From ddd69d35807ef0ea668f572a4b032c529b3ff6ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A9rard=20Collin?= Date: Wed, 1 Mar 2023 17:34:54 +0100 Subject: [PATCH 1/3] Fix upgrade of old stuff and security of chrome --- conf/systemd.service | 3 ++- scripts/upgrade | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index b26c0df..f2c1d98 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -32,7 +32,8 @@ ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged +# We need to allow priviledged to enable chromium access to gpu +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/scripts/upgrade b/scripts/upgrade index 14e7d60..2d95ecb 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -104,7 +104,11 @@ complete_install=false # Check if we need to clean up old bad installs if [ -f "$final_path/package.json" ]; then complete_install=true - ynh_secure_remove --file="$final_path/*" + ynh_secure_remove --file="$final_path" + mkdir "$final_path" + chmod 750 "$final_path" + chmod -R o-rwx "$final_path" + chown -R $app:$app "$final_path" fi #================================================= From 591dc74ed5d4930d5cdde8e6c64f288cdff4206c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A9rard=20Collin?= Date: Wed, 1 Mar 2023 17:39:08 +0100 Subject: [PATCH 2/3] Upgrade version 1.1.6 --- conf/amd64.src | 4 ++-- manifest.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/amd64.src b/conf/amd64.src index f9c125c..843e833 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.4/cookie-aware-cors-proxy.tgz -SOURCE_SUM=c56ca989233d4d2f3a2304ec96d979445f97232c8be63d5910d819af66f83ab9 +SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.6/cookie-aware-cors-proxy.tgz +SOURCE_SUM=110dd1dc2014dcc6c9d05ff947aa365f4ee960bf93ec7b9abf965ad892e2b2d5 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 02f8680..9af40ac 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "An advanced https proxy allowing you to call other websites from your own web application.", "fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web." }, - "version": "1.0~ynh2", + "version": "1.1.6~ynh3", "url": "https://github.com/gcollin/cookie-aware-cors-proxy", "upstream": { "license": "MIT", From f480289cdf568e259cd55daa01e7804e67600e93 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 1 Mar 2023 16:39:31 +0000 Subject: [PATCH 3/3] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f2079dc..ec256b0 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo - Two engines: a lightweight and one based on chrome to support websites running javascript -**Shipped version:** 1.0~ynh2 +**Shipped version:** 1.1.6~ynh3 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 29aa749..f36869d 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo - Two engines: a lightweight and one based on chrome to support websites running javascript -**Version incluse :** 1.0~ynh2 +**Version incluse :** 1.1.6~ynh3 ## Captures d’écran