Merge pull request #2123 from kedamaDQ/foresdon-v4.1.7

Foresdon v4.1.7
kedamaDQ · Sep 9, 2023 · 03df890 · 03df890
2 parents 6558163 + 7a9115f
commit 03df890
Show file tree

Hide file tree

Showing 16 changed files with 252 additions and 109 deletions.
diff --git a/.github/workflows/build-container-image.yml b/.github/workflows/build-container-image.yml
@@ -0,0 +1,89 @@
+on:
+ workflow_call:
+ inputs:
+ platforms:
+ required: true
+ type: string
+ use_native_arm64_builder:
+ type: boolean
+ push_to_images:
+ type: string
+ flavor:
+ type: string
+ tags:
+ type: string
+ labels:
+ type: string
+
+jobs:
+ build-image:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - uses: docker/setup-qemu-action@v2
+ if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder
+
+ - uses: docker/setup-buildx-action@v2
+ id: buildx
+ if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }}
+
+ - name: Start a local Docker Builder
+ if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
+ run: |
+ docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234
+
+ - uses: docker/setup-buildx-action@v2
+ id: buildx-native
+ if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
+ with:
+ driver: remote
+ endpoint: tcp://localhost:1234
+ platforms: linux/amd64
+ append: |
+ - endpoint: tcp://${{ vars.DOCKER_BUILDER_HETZNER_ARM64_01_HOST }}:13865
+ platforms: linux/arm64
+ name: mastodon-docker-builder-arm64-01
+ driver-opts:
+ - servername=mastodon-docker-builder-arm64-01
+ env:
+ BUILDER_NODE_1_AUTH_TLS_CACERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CACERT }}
+ BUILDER_NODE_1_AUTH_TLS_CERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CERT }}
+ BUILDER_NODE_1_AUTH_TLS_KEY: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_KEY }}
+
+ - name: Log in to Docker Hub
+ if: contains(inputs.push_to_images, 'tootsuite')
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Log in to the Github Container registry
+ if: contains(inputs.push_to_images, 'ghcr.io')
+ uses: docker/login-action@v2
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - uses: docker/metadata-action@v4
+ id: meta
+ if: ${{ inputs.push_to_images != '' }}
+ with:
+ images: ${{ inputs.push_to_images }}
+ flavor: ${{ inputs.flavor }}
+ tags: ${{ inputs.tags }}
+ labels: ${{ inputs.labels }}
+
+ - uses: docker/build-push-action@v4
+ with:
+ context: .
+ platforms: ${{ inputs.platforms }}
+ provenance: false
+ builder: ${{ steps.buildx.outputs.name || steps.buildx-native.outputs.name }}
+ push: ${{ inputs.push_to_images != '' }}
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
diff --git a/.github/workflows/build-releases.yml b/.github/workflows/build-releases.yml
@@ -0,0 +1,27 @@
+name: Build container release images
+on:
+ push:
+ tags:
+ - '*'
+
+permissions:
+ contents: read
+ packages: write
+
+jobs:
+ build-image:
+ uses: ./.github/workflows/build-container-image.yml
+ with:
+ platforms: linux/amd64,linux/arm64
+ use_native_arm64_builder: true
+ push_to_images: |
+ tootsuite/mastodon
+ ghcr.io/mastodon/mastodon
+ # Only tag with latest when ran against the latest stable branch
+ # This needs to be updated after each minor version release
+ flavor: |
+ latest=${{ startsWith(github.ref, 'refs/tags/v4.1.') }}
+ tags: |
+ type=pep440,pattern={{raw}}
+ type=pep440,pattern=v{{major}}.{{minor}}
+ secrets: inherit
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,18 @@ Changelog
 
 All notable changes to this project will be documented in this file.
 
+## [4.1.7] - 2023-09-05
+
+### Changed
+
+- Change remote report processing to accept reports with long comments, but truncate them ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/25028))
+
+### Fixed
+
+- **Fix blocking subdomains of an already-blocked domain** ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26392))
+- Fix `/api/v1/timelines/tag/:hashtag` allowing for unauthenticated access when public preview is disabled ([danielmbrasil](https://github.com/mastodon/mastodon/pull/26237))
+- Fix inefficiencies in `PlainTextFormatter` ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/26727))
+
 ## [4.1.6] - 2023-07-31
 
 ### Fixed

diff --git a/app/controllers/admin/domain_blocks_controller.rb b/app/controllers/admin/domain_blocks_controller.rb
@@ -37,7 +37,7 @@ def create
  @domain_block.errors.delete(:domain)
  render :new
  else
- if existing_domain_block.present?
+ if existing_domain_block.present? && existing_domain_block.domain == TagManager.instance.normalize_domain(@domain_block.domain.strip)
  @domain_block = existing_domain_block
  @domain_block.update(resource_params)
  end

diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Timelines::TagController < Api::BaseController
+ before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, only: :show, if: :require_auth?
  before_action :load_tag
  after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
 
