From 424a3982787b6d687e265ea62143102616d5130e Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Sep 24 2018 20:04:38 +0000 Subject: Release pagure 5.0 Signed-off-by: Pierre-Yves Chibon --- diff --git a/UPGRADING.rst b/UPGRADING.rst index 4b62c69..9d98658 100644 --- a/UPGRADING.rst +++ b/UPGRADING.rst @@ -1,6 +1,69 @@ Upgrading Pagure ================ +From 4.x to 5.0 +--------------- + +The release 5.0 brings some changes to the database schema. + +* Update the data schema using alembic: ``alembic upgrade head`` + +New configuration keys added: + +* PR_TARGET_MATCHING_BRANCH +* EMAIL_ON_WATCHCOMMITS +* THEME +* GIT_AUTH_BACKEND (replacing GITOLITE_BACKEND, backward compatibility kept for + now) +* REPOSPANNER_PSEUDO_FOLDER +* REPOSPANNER_NEW_REPO +* REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE +* REPOSPANNER_NEW_FORK +* REPOSPANNER_ADMIN_MIGRATION +* REPOSPANNER_REGIONS +* SSH_KEYS_USERNAME_LOOKUP +* SSH_KEYS_USERNAME_EXPECT +* SSH_KEYS_OPTIONS + +Configuration deprecated: + +* BOOTSTRAP_URLS_CSS +* BOOTSTRAP_URLS_JS +* FILE_SIZE_HIGHLIGHT +* HTML_TITLE +* GITOLITE_BACKEND + +Note: Some configuration keys changed their default value: + +* LOGGING +* PRIVATE_PROJECTS +* EMAIL_ERROR +* FROM_EMAIL +* DOMAIN_EMAIL_NOTIFICATIONS +* APP_URL +* DOC_APP_URL +* GIT_URL_SSH +* GIT_URL_GIT +* FEDMSG_NOTIFICATIONS +* PAGURE_AUTH + + +From 3.x to 4.0 +--------------- + +The release 4.0 brings some changes to the database schema. + +* Update the data schema using alembic: ``alembic upgrade head`` + +New configuration keys added: + +* EMAIL_ON_WATCHCOMMITS +* ALWAYS_FEDMSG_ON_COMMITS +* SESSION_TYPE +* PROJECT_TEMPLATE_PATH +* FORK_TEMPLATE_PATH + + From 3.13 to 3.13.1 ------------------- diff --git a/doc/changelog.rst b/doc/changelog.rst index 1fe4014..f7bfaa7 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -3,6 +3,118 @@ Changelog This document records all notable changes to `Pagure `_. + +5.0 (2018-09-24) +---------------- + +.. warning:: This release contains backward incompatible changes and fixes a CVE + +- Pagure supports now python2 and python3 simultaneously (Thanks to Aurélien + Bompard and Neal Gompa for the testing) +- New UI deployed (thanks to Ryan Lerch) +- New dashboard page as index page when authenticated (Ryan Lerch) +- API listing items (projects, issues, pull-requests are now paginated ( + Karsten Hopp) + .. warning:: Backward incompatible +- Enable private projects by default (Neal Gompa) + .. warning:: Backward incompatible +- Change the default and sample configuration to point to localhost-friendly + resources (Neal Gompa) + .. warning:: Backward incompatible +- Disable sending FedMsg notifications by default (Neal Gompa) + .. warning:: Backward incompatible +- Switch default authentication to `local` (Neal Gompa) + .. warning:: Backward incompatible +- Drop the dependency on python-pygments +- Drop the dependency on flask-multistatic +- Drop the dependency on python-trollius (in favor of python-trololio) (Neal + Gompa) +- Bump pygit2 requirement to 0.24.0 minimum + .. warning:: Backward incompatible +- Add support to re-open a pull-request (Karsten Hopp) +- Fix editing a file into a fork containing a namespace +- Allow creating a new API token based on an expired one +- New API endpoint to submit a pull-request +- Add support for making the issue tracker read-only +- Add a new API endpoint allowing to update watch status on a project +- Paginate the project lists on the front pages +- Let the reply button append instead of replacing +- Add a way to list all API tokens and don't restrict the info command ( + in pagure-admin) +- Expand pagure-admin to allow using it to block an user +- Expand pagure-admin to allow adding new groups using