From 7b63c5469ef0106aebe4151640832378e6d31067 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Fri, 28 Feb 2020 13:49:45 +0100
Subject: [PATCH 1/4] Fix announcements with fully-qualified mention to local
user crashing WebUI (#13164)
---
app/models/account.rb | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/app/models/account.rb b/app/models/account.rb
index 0eb719d652a..778429b0d8c 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -478,7 +478,16 @@ class Account < ApplicationRecord
def from_text(text)
return [] if text.blank?
- text.scan(MENTION_RE).map { |match| match.first.split('@', 2) }.uniq.map { |(username, domain)| EntityCache.instance.mention(username, domain) }
+ text.scan(MENTION_RE).map { |match| match.first.split('@', 2) }.uniq.map do |(username, domain)|
+ domain = begin
+ if TagManager.instance.local_domain?(domain)
+ nil
+ else
+ TagManager.instance.normalize_domain(domain)
+ end
+ end
+ EntityCache.instance.mention(username, domain)
+ end.compact
end
private
From 047fde18c3d20dcd74b14613a648a03b573f802d Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
<27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Sat, 29 Feb 2020 02:57:14 +0100
Subject: [PATCH 2/4] [Security] Bump puma from 4.3.1 to 4.3.2 (#13167)
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
Gemfile.lock | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Gemfile.lock b/Gemfile.lock
index 788785ef1a0..7289e144500 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -435,7 +435,7 @@ GEM
pry-rails (0.3.9)
pry (>= 0.10.4)
public_suffix (4.0.3)
- puma (4.3.1)
+ puma (4.3.2)
nio4r (~> 2.0)
pundit (2.1.0)
activesupport (>= 3.0.0)
From ce17cea2210f9ce9dcbaf68074c07633df61bb6f Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sat, 29 Feb 2020 03:00:43 +0100
Subject: [PATCH 3/4] Fix installation failing when Redis password contains
special characters (#13156)
* Add support for special characters in Redis passwords
Fixes #13154
* Refactor
---
lib/mastodon/redis_config.rb | 4 +++-
lib/tasks/mastodon.rake | 15 ++++++++++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/lib/mastodon/redis_config.rb b/lib/mastodon/redis_config.rb
index f11d94a45e8..e9db9122fab 100644
--- a/lib/mastodon/redis_config.rb
+++ b/lib/mastodon/redis_config.rb
@@ -14,7 +14,9 @@ def setup_redis_env_url(prefix = nil, defaults = true)
ENV[prefix + 'REDIS_URL'] = if [password, host, port, db].all?(&:nil?)
ENV['REDIS_URL']
else
- "redis://#{password.blank? ? '' : ":#{password}@"}#{host}:#{port}/#{db}"
+ Addressable::URI.parse("redis://#{host}:#{port}/#{db}").tap do |uri|
+ uri.password = password if password.present?
+ end.normalize.to_str
end
end
diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake
index 2e92e8dedbe..a873335d405 100644
--- a/lib/tasks/mastodon.rake
+++ b/lib/tasks/mastodon.rake
@@ -336,7 +336,20 @@ namespace :mastodon do
if prompt.yes?('Save configuration?')
cmd = TTY::Command.new(printer: :quiet)
- File.write(Rails.root.join('.env.production'), "# Generated with mastodon:setup on #{Time.now.utc}\n\n" + env.each_pair.map { |key, value| "#{key}=#{value}" }.join("\n") + "\n")
+ env_contents = env.each_pair.map do |key, value|
+ if value.is_a?(String) && value =~ /[\s\#\\"]/
+ if value =~ /[']/
+ value = value.to_s.gsub(/[\\"\$]/) { |x| "\\#{x}" }
+ "#{key}=\"#{value}\""
+ else
+ "#{key}='#{value}'"
+ end
+ else
+ "#{key}=#{value}"
+ end
+ end.join("\n")
+
+ File.write(Rails.root.join('.env.production'), "# Generated with mastodon:setup on #{Time.now.utc}\n\n" + env_contents + "\n")
if using_docker
prompt.ok 'Below is your configuration, save it to an .env.production file outside Docker:'
From 5393b187c4601966f9be23490dfb1e54f3f3e725 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sat, 29 Feb 2020 03:05:02 +0100
Subject: [PATCH 4/4] Fix elasticsearch-api and faraday incompatibilities
(#13166)
---
Gemfile.lock | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/Gemfile.lock b/Gemfile.lock
index 7289e144500..59ab2ba7cd3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -202,14 +202,14 @@ GEM
dotenv (= 2.7.5)
railties (>= 3.2, < 6.1)
e2mmap (0.1.0)
- elasticsearch (7.3.0)
- elasticsearch-api (= 7.3.0)
- elasticsearch-transport (= 7.3.0)
- elasticsearch-api (7.3.0)
+ elasticsearch (7.5.0)
+ elasticsearch-api (= 7.5.0)
+ elasticsearch-transport (= 7.5.0)
+ elasticsearch-api (7.5.0)
multi_json
elasticsearch-dsl (0.1.8)
- elasticsearch-transport (7.3.0)
- faraday
+ elasticsearch-transport (7.5.0)
+ faraday (>= 0.14, < 1)
multi_json
encryptor (3.0.0)
equatable (0.6.1)
@@ -220,7 +220,7 @@ GEM
fabrication (2.21.0)
faker (2.10.1)
i18n (>= 1.6, < 2)
- faraday (1.0.0)
+ faraday (0.17.3)
multipart-post (>= 1.2, < 3)
fast_blank (1.0.0)
fastimage (2.1.7)