s]", user.Name, repoPath)
+ }
+ if !check {
  fail("You do not have allowed for this action",
  "User %s does not have allowed access to repository %s 's code",
  user.Name, repoPath)
@@ -325,7 +313,6 @@ func runServ(c *cli.Context) error {
  } else {
  gitcmd = exec.Command(verb, repoPath)
  }
-
  if isWiki {
  if err = repo.InitWiki(); err != nil {
  fail("Internal error", "Failed to init wiki repo: %v", err)

docker/etc/s6/gitea/setup

@@ -39,5 +39,8 @@ if [ ! -f /data/gitea/conf/app.ini ]; then
  envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
 fi
 
-chown -R ${USER}:git /data/gitea /app/gitea /data/git
+# only chown if current owner is not already the gitea ${USER}. No recursive check to save time
+if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi
+if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi
+if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi
 chmod 0755 /data/gitea /app/gitea /data/git

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -359,6 +359,10 @@ IS_INPUT_FILE = false
 - RENDER\_COMMAND: External command to render all matching extensions.
 - IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.
 
+Two special environment variables are passed to the render command:
+- `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
+- `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
+
 ## Other (`other`)
 
 - `SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.

integrations/auth_ldap_test.go

@@ -43,6 +43,7 @@ var gitLDAPUsers = []ldapUser{
  SSHKeys: []string{
  "SHA256:qLY06smKfHoW/92yXySpnxFR10QFrLdRjf/GNPvwcW8",
  "SHA256:QlVTuM5OssDatqidn2ffY+Lc4YA5Fs78U+0KOHI51jQ",
+ "SHA256:DXdeUKYOJCSSmClZuwrb60hUq7367j4fA+udNC3FdRI",
  },
  IsAdmin: true,
  },

main.go

@@ -47,6 +47,7 @@ arguments - which can alternatively be run by running the subcommand web.`
  cmd.CmdCert,
  cmd.CmdAdmin,
  cmd.CmdGenerate,
+ cmd.CmdMigrate,
  }
  app.Flags = append(app.Flags, []cli.Flag{}...)
  app.Action = cmd.CmdWeb.Action

models/repo.go

@@ -1043,7 +1043,6 @@ func MigrateRepository(doer, u *User, opts MigrateRepoOptions) (*Repository, err
  if err = SyncReleasesWithTags(repo, gitRepo); err != nil {
  log.Error(4, "Failed to synchronize tags to releases for repository: %v", err)
  }
- UpdateRepoIndexer(repo)
  }
 
  if err = repo.UpdateSize(); err != nil {
@@ -1061,10 +1060,16 @@ func MigrateRepository(doer, u *User, opts MigrateRepoOptions) (*Repository, err
  }
 
  repo.IsMirror = true
- return repo, UpdateRepository(repo, false)
+ err = UpdateRepository(repo, false)
+ } else {
+ repo, err = CleanUpMigrateInfo(repo)
+ }
+
+ if err != nil && !repo.IsBare {
+ UpdateRepoIndexer(repo)
  }
 
- return CleanUpMigrateInfo(repo)
+ return repo, err
 }
 
 // cleanUpMigrateGitConfig removes mirror info which prevents "push --all".
@@ -2459,7 +2464,7 @@ func ForkRepository(doer, u *User, oldRepo *Repository, name, desc string) (_ *R
  repoPath := RepoPath(u.Name, repo.Name)
  _, stderr, err := process.GetManager().ExecTimeout(10*time.Minute,
  fmt.Sprintf("ForkRepository(git clone): %s/%s", u.Name, repo.Name),
- "git", "clone", "--bare", oldRepo.RepoPath(), repoPath)
+ "git", "clone", "--bare", oldRepo.repoPath(sess), repoPath)
  if err != nil {
  return nil, fmt.Errorf("git clone: %v", stderr)
  }