Package: open-build-service / 2.9.4-2

Metadata

Package Version Patches format
open-build-service 2.9.4-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2018 12479.patch | (download)

src/api/app/controllers/request_controller.rb | 11 10 + 1 - 0 !
src/api/app/models/bs_request.rb | 3 3 + 0 - 0 !
2 files changed, 13 insertions(+), 1 deletion(-)

 prevent creation of a request with an id attribute
 Fixes CVE-2018-12479. This patch was backported from upstream:
 https://github.com/openSUSE/open-build-service/pull/5880/files
Do not load external js in runtime.patch | (download)

src/api/public/402.html | 6 0 + 6 - 0 !
src/api/public/403.html | 6 0 + 6 - 0 !
src/api/public/404.html | 6 0 + 6 - 0 !
src/api/public/408.html | 6 0 + 6 - 0 !
src/api/public/500.html | 6 0 + 6 - 0 !
src/api/public/503.html | 7 0 + 7 - 0 !
6 files changed, 37 deletions(-)

 do not load external js
use ruby2.5.patch | (download)

dist/find-requires.sh | 4 2 + 2 - 0 !
dist/obs_api_delayed_jobs_monitor.cron | 2 1 + 1 - 0 !
dist/obsapidelayed | 12 6 + 6 - 0 !
dist/setup-appliance.sh | 8 4 + 4 - 0 !
docs/api/restility/bin/rest_doc | 2 1 + 1 - 0 !
docs/api/restility/bin/rest_test | 2 1 + 1 - 0 !
src/api/Makefile | 6 3 + 3 - 0 !
src/api/Rakefile | 2 1 + 1 - 0 !
src/api/bin/bundle | 2 1 + 1 - 0 !
src/api/bin/pry | 2 1 + 1 - 0 !
src/api/bin/rails | 2 1 + 1 - 0 !
src/api/bin/rake | 2 1 + 1 - 0 !
src/api/bin/rdoc | 2 1 + 1 - 0 !
src/api/bin/ri | 2 1 + 1 - 0 !
src/api/bin/rspec | 2 1 + 1 - 0 !
src/api/bin/rubocop | 2 1 + 1 - 0 !
src/api/db/migrate/20150623063641_reindex_sphinx_db.rb | 3 1 + 2 - 0 !
src/api/script/api_test_in_spec.sh | 12 6 + 6 - 0 !
src/api/script/check_database | 2 1 + 1 - 0 !
src/api/script/delayed_job.api.rb | 2 1 + 1 - 0 !
src/api/script/delayed_job_monitor.rb | 2 1 + 1 - 0 !
src/api/script/import | 2 1 + 1 - 0 !
src/api/script/plugin | 2 1 + 1 - 0 !
src/api/script/reformat_memprof | 2 1 + 1 - 0 !
src/api/script/rubygem_package_names.rb | 2 1 + 1 - 0 !
src/api/script/start_test_backend | 2 1 + 1 - 0 !
26 files changed, 42 insertions(+), 43 deletions(-)

 fix ruby and gem calls, do not use ruby2.5
 Use the default ruby provided by the system, now it is ruby2.5
database.yml settings.patch | (download)

src/api/config/database.yml.example | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---
gemfile tweaks.patch | (download)

src/api/Gemfile | 79 3 + 76 - 0 !
1 file changed, 3 insertions(+), 76 deletions(-)

---
FHS path.patch | (download)

Makefile.include | 2 1 + 1 - 0 !
src/api/Makefile | 6 3 + 3 - 0 !
2 files changed, 4 insertions(+), 4 deletions(-)

 fhs path to point obs document root as /var/lib/obs/www/obs.


do not install fillups and initscripts.patch | (download)

dist/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
fix embedded js.patch | (download)

src/api/public/402.html | 2 1 + 1 - 0 !
src/api/public/403.html | 2 1 + 1 - 0 !
src/api/public/404.html | 2 1 + 1 - 0 !
src/api/public/408.html | 2 1 + 1 - 0 !
src/api/public/500.html | 2 1 + 1 - 0 !
5 files changed, 5 insertions(+), 5 deletions(-)

---
jquery ui.patch | (download)

src/api/app/assets/javascripts/webui/application.js.erb | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 migrate jquery-ui-rails from 5.0.5 to 6.0.1.
missing codemirror js.patch | (download)

src/api/app/assets/javascripts/webui/application/cm2/index.js | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 added codemirror/addons/mode/simple.js
Do not ship database.yml.patch | (download)

src/api/Makefile | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

---
fix sphinx.patch | (download)

src/api/Makefile | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 fix brackets in makefile thst prepare to run sphine.
disable slp.patch | (download)

dist/sysconfig.obs-server | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable slp in obs-server conf as debian drop slptool from archive
Drop airbrake and airbrake ruby.patch | (download)

src/api/Gemfile | 4 0 + 4 - 0 !
src/api/Gemfile.lock | 5 0 + 5 - 0 !
src/api/app/controllers/webui/request_controller.rb | 1 0 + 1 - 0 !
src/api/app/jobs/create_job.rb | 2 0 + 2 - 0 !
src/api/app/jobs/send_event_emails_job.rb | 1 0 + 1 - 0 !
src/api/app/models/package.rb | 2 0 + 2 - 0 !
src/api/app/models/update_notification_events.rb | 8 0 + 8 - 0 !
src/api/config/initializers/airbrake.rb | 83 0 + 83 - 0 !
src/api/spec/jobs/send_event_emails_job_spec.rb | 4 0 + 4 - 0 !
src/api/spec/jobs/update_released_binaries_job_spec.rb | 7 0 + 7 - 0 !
10 files changed, 117 deletions(-)

 we can ignore airbrake* and peek* since they are used to monitor and profile the application.
Drop peek dalli n peek mysql2.patch | (download)

src/api/Gemfile | 2 0 + 2 - 0 !
src/api/Gemfile.lock | 12 0 + 12 - 0 !
src/api/config/initializers/peek.rb | 2 0 + 2 - 0 !
3 files changed, 16 deletions(-)

 we can ignore airbrake* and peek* since they are used to monitor and profile the application
do not run rake at build time.patch | (download)

src/api/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
drop deprecated activesupport option.patch | (download)

src/api/config/initializers/new_framework_defaults.rb | 3 0 + 3 - 0 !
1 file changed, 3 deletions(-)

 drop deprecated activesupport option
 The `halt_callback_chains_on_return_false` option has been dropped in
 rails 5.2.2:
  https://github.com/rails/rails/commit/19fbbebb1665e482d76cae30166b46e74ceafe29
 We should drop it in the config so that we can build the rails app.
rails5.2 fix for data migrate.patch | (download)

src/api/db/migrate/20170306084558_change_repositories_remote_project_name_to_not_null.rb | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 rails 5.2 fix for data migrate
rails 5.2 add prefix to kiwi.patch | (download)

src/api/app/models/kiwi/preference.rb | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [frontend] rails 5.2: add a prefix to kiwi preference enum
 With the recent rails update we started to get an error message:
 You tried to define an enum named "type_image" on the model "Kiwi::Preference",
 but this will generate a class method "split", which is already defined by
 ActiveRecord::Relation. (ArgumentError)
 .
 The solution to that is to define a prefix for that enumaration. This
 prefix will be added to any helper method generated by the enum library,
 eg. my_preference.image_type_split? instead of my_preference.split?.
no signing server config.patch | (download)

src/backend/BSConfig.pm.template | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 set the default config to no signing server
 As we do not support signd by default in Debian OBS package. So that
 we should set this default as no signing server in the config file.