1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-23 12:59:11 -05:00
Commit graph

4283 commits

Author SHA1 Message Date
Giteabot
131a8f0324
Fix incorrect PostgreSQL connection string for Unix sockets (#28865) (#28870)
Backport #28865 by @sdvcrx

Fix #28864

Co-authored-by: sdvcrx <memory.silentvoyage@gmail.com>
(cherry picked from commit 8c7bda8755)
2024-01-31 14:18:25 +01:00
Giteabot
7db542a029
Fix archive creating LFS hooks and breaking pull requests (#28848) (#28851)
Backport #28848 by @brechtvl

When LFS hooks are present in gitea-repositories, operations like git
push for creating a pull request fail. These repositories are not meant
to include LFS files or git push them, that is handled separately. And
so they should not have LFS hooks.

Installing git-lfs on some systems (like Debian Linux) will
automatically set up /etc/gitconfig to create LFS hooks in repositories.
For most git commands in Gitea this is not a problem, either because
they run on a temporary clone or the git command does not create LFS
hooks.

But one case where this happens is git archive for creating repository
archives. To fix that, add a GIT_CONFIG_NOSYSTEM=1 to disable using the
system configuration for that command.

According to a comment, GIT_CONFIG_NOSYSTEM is not used for all git
commands because the system configuration can be intentionally set up
for Gitea to use.

Resolves #19810, #21148

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
(cherry picked from commit 0d50f27469)
2024-01-31 14:18:25 +01:00
Giteabot
cdaf0dc752
Remove duplicated checkinit on git module (#28824) (#28831)
Backport #28824 by @lunny

`checkInit` has been invoked in `InitSimple`. So it's unnecessary to
invoke it twice in `InitFull`.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 8b5c9186a5)
2024-01-31 13:36:08 +01:00
Gusted
f8c9ff55b9
[GITEA] Fix relative links rendering
- Backport of #2166
- Relative links were not properly being rendered, because the links
were being made absolute against the repository URL instead of
repository URL + /src/branch, which leads to incorrect links.
- Restore the 'old' behaviour. When there's branch information, that
should be used as base for links.
- Adjusts the test cases.
- Regression of 637451a45e
- Resolves https://codeberg.org/Codeberg/Community/issues/1411

(cherry picked from commit 0e9d52e291)
2024-01-17 17:57:22 +01:00
Giteabot
4df056a14e
Use refname:strip-2 instead of refname:short when syncing tags (#28797) (#28811)
Backport #28797 by @lunny

Fix #28694

Generally, `refname:short` should be equal to `refname:lstrip=2` except
`core.warnAmbiguousRefs is used to select the strict abbreviation mode.`

ref:
https://git-scm.com/docs/git-for-each-ref#Documentation/git-for-each-ref.txt-refname

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 4746291b08)
2024-01-16 14:41:11 +00:00
KN4CK3R
875b398e5e
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

(cherry picked from commit 022552d5b6)
2024-01-16 14:41:11 +00:00
Giteabot
215c96e646
Use correct has error check for internal responses (#28796) (#28798)
Backport #28796 by @wxiaoguang

`resp != nil` doesn't mean the request really succeeded. Add a comment
for requestJSONResp to clarify the behavior.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit cbf366643b)
2024-01-16 14:40:56 +00:00
Giteabot
367561fff2
Fix nil pointer panic when exec some gitea cli command (#28791) (#28795)
Backport #28791 by @yp05327

panic:

![image](https://github.com/go-gitea/gitea/assets/18380374/7fcde2ad-1d42-4b60-b120-3b60a8926e8e)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/49d9f0ca-e590-4a35-8ca2-1317d1b7c939)

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit df694f6a7d)
2024-01-16 14:40:56 +00:00
Giteabot
765aa1479d
Show description as tooltip instead of title for labels (#28754) (#28766)
Backport #28754 by @delvh

Follow GitHubs behavior of showing the label description as a tooltip
instead of the browser native title.

## Before

![grafik](https://github.com/go-gitea/gitea/assets/51889757/70448327-467b-4bee-b799-40a442a5ce16)

## After

![grafik](https://github.com/go-gitea/gitea/assets/51889757/abe7d700-148b-4cef-a487-6b0f8f20b212)

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f0c709637)
2024-01-16 14:39:23 +00:00
Giteabot
464c6e8d73
Add -F to commit search to treat keywords as strings (#28744) (#28748)
Backport #28744 by @me-heer

Fixes #28269

The [default
behavior](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp)
of --grep in git log is to interpret the keyword as a regular
expression. This causes the search to fail in the cases where the search
keyword contains a `[`, since `[` is a special character used in grep.

