From e0aa9b686726c6f805c048566cccfbfbdb68d315 Mon Sep 17 00:00:00 2001
From: yunohost-bot <yunohost-bot@users.noreply.github.com>
Date: Sat, 21 May 2022 06:23:45 +0000
Subject: [PATCH 1/3] Upgrade to v4.48.0

---
 conf/admin.src | 4 ++--
 manifest.json  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/conf/admin.src b/conf/admin.src
index 1e0d5cf..5fd7a98 100644
--- a/conf/admin.src
+++ b/conf/admin.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/TryGhost/Admin/archive/refs/tags/v4.47.2.zip
-SOURCE_SUM=7a1a35463c3d332e73126ddfd76b285620bf009668ba0bc89e69ad2354fdf0d7
+SOURCE_URL=https://github.com/TryGhost/Admin/archive/refs/tags/v4.48.0.zip
+SOURCE_SUM=54e8bf3f07dfbc227274cb5e465051a83823110b84270d2a182cce65eccac989
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=zip
 SOURCE_IN_SUBDIR=false
diff --git a/manifest.json b/manifest.json
index 67d5894..336108e 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Publishing, memberships, subscriptions and newsletters platform",
         "fr": "Plateforme d'édition, d'adhésions, d'abonnements et de newsletters"
     },
-    "version": "4.47.2~ynh1",
+    "version": "4.48.0~ynh1",
     "url": "https://ghost.org/",
     "upstream": {
         "license": "MIT",

From b218b42282767c28753d37738feee2c29098f63a Mon Sep 17 00:00:00 2001
From: yunohost-bot <yunohost@yunohost.org>
Date: Sat, 21 May 2022 06:23:51 +0000
Subject: [PATCH 2/3] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index fb75a4f..91a9e85 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 Publishing, memberships, subscriptions and newsletters platform
 
-**Shipped version:** 4.47.2~ynh1
+**Shipped version:** 4.48.0~ynh1
 
 
 
diff --git a/README_fr.md b/README_fr.md
index e227a03..0bbf699 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 
 Plateforme d'édition, d'adhésions, d'abonnements et de newsletters
 
-**Version incluse :** 4.47.2~ynh1
+**Version incluse :** 4.48.0~ynh1
 
 
 

From be258a41f367f7bb23571238c45132dca3c7a552 Mon Sep 17 00:00:00 2001
From: Bruno Pagani <bruno.n.pagani@gmail.com>
Date: Sat, 21 May 2022 13:37:45 +0000
Subject: [PATCH 3/3] Reenable RestrictAddressFamilies safety setting

The addition of AF_NETLINK should be enough for it to work, without allowing the dozen of other families.
---
 conf/systemd.service | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/conf/systemd.service b/conf/systemd.service
index 442545c..38c6c70 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -17,8 +17,7 @@ Restart=always
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
-#RestrictAddressFamilies disabled, prevents any write access on the app
-#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed