1
1
mirror of https://github.com/go-gitea/gitea synced 2024-11-02 08:14:25 +00:00
gitea/modules
Earl Warren 4ab8e56c91
restrict certificate type for builtin SSH server (#26789)
- While doing some sanity checks over OpenSSH's code for how they handle
certificates authentication. I stumbled on an condition that checks the
certificate type is really an user certificate on the server-side
authentication. This checks seems to be a formality and just for the
sake of good domain seperation, because an user and host certificate
don't differ in their generation, verification or flags that can be
included.
- Add this check to the builtin SSH server to stay close to the
unwritten SSH specification.
- This is an breaking change for setups where the builtin SSH server is
being used and for some reason host certificates were being used for
authentication.
- 
(cherry picked from commit de35b141b79a3d6efe2127ed2c73fd481515e481)

Refs: https://codeberg.org/forgejo/forgejo/pulls/1172

## ⚠️ BREAKING ⚠️

Like OpenSSH, the built-in SSH server will now only accept SSH user
certificates, not server certificates.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-01 13:45:22 +00:00
..
actions chore(actions): support cron schedule task (#26655) 2023-08-24 03:06:51 +00:00
activitypub Expanded minimum RSA Keylength to 3072 (#26604) 2023-08-28 00:53:16 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
auth Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
avatar Remove nfnt/resize and oliamb/cutter (#25999) 2023-07-20 19:52:42 +08:00
base Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
cache improve unit test for caching (#26185) 2023-07-27 22:24:40 +02:00
charset Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
container
context Avoid double-unescaping of form value (#26853) 2023-09-01 12:01:36 +00:00
contexttest Avoid double-unescaping of form value (#26853) 2023-09-01 12:01:36 +00:00
csv Refactor locale number (#24134) 2023-04-17 11:37:23 +08:00
doctor Add fix incorrect can_create_org_repo for org owner team (#26683) 2023-08-29 01:11:23 +00:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
generate Handle base64 decoding correctly to avoid panic (#26483) 2023-08-14 10:30:16 +00:00
git Remove redundant nil check in WalkGitLog (#26773) 2023-08-29 11:03:43 +00:00
gitgraph Add context cache as a request level cache (#22294) 2023-02-15 21:37:34 +08:00
graceful Allow the use of alternative net.Listener implementations by downstreams (#25855) 2023-07-24 07:18:17 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
hostmatcher
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
httplib Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
indexer Fix counting and filtering on the dashboard page for issues (#26657) 2023-08-23 02:29:17 +00:00
issue/template Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
json Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
log Reduce some allocations in type conversion (#26772) 2023-08-29 00:43:16 +08:00
markup Make user-content-* consistent with github (#26388) 2023-08-09 09:30:31 +00:00
mcaptcha
metrics Use a separate admin page to show global stats, remove actions stat (#25062) 2023-06-03 22:03:41 +08:00
migration Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
notification Move modules/mirror to services (#26737) 2023-08-27 10:24:45 +08:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Use docs.gitea.com instead of docs.gitea.io (#26739) 2023-08-27 11:59:12 +00:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof
private Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
process Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol
public Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974) 2023-07-21 12:14:20 +00:00
queue Calculate MAX_WORKERS default value by CPU number (#26177) 2023-07-27 16:40:35 +08:00
recaptcha
references Use correct captured group range when parsing cross-reference (#22672) 2023-01-31 10:08:05 +01:00
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository Fix bug for ctx usage (#26762) 2023-08-28 04:06:47 +00:00
secret Improve decryption failure message (#24573) 2023-05-07 19:29:43 +08:00
session Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
setting Fix some slice append usages (#26778) 2023-08-29 15:47:26 +00:00
sitemap
ssh restrict certificate type for builtin SSH server (#26789) 2023-09-01 13:45:22 +00:00
storage Use correct minio error (#26634) 2023-08-21 16:20:11 +00:00
structs refactor(API): refactor secret creation and update functionality (#26751) 2023-08-28 13:08:19 +08:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync
system Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
templates Render code blocks in repo description (#26830) 2023-08-31 05:01:01 +00:00
test Move web/api context related testing function into a separate package (#26859) 2023-09-01 11:26:07 +00:00
testlogger Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2023-05-03 19:53:43 -04:00
translation Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Detect ogg mime-type as audio or video (#26494) 2023-08-15 10:31:25 +08:00
updatechecker
upload
uri
user
util Handle base64 decoding correctly to avoid panic (#26483) 2023-08-14 10:30:16 +00:00
validation Check blocklist for emails when adding them to account (#26812) 2023-08-30 10:46:49 -05:00
web Update tool dependencies (#26607) 2023-08-20 22:59:19 +00:00
webhook New webhook trigger for receiving Pull Request review requests (#24481) 2023-05-24 22:06:27 -04:00