Files @ 9b74296e6af6
Branch filter:

Location: kallithea/scripts/make-release

9b74296e6af6 2.0 KiB text/plain Show Annotation Show as Raw Download as Raw
Søren Løvborg
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)

Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).

This commit blocks such GET request, preventing CSRF attacks.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/bash
set -e
set -x

echo "Checking tools needed for uploading stuff"
pip freeze | grep '^Sphinx==' || pip install Sphinx
pip freeze | grep '^Sphinx-PyPI-upload==' || pip install Sphinx-PyPI-upload

echo "Verifying everything can build"
hg purge --all dist
python2 setup.py build_sphinx
python2 setup.py compile_catalog # TODO: check for errors
python2 setup.py sdist

echo "Verifying VERSION from kallithea/__init__.py"
namerel=$(cd dist && echo Kallithea-*.tar.gz)
namerel=${namerel%.tar.gz}
version=${namerel#Kallithea-}
echo "Releasing Kallithea $version in directory $namerel"
echo "Verifying current revision is tagged for $version"
hg log -r "'$version'&." | grep .

echo "Cleaning before making release build"
hg up -c .
hg revert -a -r null
hg up -C "'$version'&."
hg purge --all

echo "Building dist file"
python2 setup.py compile_catalog
python2 setup.py sdist

echo "Verifying dist file content"
tar tf dist/Kallithea-*.tar.gz | sed "s|^$namerel/||" | LANG=C sort > scripts/manifest
hg diff
hg up -c . # fail if manifest changed

echo "Now, make sure"
echo "* the copyright and contributor lists have been updated"
echo "* all tests are passing"
echo "* release note is ready"
echo "* announcement is ready"
echo "* source has been pushed to https://kallithea-scm.org/repos/kallithea"
echo

echo -n "Enter \"pypi\" to upload Kallithea $version to pypi: "
read answer
[ "$answer" = "pypi" ]
extraargs=${EMAIL:+--identity=$EMAIL}
python2 setup.py sdist upload --sign $extraargs
xdg-open https://pypi.python.org/pypi/Kallithea

echo "Uploading docs to pypi"
# See https://wiki.python.org/moin/PyPiDocumentationHosting
python2 setup.py build_sphinx upload_sphinx
xdg-open https://pythonhosted.org/Kallithea/
xdg-open http://packages.python.org/Kallithea/installation.html

echo "Rebuilding readthedocs for docs.kallithea-scm.org"
xdg-open https://readthedocs.org/projects/kallithea/
curl -X POST http://readthedocs.org/build/kallithea
xdg-open https://readthedocs.org/builds/kallithea/
xdg-open http://docs.kallithea-scm.org/en/latest/ # or whatever the branch is
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.