- cli: followed upstream
- version.rb: followed upstream, since we can use environment variables for the suffix now
- lib/paperclip: chose their spoof detector
- lib/sanitize: merged h1-h6 into supported elements, allowed translated attribute
- config/environments: follow upstream
- config/initializers: follow upstream
- config/application.rb: follow upstream
- config/locales: translations with %{title} prefix were replaced with hardcoded "Mastodon:" prefixes, should be fixed afterwards
it's inconsistent anyway right now
- config/settings: removed settings that were removed in upstream
- config/routes: followed upstream, due to API restructurings. Is there some hometown-specific API stuff that might be missing now?
- spec/: followed upstream, might have lost hometown-specific tests, but I haven't found any on a quick check
- .ruby-version, Gemfile, etc.: upstream
- .github/workflows: upstream
- about: followed upstream, therefore the static homepage is gone :/
- credentials: moved federation into the settings_attributes
- lists: follow upstream, `:is_exclusive` -> `:exclusive`
- statuses: keep local only
- account_statuses_filter: still hide local only posts for anonymous users
- activitypub/activity/create:
- keep activity_pub_type in params
- text: use hometown's way for determining the content
- spoiler: use hometown's mechanism
- feed_manager: use upstream exclusive list mechanism
- plain_text_formatter: use upstream way with html decoding, as I'm not sure whether we still have the Nokogiri library(?) available
problem: might remove tags that we want to keep?
- text_formatter: follow upstream
- account: use upstream MENTION_RE expression
- backup: follow upstream for permission validation
- list: follow upstream, is_exclusive -> exclusive !! WE MIGHT NEED A MIGRATION!
- status: moved set_locality hook to the others
- user: delegates for settings (federation, autoplay, etc.) were removed upstream, follow them
- webhook: follow upstream
- initial_state_serializer: keep max_toot_chars
- list_serializer: follow rename of is_exclusive -> exclusive
Use upstream version, since the translation API got upgraded to v2.
Use upstream version of vote_validator.
- admin/webhooks/_form: add group for template
- settings/preferences/appearance/show: add new input for 'expand_usernames'
check: missing translations, especially for hints
- settings/preferences/other/show: added input groups for no_rss and default_privacy
check: missing translations, especially for hints
- settigngs/profiles: upstream removed verification banner, follow them
Followed upstream changes.
Incorporated upstream changes and put the local_only check back in the correct place.
Ignored hometown changes, take upstream version.
- actions/lists: follow exclusive list naming
- components/column_back_button: follow upstream router refactoring
- components/column_header: follow upstream router refactoring
- components/hashtag: keep hometown behaviour, add href to links
- components/media_gallery: merge alt text indicator into upstream
- components/status: merge timestamp click -> original page
- components/status_action_bar: upstream removed the share button, follow them
- components/status_content:
- still make remote usernames => check: does the new href work?
- make translate button always visible like upstream
- keep hometown-specific changes for Articles and other posts
- features/header: keep header link
- features/account_gallery/components/media_item: keep link
- features/audio/index: keep no media description indicator, merge upstream styles
- features/compose/components/compose_form:
- merge max chars logic
- merge federation dropdown
- features/compose/components/navigation_bar: keep href to profile
- features/compose/components/poll_form: keep "is multiple" toggle
- features/compose/index: keep column header
- features/follow_requests/components/account_authorize: keep external link
- features/list_editor/components/edit_list_form: overwritten from upstream
- features/list_timeline/index: overwritten from upstream
- features/components/follow_request: keep external link
- features/components/notification: keep external link
- features/picture_in_picture/components/footer: keep external link
- features/status/components/detailed_status: keep external link
- features/ui/components/boost_modal: keep external link
- features/ui/index: merge upstream changes
- features/video/: keep no media description indicator
- containers/status_container: overwrite with upstream
- locales: best-effort merge, but I wouldn't trust it. should be normalized in some way.
This includes all changes made in
https://github.com/mastodon/mastodon/releases/tag/v4.0.7 and
https://github.com/mastodon/mastodon/releases/tag/v4.0.8 and therefore
requires:
⚠️ Restart of all Mastodon processes, especially the Streaming
API
There was a conflict during the merge inside the `streaming/index.js`,
which was related to the following snippet:
```js
// Only send local-only statuses to logged-in users
if (payload.local_only && !req.accountId) {
log.silly(req.requestId, `Message ${payload.id} filtered because it was local-only`);
return;
}
```
I've placed it at the same spot where it was previously, so everything
should work as before. ~~**However, I still need to test those changes,
which is what I'll be doing after submitting this PR as draft.**~~
Checked the changes against our instance, everything is working as
expected as logged-in user. Haven't checked the public timelines where
the above snippet would be relevant, as we are using `AUTHORIZED_FETCH`
and I would like to keep it enabled. ^^
If the base branch is not correct, feel free to change it.
Everything is already deployed on queer.group and working fine there.