it +- Allow viewing commits from a git tag +- Support viewing commits from a specific commit hash +- Add a hook that disables creating new branches by git push (Slavek Kabrda) +- Make API endpoint for creating new git branch have its own ACL +- Support sorting PR's by recent activity (ymdatta) +- Fix installing the API key reminder cron with systemd integration +- Add reactions to comments (Lubomír Sedlář) +- New API endpoint allowing to retrieve pull-requests based on their UUID + (Slavek Kabrda) +- Add an option to restrict emails sent to certain domains (Karsten Hopp) +- Integration with repospanner (Patrick Uiterwijk) +- Rework how git hooks work to rely on a single file rather than moving files + around (Patrick Uiterwijk) +- Add themes for pagure.io, src.fedoraproject.org (Ryan Lerch) +- Add themes for OpenSUSE (hellcp) +- Ensure remote PR are opened from a remote URL (CVE-2018-1002158 - reported by + Patrick Uiterwijk) + +4.0.4 (2018-07-19) +------------------ + +.. note:: This release fixes CVE-2018-1002155, CVE-2018-1002156, + CVE-2018-1002157, CVE-2018-1002153 + +- Ensure the project's description does not contain any javascript (Michael + Scherer) +- Prevent the project's URL to be anything other than an URL +- Escape any html people may have injected in their author name in commits + (Michael Scherer) +- Do not serve SVG inline (Michael Scherer) + + - The four items above constitute CVE-2018-1002155 + +- Catch exception raised by pagure-ci when it fails to find a build on jenkins +- Fix RELATES and FIXES regex to cover projects with a dash in their name +- Support calls from jenkins indicating the build is started +- Ensure we check the required group membership when giving a project away +- Add missing titles to the milestones table in the settings +- Properly inform the user if they are introducing a duplicated tag +- Only select the default template when creating a new ticket +- Fix the subscribe button on the PR page +- Fix updating a remote PR +- Fix showing the 'more' button on the overview page +- Multiple fixes to the pagure-milter +- Fix triggering CI checks on new comments added to a PR +- Fix logging and the SMTPHandler +- Do not notify everyone about private tickets (CVE-2018-1002157) +- Make the settings of a project private (CVE-2018-1002156) +- Ensure the git repo of private projects aren't exposed via https + (CVE-2018-1002153) +- Do not log activity on private projects +- Drop trollius-redis requirement (Neal Gompa) + +4.0.3 (2018-05-14) +------------------ + +- Backport utility method from the 4.1 code to fix the 4.0.2 release + +4.0.2 (2018-05-14) +------------------ + +.. note:: This release fixes CVE-2018-1002151 + +- Fix showing the list of issues in a timely fashion (Patrick Uiterwijk) +- Fix stats for commits without author (Lubomír Sedlář) +- Explain how to fetch a pull request locally and some grammar fixes + (Todd Zullinger) +- Drop the constraint on the requirement on straight.plugin but document it +- Fix the requirement on bcrypt, it's optional +- Make API endpoint for creating new git branch have its own ACL + fixes CVE-2018-1002151 + 4.0.1 (2018-04-26) ------------------ diff --git a/doc/contributors.rst b/doc/contributors.rst index abfb010..3007894 100644 --- a/doc/contributors.rst +++ b/doc/contributors.rst @@ -3,48 +3,51 @@ Contributors to pagure Pagure would be nothing without its contributors. -On April 26, 2018 (release 4.0.1) the list looks as follow: +On September 24, 2018 (release 5.0) the list looks as follow: ================= =========== Number of commits Contributor ================= =========== - 5831 Pierre-Yves Chibon - 193 Ryan Lerch + 6163 Pierre-Yves Chibon + 305 Ryan Lerch 172 Vivek Anand 139 