@@ -11,6 +12,10 @@ def show
 
  private
 
+ def require_auth?
+ !Setting.timeline_preview
+ end
+
  def load_tag
  @tag = Tag.find_normalized(params[:id])
  end

diff --git a/app/lib/activitypub/activity/flag.rb b/app/lib/activitypub/activity/flag.rb
@@ -16,7 +16,7 @@ def perform
  @account,
  target_account,
  status_ids: target_statuses.nil? ? [] : target_statuses.map(&:id),
- comment: @json['content'] || '',
+ comment: report_comment,
  uri: report_uri
  )
  end
@@ -35,4 +35,8 @@ def object_uris
  def report_uri
  @json['id'] unless @json['id'].nil? || invalid_origin?(@json['id'])
  end
+
+ def report_comment
+ (@json['content'] || '')[0...5000]
+ end
 end
diff --git a/app/lib/activitypub/tag_manager.rb b/app/lib/activitypub/tag_manager.rb
@@ -27,6 +27,8 @@ def url_for(target)
  when :note, :comment, :activity
  return activity_account_status_url(target.account, target) if target.reblog?
  short_account_status_url(target.account, target)
+ when :flag
+ target.uri
  end
  end
 
@@ -41,6 +43,8 @@ def uri_for(target)
  account_status_url(target.account, target)
  when :emoji
  emoji_url(target)
+ when :flag
+ target.uri
  end
  end
 

diff --git a/app/lib/plain_text_formatter.rb b/app/lib/plain_text_formatter.rb
@@ -1,9 +1,7 @@
 # frozen_string_literal: true
 
 class PlainTextFormatter
- include ActionView::Helpers::TextHelper
-
- NEWLINE_TAGS_RE = /(<br \/>|<br>|<\/p>)+/.freeze
+ NEWLINE_TAGS_RE = %r{(<br />|<br>|</p>)+}
 
  attr_reader :text, :local
 
@@ -18,7 +16,10 @@ def to_s
  if local?
  text
  else
- html_entities.decode(strip_tags(insert_newlines)).chomp
+ node = Nokogiri::HTML.fragment(insert_newlines)
+ # Elements that are entirely removed with our Sanitize config
+ node.xpath('.//iframe|.//math|.//noembed|.//noframes|.//noscript|.//plaintext|.//script|.//style|.//svg|.//xmp').remove
+ node.text.chomp
  end
  end
 
@@ -27,8 +28,4 @@ def to_s
  def insert_newlines
  text.gsub(NEWLINE_TAGS_RE) { |match| "#{match}\n" }
  end
-
- def html_entities
- HTMLEntities.new
- end
 end
diff --git a/app/models/report.rb b/app/models/report.rb
@@ -39,7 +39,10 @@ class Report < ApplicationRecord
  scope :resolved, -> { where.not(action_taken_at: nil) }
  scope :with_accounts, -> { includes([:account, :target_account, :action_taken_by_account, :assigned_account].index_with({ user: [:invite_request, :invite] })) }
 
- validates :comment, length: { maximum: 1_000 }
+ # A report is considered local if the reporter is local
+ delegate :local?, to: :account
+
+ validates :comment, length: { maximum: 1_000 }, if: :local?
  validates :rule_ids, absence: true, unless: :violation?
 
  validate :validate_rule_ids
@@ -50,10 +53,6 @@ class Report < ApplicationRecord
  violation: 2_000,
  }
 
- def local?
- false # Force uri_for to use uri attribute
- end
-
  before_validation :set_uri, only: :create
 
  after_create_commit :trigger_webhooks

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -56,7 +56,7 @@ services:
 
  web:
  build: .
- image: ghcr.io/mastodon/mastodon:v4.1.6
+ image: ghcr.io/mastodon/mastodon:v4.1.7
  restart: always
  env_file: .env.production
  command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
@@ -77,7 +77,7 @@ services:
 
  streaming:
  build: .
- image: ghcr.io/mastodon/mastodon:v4.1.6
+ image: ghcr.io/mastodon/mastodon:v4.1.7
  restart: always
  env_file: .env.production
  command: node ./streaming
@@ -95,7 +95,7 @@ services:
 
  sidekiq:
  build: .
- image: ghcr.io/mastodon/mastodon:v4.1.6
+ image: ghcr.io/mastodon/mastodon:v4.1.7
  restart: always
  env_file: .env.production
  command: bundle exec sidekiq

diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb
@@ -13,7 +13,7 @@ def minor
  end
 
  def patch
- 6
+ 7
  end
 
  def flags