pagure

Clone

Diff
2 commits, 4 files changed
+15 -5

file modified
+2 -2 
@@ -3,12 +3,12 @@
 

  

  Pagure would be nothing without its contributors.
 

  

- On June 1, 2016 (release 2.2.1), the list looks as follow:
 

+ On July 4, 2016 (release 2.2.2), the list looks as follow:
 

  

  =================  ===========
 

  Number of commits  Contributor
 

  =================  ===========
 

-   4003              Pierre-Yves Chibon <pingou@pingoured.fr>
 

+   4005              Pierre-Yves Chibon <pingou@pingoured.fr>
 

     170              Ryan Lerch <rlerch@redhat.com>
 

      61              farhaanbukhsh <farhaan.bukhsh@gmail.com>
 

      59              Johan Cwiklinski <johan@x-tnd.be>

file modified
+7 -1 
@@ -2,7 +2,7 @@
 

  %distutils.sysconfig import get_python_lib; print (get_python_lib())")}
 

  

  Name:           pagure
 

- Version:        2.2.1
 

+ Version:        2.2.2
 

  Release:        1%{?dist}
 

  Summary:        A git-centered forge
 

  
@@ -254,6 +254,12 @@
 

  

  

  %changelog
 

+ * Mon Jul 04 2016 Pierre-Yves Chibon <pingou@pingoured.fr> - 2.2.2-1
 

+ - Update to 2.2.2
 

+ - Security fix release blocking all html related mimetype when displaying the
 

+   raw files and forces the browser to download them instead (Thanks to Patrick
 

+   Uiterwijk for finding this issue)
 

+ 

  * Wed Jun 01 2016 Pierre-Yves Chibon <pingou@pingoured.fr> - 2.2.1-1
 

  - Update to 2.2.1
 

  - Fix showing the inital comment on PR having only one commit (Ryan Lerch)

file modified
+1 -1 
@@ -12,7 +12,7 @@
 

  __requires__ = ['SQLAlchemy >= 0.8', 'jinja2 >= 2.4']
 

  import pkg_resources
 

  

- __version__ = '2.2.1'
 

+ __version__ = '2.2.2'
 

  __api_version__ = '0.6'

file modified
+5 -1 
@@ -545,16 +545,20 @@
 

      if not mimetype and data[:2] == '#!':
 

          mimetype = 'text/plain'
 

  

+     headers = {}
 

      if not mimetype:
 

          if '\0' in data:
 

              mimetype = 'application/octet-stream'
 

          else:
 

              mimetype = 'text/plain'
 

+     elif 'html' in mimetype:
 

+         mimetype = 'application/octet-stream'
 

+         headers['Content-Disposition'] = 'attachment'
 

  

      if mimetype.startswith('text/') and not encoding:
 

          encoding = chardet.detect(ktc.to_bytes(data))['encoding']
 

  

-     headers = {'Content-Type': mimetype}
 

+     headers['Content-Type'] = mimetype
 

      if encoding:
 

          headers['Content-Encoding'] = encoding

Powered by Pagure 5.13.3
© Red Hat, Inc. and others.