---------
Co-authored-by: Michael Stanclift <mx@vmstan.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Co-authored-by: Renaud Chaput <renchap@gmail.com>
Co-authored-by: Daniel M Brasil <danielmbrasil@protonmail.com>
Co-authored-by: yufushiro <62991447+yufushiro@users.noreply.github.com>
Co-authored-by: Nicolai Søborg <NicolaiSoeborg@users.noreply.github.com>
It's already running on our instance (queer.group) and working fine.
Manually reviewed the changes, hadn't found anything that could break
hometown-specific code.
And to update our instance, I also just followed the [steps on the
release](https://github.com/mastodon/mastodon/releases/tag/v4.0.5) aka
`bundle install && yarn install` followed by a restart of all processes.
---------
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Daniel M Brasil <danielmbrasil@protonmail.com>
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Co-authored-by: Vyr Cossont <VyrCossont@users.noreply.github.com>
Co-authored-by: Renaud Chaput <renchap@gmail.com>
* Fix attachments getting processed despite failing content-type validation
* Add a restrictive ImageMagick security policy tailored for Mastodon
* Fix misdetection of MP3 files with large cover art
* Reject unprocessable audio/video files instead of keeping them unchanged
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.
Fixes#19235.
Video files with variable framerates are converted to constant framerate videos
and the output framerate picked by ffmpeg is based on the original file's
container framerate (which can be different from the average framerate).
This means that an input video with variable framerate with about 30 frames per
second on average, but a maximum of 120 fps will be converted to a constant 120
fps file, which won't be processed by other Mastodon servers.
This commit changes it so that input files with VFR and a maximum framerate
above the framerate threshold are converted to VFR files with the maximum frame
rate enforced.
Under certain conditions, files fetched from remotes trigger an error when
being uploaded using OpenStack Swift. This is because in some cases, the
remote server will not return a content-length, so our ResponseWithLimitAdapter
will hold a `nil` value for `#size`, which will lead to an invalid value
for the Content-Length header of the Swift API call.
This commit fixes that by taking the size from the actually-downloaded file
size rather than the upstream-provided Content-Length header value.
* Switch from unmaintained paperclip to kt-paperclip
* Drop some compatibility monkey-patches not required by kt-paperclip
* Drop media spoof check monkey-patching
It's broken with kt-paperclip and hopefully it won't be needed anymore
* Fix regression introduced by paperclip 6.1.0
* Do not rely on pathname to call FastImage
* Add test for ogg vorbis file with cover art
* Add audio/vorbis to the accepted content-types
This seems erroneous as this would be the content-type for a vorbis stream
without an ogg container, but that's what the `marcel` gem outputs, so…
* Restore missing for_as_default method
* Refactor Attachmentable concern and delay Paperclip's content-type spoof check
Check for content-type spoofing *after* setting the extension ourselves, this
fixes a regression with kt-paperclip's validations being more strict than
paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown
extensions.
* Please CodeClimate
* Add audio/vorbis to the unreliable set
It doesn't correspond to a file format and thus has no extension associated.
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0
Also improve the Terrapin monkey-patch for the stderr/stdout issue.
* Fix keyword argument handling throughout the codebase
* Monkey-patch Paperclip to fix keyword arguments handling in validators
* Change validation_extensions to please CodeClimate
* Bump microformats from 4.2.1 to 4.3.1
* Allow Ruby 3.0
* Add Ruby 3.0 test target to CircleCI
* Add test for admin dashboard warnings
* Fix admin dashboard warnings on Ruby 3.0
* Fix media processing getting stuck on too much stdin/stderr
See thoughtbot/terrapin#5
* Remove dependency on paperclip-av-transcoder gem
* Remove dependency on streamio-ffmpeg gem
* Disable stdin on ffmpeg process
* Added .deepsource.toml
* Removed bad use of `alias`
* Fixed operand order in the binary expression
* Prefixed unused method arguments with an underscore
* Replaced the old OpenSSL algorithmic constants with the newer strings initializers.
* Removed unnecessary UTF-8 encoding comment
* disable NewCops
* update TargetRubyVersion
* Fix Lint/MissingSuper for ActiveModelSerializers::Model
* Fix Lint/MissingSuper for feed
* Fix Lint/FloatComparison
* Do not use instance variables
* Fix contrast calculation for thumbnail color extraction
Luminance calculation was using 0-255 RGB values instead of 0-1 sRGB values,
leading to incorrectly-computed contrast values.
Since we use ColorDiff already, just use its XYZ colorspace conversion code
to get the value.
* Require at least 3:1 contrast for both accent and foreground colors
* Lower required contrast for the accent color
* Change content-type to be always computed from file data
Restore previous behavior, detecting the content-type isn't very
expensive, and some instances may serve files as application/octet-stream
regardless of their true type, making fetching media from them fail, while
it used to work pre-3.2.0.
* Add test
- Change audio files to not be stripped of metadata
- Automatically extract cover art from audio if it exists
- Add `thumbnail` parameter to `POST /api/v1/media`, `POST /api/v2/media` and `PUT /api/v1/media/:id`
- Add `icon` to represent it in attachments in ActivityPub
- Fix `preview_url` containing URL of missing missing image when there is no thumbnail instead of null
- Fix duration of audio not being displayed on public pages until the file is loaded