From d6010e33a2950988d3db0954e1aa02e6dec581ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment?= Date: Sat, 9 May 2020 21:57:42 +0200 Subject: [PATCH 1/3] update to 2.0.16 --- README.md | 2 +- README_fr.md | 2 +- conf/amd64.src | 4 ++-- conf/arm.src | 4 ++-- conf/arm64.src | 4 ++-- manifest.json | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 06ed820..9ced921 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview Gotify is a simple server for sending and receiving messages in real-time per web socket. (Includes a sleek web-ui) -**Shipped version:** 2.0.14 +**Shipped version:** 2.0.16 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 3f16f61..b065992 100644 --- a/README_fr.md +++ b/README_fr.md @@ -12,7 +12,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble Gotify est un simple serveur permettant d'envoyer et de recevoir des messages via websocket. -**Version incluse:** 2.0.14 +**Version incluse:** 2.0.16 ## Captures d'écran diff --git a/conf/amd64.src b/conf/amd64.src index 391a6c1..73ab6f4 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gotify/server/releases/download/v2.0.14/gotify-linux-amd64.zip -SOURCE_SUM=edf1650467ab20ddd827c824171e80d9c2f010eacedc9dfae0b967e981e78854 +SOURCE_URL=https://github.com/gotify/server/releases/download/v2.0.16/gotify-linux-amd64.zip +SOURCE_SUM=c0919fa83fadf6ffee12b14dd94c0662bff69e83c11f51f9f1228ac374f91bf0 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=false diff --git a/conf/arm.src b/conf/arm.src index 43c2c0d..5f00e53 100644 --- a/conf/arm.src +++ b/conf/arm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gotify/server/releases/download/v2.0.14/gotify-linux-arm-7.zip -SOURCE_SUM=d591e241e65629b13968bbbfca1ba58f4fc114c192c2b8d864d88c075e4dcfd2 +SOURCE_URL=https://github.com/gotify/server/releases/download/v2.0.16/gotify-linux-arm-7.zip +SOURCE_SUM=c0919fa83fadf6ffee12b14dd94c0662bff69e83c11f51f9f1228ac374f91bf0 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=false diff --git a/conf/arm64.src b/conf/arm64.src index f9d0495..08e4d36 100644 --- a/conf/arm64.src +++ b/conf/arm64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gotify/server/releases/download/v2.0.14/gotify-linux-arm64.zip -SOURCE_SUM=f29d0b504bcbbacc0d9bf2af9030c6a3c72fa5f21ec811236bcaa24abcfe5b5e +SOURCE_URL=https://github.com/gotify/server/releases/download/v2.0.16/gotify-linux-arm64.zip +SOURCE_SUM=27705235268d275baeb9fe024f6d9f3ee7faf91ee3f8d745f85728a30d307d39 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=false diff --git a/manifest.json b/manifest.json index 263d4e7..26cda94 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A simple server for sending and receiving messages.", "fr": "Un simple serveur pour envoyer et recevoir des messages." }, - "version": "2.0.14~ynh1", + "version": "2.0.16~ynh1", "url": "http://gotify.net", "license": "MIT", "maintainer": { From d41c46910ae3ebb0bb41f3834cc7082b947af601 Mon Sep 17 00:00:00 2001 From: gougeon-s <31284753+gougeon-s@users.noreply.github.com> Date: Sun, 31 May 2020 23:38:48 +0200 Subject: [PATCH 2/3] file perms (o-rx) + warn about plaintext passwd The files, config file included, were world readable. The admin password is in plain text in the config file. It is used by gotify at the first session. It should be changed after the first login --- scripts/install | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index fa3c8dd..eab084b 100755 --- a/scripts/install +++ b/scripts/install @@ -139,7 +139,10 @@ ynh_store_file_checksum "$final_path/config.yml" # Set permissions to app files chown -R root: $final_path mkdir $final_path/data +chown -R root:$app $final_path/* +chmod -R 550 $final_path/* chown $app $final_path/data +chmod 770 $final_path/data #================================================= # ADVERTISE SERVICE IN ADMIN PANEL @@ -163,4 +166,5 @@ ynh_script_progression --message="Reloading nginx web server..." --weight=1 systemctl reload nginx systemctl start $app -ynh_script_progression --message="Installation of $app completed" --last \ No newline at end of file +ynh_script_progression --message="Installation of $app completed" --last +ynh_print_warn "Change the admin password after the first login or delete it in the config file (stored in plain text)" From 38234c27578bb2d2331776f71a94a7d7e54fa764 Mon Sep 17 00:00:00 2001 From: gougeon-s <31284753+gougeon-s@users.noreply.github.com> Date: Sun, 31 May 2020 23:40:54 +0200 Subject: [PATCH 3/3] work factor for Bcrypt to 12 OWASP recommendation --- conf/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.yml b/conf/config.yml index cdcc99c..70520cd 100644 --- a/conf/config.yml +++ b/conf/config.yml @@ -21,6 +21,6 @@ database: # for database see (configure database section) defaultuser: # on database creation, gotify creates an admin user name: __ADMINUSER__ # the username of the default user pass: __ADMINPASS__ # the password of the default user -passstrength: 10 # the bcrypt password strength (higher = better but also slower) +passstrength: 12 # the bcrypt password strength (higher = better but also slower) uploadedimagesdir: data/images # the directory for storing uploaded images pluginsdir: data/plugins # the directory where plugin resides