If we want our keywords to be interpreted as 'strings', we should use
[-F
flag](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp).

Co-authored-by: Mihir Joshi <mihir67mj@gmail.com>
(cherry picked from commit f220f4231a)
2024-01-16 14:39:23 +00:00
Giteabot
ad027c2818
Fix panic when parsing empty pgsql host (#28708) (#28709)
Backport #28708 by wxiaoguang

Regression of #27723
Fix #28705

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 7f833d8f71)
2024-01-16 14:16:56 +00:00
wxiaoguang
d537b63521
Make template DateTime show proper tooltip (#28677) (#28683)
Backport #28677

(cherry picked from commit 83457805bb)
2024-01-16 14:16:55 +00:00
Gusted
fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
wxiaoguang
ea8ca5b509
Avoid cycle-redirecting user/login page (#28636) (#28658)
Backport #28636

Fix #28231, and remove some unused code.

(cherry picked from commit 2165729d16)
2024-01-16 14:11:44 +00:00
Earl Warren
d694579bdf
Revert "[GITEA] rework long-term authentication"
This reverts commit 8d2dab94a6.
2024-01-16 14:11:28 +00:00
Gusted
120294c44e
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
(cherry picked from commit dd2414f226)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/issues/2016
2024-01-16 14:09:55 +00:00
wxiaoguang
265cd70bdb
Refactor CORS handler (#28587) (#28611)
Backport #28587, the only conflict is the test file.

The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098

(cherry picked from commit 7a2786ca6c)
2024-01-16 14:08:38 +00:00
Earl Warren
0b872a403d
Revert "[GITEA] Use maintained gziphandler"
This reverts commit dd2414f226.
2024-01-16 14:08:31 +00:00
Earl Warren
c6940a6c5a
[ACTIONS] on.schedule: create a new payload
do not reuse the payload of the event that triggered the creation of
the scheduled event. Create a new one instead that contains no other
information than the event name in the action field ("schedule").

(cherry picked from commit 0b40ca1ea5)
2023-12-23 15:58:37 +01:00
Earl Warren
892a8e1f4a
[ACTIONS] on.schedule: the event is always "schedule"
handleSchedules() is called every time an event is received and will
check the content of the main branch to (re)create scheduled events.
There is no reason why intput.Event will be relevant when the schedule
workflow runs.

(cherry picked from commit 9a712bb276)
2023-12-23 15:58:37 +01:00
Giteabot
40fa6a526a
Fix the issue ref rendering for wiki (#28556) (#28559)
Backport #28556 by wxiaoguang

Fix #28526, regression of
* #26365

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit f096635622)
2023-12-22 12:10:03 +01:00
Giteabot
5d1d66ac3a
chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
Backport #28491 by @appleboy

- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
(cherry picked from commit 411310d698)
2023-12-22 12:10:03 +01:00
wxiaoguang
cd5a0ec1c8
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149

(cherry picked from commit a3f403f438)

Conflicts:
	modules/setting/ui.go
	trivial context conflict
2023-12-22 12:07:01 +01:00
Giteabot
c5ac659d1b
Initalize stroage for orphaned repository doctor (#28487) (#28490)
Backport #28487 by @earl-warren

- When a repository is orphaned and has objects stored in any of the
storages such as repository avatar or attachments the delete function
would error, because the storage module wasn't initalized.
- Add code to initialize the storage module.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1954

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit 8ee1ed877b)
2023-12-22 12:05:11 +01:00
Earl Warren
76d58fa269
[GITEA] test markdown CleanValue to prevent regression
It will determine how anchors are created and will break existing
links otherwise.

Adapted from Revert "Make `user-content-* ` consistent with github (#26388)
2023-12-13 18:12:08 +01:00
Earl Warren
dbd896ce42
[GITEA] Revert "Make user-content-* consistent with github (#26388)"
Refs: https://codeberg.org/forgejo/forgejo/issues/1943

This reverts commit d41aee1d1e.

(cherry picked from commit d29ec91e91)
2023-12-13 18:09:56 +01:00
Earl Warren
c477780163
Revert "Deprecate query string auth tokens (#28390) (#28430)"
It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.

su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.

This reverts commit 0e3a5abb69.

Conflicts:
	routers/api/v1/api.go
2023-12-12 17:04:38 +01:00
Giteabot
0e3a5abb69
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit f144521aea)
2023-12-12 15:21:33 +01:00
Otto Richter
5258e8f63d Correct default license selection
The default license choice was not working as expected,
because both the files in options/license were named differently, and
the setting string is not parsed properly.

The documentation will also be corrected.

See conversation on Matrix:
https://matrix.to/#/%23forgejo-chat%3Amatrix.org/%24ue13GJPr2d7D8fEaLx8yh1mFn3a4TVy_khkajrAYtx0?via=matrix.tu-berlin.de&via=turbo.ooo&via=matrix.org&via=catgirl.cloud
2023-12-08 14:38:06 +01:00
Giteabot
31c4a80979
Make gogit Repository.GetBranchNames consistent (#28348) (#28386)
Backport #28348 by @AdamMajer

nogogit GetBranchNames() lists branches sorted in reverse commit date
order. On the other hand the gogit implementation doesn't apply any
ordering resulting in unpredictable behaviour. In my case, the unit
tests requiring particular order fail

    repo_branch_test.go:24:
                Error Trace:
               ./gitea/modules/git/repo_branch_test.go:24
                Error:          elements differ

                                extra elements in list A:
                                ([]interface {}) (len=1) {
                                 (string) (len=6) "master"
                                }

                                extra elements in list B:
                                ([]interface {}) (len=1) {
                                 (string) (len=7) "branch1"
                                }

                                listA:
                                ([]string) (len=2) {
                                 (string) (len=6) "master",
                                 (string) (len=7) "branch2"
                                }

                                listB:
                                ([]string) (len=2) {
                                 (string) (len=7) "branch1",
                                 (string) (len=7) "branch2"
                                }
                Test:           TestRepository_GetBranches

To fix this, we sort branches based on their commit date in gogit
implementation.

Fixes: #28318

Co-authored-by: Adam Majer <amajer@suse.de>
(cherry picked from commit 272ae03341)
2023-12-08 13:41:16 +01:00
Giteabot
52f8fde69f
Fix incorrect default value of [attachment].MAX_SIZE (#28373) (#28376)
Backport #28373 by @capvor

In the documents, the `[attachment] MAX_SIZE` default value should be 4.

Reference the source code `modules/setting/attachment.go` line 29.

Co-authored-by: capvor <capvor@sina.com>
(cherry picked from commit 8f2805f757)
2023-12-08 13:41:16 +01:00
Giteabot
f484ad6a29
Use filepath instead of path to create SQLite3 database file (#28374) (#28378)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix #28300

(cherry picked from commit 5eaf91e919)
2023-12-08 13:41:16 +01:00
Giteabot
346635605d
Convert git commit summary to valid UTF8. (#28356) (#28358)
Backport #28356 by @darrinsmart

The summary string ends up in the database, and (at least) MySQL &
PostgreSQL require valid UTF8 strings.

Fixes #28178

Co-authored-by: darrinsmart <darrin@djs.to>
Co-authored-by: Darrin Smart <darrin@filmlight.ltd.uk>
(cherry picked from commit fef34790bb)
2023-12-08 13:41:16 +01:00
Giteabot
b69ad623c2
Read previous info from git blame (#28306) (#28310)
Backport #28306 by @KN4CK3R

Fixes #28280

Reads the `previous` info from the `git blame` output instead of
calculating it afterwards.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit e15fe85335)
2023-12-08 13:41:16 +01:00
wxiaoguang
6cc02cdfd4
Ignore "non-existing" errors when getDirectorySize calculates the size (#28276) (#28285)
Backport #28276

The git command may operate the git directory (add/remove) files in any
time.

So when the code iterates the directory, some files may disappear during
the "walk". All "IsNotExist" errors should be ignored.