farhaanbukhsh - 130 Patrick Uiterwijk - 125 Clement Verna - 85 Farhaan Bukhsh + 133 Patrick Uiterwijk + 127 Clement Verna + 88 Farhaan Bukhsh 59 Johan Cwiklinski 47 Mark Reynolds + 47 Slavek Kabrda 32 Matt Prahl 32 Pradeep CE (cep) - 30 Lubomír Sedlář - 26 Slavek Kabrda + 31 Lubomír Sedlář + 28 Karsten Hopp + 25 Lubomír Sedlář + 25 Patrick Uiterwijk 23 rahul Bajaj 20 Jeremy Cline + 19 Aurélien Bompard 19 Gaurav Kumar + 19 Neal Gompa 18 Abhijeet Kasurde 18 Sayan Chowdhury 17 Adam Williamson - 17 Lubomír Sedlář 17 Ralph Bean 15 Brian Stinson 15 Vibhor Verma + 14 Igor Gnatenko 14 Justin W. Flory 13 Ghost-script 13 Martin Basti 13 Mathieu Bridon - 11 Aurélien Bompard 11 Shengjing Zhu 9 mprahl - 8 Igor Gnatenko 8 Lei Yang - 7 Karsten Hopp - 7 Patrick Uiterwijk + 8 Paul W. Frields 7 René Genz + 6 Michael Scherer 6 Michael Watters - 6 Paul W. Frields + 6 ymdatta 5 Mike McLean 5 Oliver Gutierrez 5 Shaily @@ -56,12 +59,14 @@ Number of commits Contributor 4 clime 3 Ankush Behl 3 Anthony Lackey + 3 Chenxiong Qi 3 Dhriti Shikhar 3 Eric Barbour 3 Jan Pokorný 3 Jason Tibbitts 3 Kushal Khandelwal 3 Pedro Lima + 3 Pierre-YvesChibon 3 Ricky Elrod 3 Sergio Durigan Junior 3 Stefan Bühler @@ -71,38 +76,42 @@ Number of commits Contributor 3 skrzepto 3 tenstormavi 2 Akshay Gaikwad + 2 Anatoli Babenia 2 Carlos Mogas da Silva 2 Daniel Mach 2 Kamil Páral 2 Nuno Maltez 2 Ompragash 2 Peter Oliver - 2 Pierre-YvesChibon 2 Rahul Bajaj 2 Richard Marko 2 Simo Sorce 2 Tim Flink + 2 Todd Zullinger 2 William Moreno Reyes 2 bruno 2 dhrish20 + 2 hellcp 2 yadneshk - 2 ymdatta 2 “AnjaliPardeshi” <“anjalipardeshi92@gmail.com”> 1 Aleksandra Fedorova (bookwar) + 1 Alois Mahdal 1 Amol Kahat 1 Anthony Lackey 1 Arti Laddha 1 Brian (bex) Exelbierd 1 Carl George 1 Charelle Collett - 1 Chenxiong Qi 1 David Caro 1 Eashan + 1 Felix Yan + 1 Filip Valder 1 Haikel Guemar 1 Hazel Smith 1 John Florian 1 Kunaal Jain 1 Mathew Robinson + 1 Miro Hrončok 1 Mohan Boddu 1 Neha Kandpal 1 Peter Kolínek @@ -112,6 +121,7 @@ Number of commits Contributor 1 Snehal Karale 1 Stanislav Laznicka 1 Stanislav Ochotnicky + 1 Stasiek Michalski 1 Stephen Gallagher 1 Tiago M. Vieira 1 Till Hofmann @@ -126,6 +136,7 @@ Number of commits Contributor 1 d3prof3t 1 ishcherb 1 jcvicelli + 1 josef radinger 1 pingou 1 prasad0896 1 rishika7000 diff --git a/files/pagure.spec b/files/pagure.spec index 3b57cb3..7963cfe 100644 --- a/files/pagure.spec +++ b/files/pagure.spec @@ -16,8 +16,8 @@ Name: pagure -Version: 4.0.4 -Release: 2%{?dist} +Version: 5.0 +Release: 1%{?dist} Summary: A git-centered forge License: GPLv2+ @@ -467,6 +467,30 @@ sed -e "s/pythonX.Y/python%{python3_version}/g" -i $RPM_BUILD_ROOT/%{_sysconfdir %changelog +* Mon Sep 24 2018 Pierre-Yves Chibon - 5.0-1 +- Update to pagure 5.0 + +* Mon Sep 17 2018 Pierre-Yves Chibon - 4.93.0-1 +- Update to 4.93.0, fourth beta release of pagure 5.0 + +* Wed Aug 29 2018 Pierre-Yves Chibon - 4.92.0-1 +- Update to 4.92.0, third beta release of pagure 5.0 + +* Thu Aug 23 2018 Pierre-Yves Chibon - 4.91.0-1 +- Update to 4.91.0, second beta release of pagure 5.0 + +* Mon Aug 20 2018 Pierre-Yves Chibon - 4.90.0-1 +- Update to 4.90.0, first beta release of pagure 5.0 + +* Thu Jul 19 2018 Pierre-Yves Chibon - 4.0.4-1 +- Update to 4.0.4 + +* Mon May 14 2018 Pierre-Yves Chibon - 4.0.3-1 +- Update to 4.0.3 + +* Mon May 14 2018 Pierre-Yves Chibon - 4.0.2-1 +- Update to 4.0.2 + * Thu Apr 26 2018 Pierre-Yves Chibon - 4.0.1-1 - Update to 4.0.1 diff --git a/pagure/__init__.py b/pagure/__init__.py index b5e5398..1046304 100644 --- a/pagure/__init__.py +++ b/pagure/__init__.py @@ -11,5 +11,5 @@ from __future__ import unicode_literals -__version__ = "4.0.1" -__api_version__ = "0.23" +__version__ = "5.0" +__api_version__ = "0.24"