From 7b63c5469ef0106aebe4151640832378e6d31067 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Fri, 28 Feb 2020 13:49:45 +0100
Subject: [PATCH 1/4] Fix announcements with fully-qualified mention to local
 user crashing WebUI (#13164)

---
 app/models/account.rb | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/models/account.rb b/app/models/account.rb
index 0eb719d65..778429b0d 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -478,7 +478,16 @@ class Account < ApplicationRecord
     def from_text(text)
       return [] if text.blank?
 
-      text.scan(MENTION_RE).map { |match| match.first.split('@', 2) }.uniq.map { |(username, domain)| EntityCache.instance.mention(username, domain) }
+      text.scan(MENTION_RE).map { |match| match.first.split('@', 2) }.uniq.map do |(username, domain)|
+        domain = begin
+          if TagManager.instance.local_domain?(domain)
+            nil
+          else
+            TagManager.instance.normalize_domain(domain)
+          end
+        end
+        EntityCache.instance.mention(username, domain)
+      end.compact
     end
 
     private

From 047fde18c3d20dcd74b14613a648a03b573f802d Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Sat, 29 Feb 2020 02:57:14 +0100
Subject: [PATCH 2/4] [Security] Bump puma from 4.3.1 to 4.3.2 (#13167)

Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2. **This update includes a security fix.**
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 788785ef1..7289e1445 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -435,7 +435,7 @@ GEM
     pry-rails (0.3.9)
       pry (>= 0.10.4)
     public_suffix (4.0.3)
-    puma (4.3.1)
+    puma (4.3.2)
       nio4r (~> 2.0)
     pundit (2.1.0)
       activesupport (>= 3.0.0)

From ce17cea2210f9ce9dcbaf68074c07633df61bb6f Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sat, 29 Feb 2020 03:00:43 +0100
Subject: [PATCH 3/4] Fix installation failing when Redis password contains
 special characters (#13156)

* Add support for special characters in Redis passwords

Fixes #13154

* Refactor
---
 lib/mastodon/redis_config.rb |  4 +++-
 lib/tasks/mastodon.rake      | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/lib/mastodon/redis_config.rb b/lib/mastodon/redis_config.rb
index f11d94a45..e9db9122f 100644
--- a/lib/mastodon/redis_config.rb
+++ b/lib/mastodon/redis_config.rb
@@ -14,7 +14,9 @@ def setup_redis_env_url(prefix = nil, defaults = true)
   ENV[prefix + 'REDIS_URL'] = if [password, host, port, db].all?(&:nil?)
                                 ENV['REDIS_URL']
                               else
-                                "redis://#{password.blank? ? '' : ":#{password}@"}#{host}:#{port}/#{db}"
+                                Addressable::URI.parse("redis://#{host}:#{port}/#{db}").tap do |uri|
+                                  uri.password = password if password.present?
+                                end.normalize.to_str
                               end
 end
 
diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake
index 2e92e8ded..a873335d4 100644
--- a/lib/tasks/mastodon.rake
+++ b/lib/tasks/mastodon.rake
@@ -336,7 +336,20 @@ namespace :mastodon do
       if prompt.yes?('Save configuration?')
         cmd = TTY::Command.new(printer: :quiet)
 
-        File.write(Rails.root.join('.env.production'), "# Generated with mastodon:setup on #{Time.now.utc}\n\n" + env.each_pair.map { |key, value| "#{key}=#{value}" }.join("\n") + "\n")
+        env_contents = env.each_pair.map do |key, value|
+          if value.is_a?(String) && value =~ /[\s\#\\"]/
+            if value =~ /[']/
+              value = value.to_s.gsub(/[\\"\$]/) { |x| "\\#{x}" }
+              "#{key}=\"#{value}\""
+            else
+              "#{key}='#{value}'"
+            end
+          else
+            "#{key}=#{value}"
+          end
+        end.join("\n")
+
+        File.write(Rails.root.join('.env.production'), "# Generated with mastodon:setup on #{Time.now.utc}\n\n" + env_contents + "\n")
 
         if using_docker
           prompt.ok 'Below is your configuration, save it to an .env.production file outside Docker:'

From 5393b187c4601966f9be23490dfb1e54f3f3e725 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sat, 29 Feb 2020 03:05:02 +0100
Subject: [PATCH 4/4] Fix elasticsearch-api and faraday incompatibilities
 (#13166)

---
 Gemfile.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 7289e1445..59ab2ba7c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -202,14 +202,14 @@ GEM
       dotenv (= 2.7.5)
       railties (>= 3.2, < 6.1)
     e2mmap (0.1.0)
-    elasticsearch (7.3.0)
-      elasticsearch-api (= 7.3.0)
-      elasticsearch-transport (= 7.3.0)
-    elasticsearch-api (7.3.0)
+    elasticsearch (7.5.0)
+      elasticsearch-api (= 7.5.0)
+      elasticsearch-transport (= 7.5.0)
+    elasticsearch-api (7.5.0)
       multi_json
     elasticsearch-dsl (0.1.8)
-    elasticsearch-transport (7.3.0)
-      faraday
+    elasticsearch-transport (7.5.0)
+      faraday (>= 0.14, < 1)
       multi_json
     encryptor (3.0.0)
     equatable (0.6.1)
@@ -220,7 +220,7 @@ GEM
     fabrication (2.21.0)
     faker (2.10.1)
       i18n (>= 1.6, < 2)
-    faraday (1.0.0)
+    faraday (0.17.3)
       multipart-post (>= 1.2, < 3)
     fast_blank (1.0.0)
     fastimage (2.1.7)