(cherry picked from commit 4f5122a7fe)
2023-12-08 13:41:16 +01:00
Giteabot
13c0df40de
Meilisearch: require all query terms to be matched (#28293) (#28296)
Co-authored-by: Brecht Van Lommel <brecht@blender.org>
(cherry picked from commit d2908b2794)
2023-12-08 13:41:15 +01:00
Earl Warren
b17113bb06
Revert "[GITEA] Ignore temporary files for directory size"
This reverts commit 68dddcc6ff.
2023-12-08 13:40:06 +01:00
Gergely Nagy
1fea3ce659 [GITEA] new doctor check: fix-push-mirrors-without-git-remote (#1853)
Same as https://codeberg.org/forgejo/forgejo/pulls/1853, backported to v1.21/forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1864
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2023-12-01 13:56:03 +00:00
pitpalme
453ff1a57d
Fix delete-orphaned-repos (#28200) (#28202)
Backport #28200

gitea doctor failed at checking and fixing 'delete-orphaned-repos',
because table name 'user' needs quoting to be correctly recognized by at
least PostgreSQL.

fixes #28199

(cherry picked from commit 7cae4dfc00)
2023-11-25 07:27:39 +01:00
Giteabot
3175a984f2
Make CORS work for oauth2 handlers (#28184) (#28185)
Backport #28184

Fix #25473

Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 23838c2c2e)
2023-11-25 07:27:39 +01:00
Giteabot
c5bb91a9eb
Add guide page to actions when there's no workflows (#28145) (#28153)
Backport #28145 by @yp05327

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/599d40c1-9b8d-4189-9286-c9c36fb780dd)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/848a73d1-aaec-478f-93a7-adcc7ee18907)

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 9bfee5014b)
2023-11-22 17:12:12 +01:00
Giteabot
c1595117ce
Change default size of attachments and repo files (#28100) (#28106)
Backport #28100 by @lng2020

https://github.com/go-gitea/gitea/pull/27946 forgets to change them in
code. Sorry about that.

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 56bedf2bcc)
2023-11-22 17:12:12 +01:00
Giteabot
9584a3619a
Fix incorrect pgsql conn builder behavior (#28085) (#28098)
Backport #28085 by @wxiaoguang

Fix #28083 and fix the tests

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit f7567f798d)
2023-11-22 17:12:12 +01:00
Earl Warren
8869464c1d
Merge branch 'rebase-v1.21/forgejo-branding' into wip-v1.21-forgejo 2023-11-13 16:47:18 +01:00
Earl Warren
30a15784d4
Merge branch 'rebase-v1.21/forgejo-dependency' into wip-v1.21-forgejo 2023-11-13 16:47:12 +01:00
Earl Warren
2f84786d0c
Merge branch 'rebase-v1.21/forgejo-moderation' into wip-v1.21-forgejo 2023-11-13 16:47:07 +01:00
Gusted
68dddcc6ff
[GITEA] Ignore temporary files for directory size
- Backport https://codeberg.org/forgejo/forgejo/pulls/1742
  - While looking trough the logs for unrelated things I noticed errors
for directory size calculations in `pushUpdates` that were being caused
by a race condition in which git was making temporary file,
`filepath.WalkDir` noticed that but by the time the second lstat
came(`info.Info()`) it was already gone and it would error.
  - Ignore temporary files created by Git.
  - There are other cases but much much more rarer and not trivial to detect.

Examples:

...s/repository/push.go:96:pushUpdates() [E] Failed to update size for repository: updateSize: lstat [...]/objects/info/commit-graphs/tmp_graph_Wcy9kR: no such file or directory
...s/repository/push.go:96:pushUpdates() [E] Failed to update size for repository: updateSize: lstat [...]/packed-refs.lock: no such file or directory

(cherry picked from commit 16ce00772d)
(cherry picked from commit 2aebef847f)
2023-11-13 14:06:32 +01:00
Gusted
8d2dab94a6
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
2023-11-13 14:06:31 +01:00
Gusted
dd2414f226
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
2023-11-13 14:06:31 +01:00
Gusted
a7a74706ec
[GITEA] Remove SSH workaround
- Update github.com/gliderlabs/ssh to include 02f9d57300.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1230

(cherry picked from commit 05a0fd8c9f)
(cherry picked from commit fcd68716a3)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit ff60267b91)
(cherry picked from commit cff3238a21)
(cherry picked from commit 93a3cc6bda)
(cherry picked from commit 213f1edbdc)
(cherry picked from commit c249b0b0aa)
(cherry picked from commit 43abe08aff)
2023-11-13 14:06:31 +01:00