-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Local storage should not store files as executable #22162
Merged
lunny
merged 1 commit into
go-gitea:main
from
zeripath:fix-22161-no-storage-these-things-should-not-be-executable
Dec 19, 2022
Merged
Local storage should not store files as executable #22162
lunny
merged 1 commit into
go-gitea:main
from
zeripath:fix-22161-no-storage-these-things-should-not-be-executable
Dec 19, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The PR go-gitea#21198 introduced a probable security vulnerability which resulted in making all storage files be marked as executable. This PR ensures that these are forcibly marked as non-executable. Fix go-gitea#22161 Signed-off-by: Andrew Thornton <[email protected]>
zeripath
added
type/bug
issue/regression
Indicates a previously functioning feature or behavior that has broken or regressed after a change
outdated/backport/v1.18
This PR should be backported to Gitea 1.18
labels
Dec 18, 2022
zeripath
added a commit
to zeripath/gitea
that referenced
this pull request
Dec 18, 2022
Backport go-gitea#22162 The PR go-gitea#21198 introduced a probable security vulnerability which resulted in making all storage files be marked as executable. This PR ensures that these are forcibly marked as non-executable. Fix go-gitea#22161 Signed-off-by: Andrew Thornton <[email protected]>
GiteaBot
added
the
lgtm/need 2
This PR needs two approvals by maintainers to be considered for merging.
label
Dec 18, 2022
This PR fixed my problem. Thanks. |
KN4CK3R
approved these changes
Dec 18, 2022
GiteaBot
added
lgtm/need 1
This PR needs approval from one additional maintainer to be merged.
and removed
lgtm/need 2
This PR needs two approvals by maintainers to be considered for merging.
labels
Dec 18, 2022
lafriks
pushed a commit
that referenced
this pull request
Dec 18, 2022
Backport #22162 The PR #21198 introduced a probable security vulnerability which resulted in making all storage files be marked as executable. This PR ensures that these are forcibly marked as non-executable. Fix #22161 Signed-off-by: Andrew Thornton <[email protected]> Signed-off-by: Andrew Thornton <[email protected]>
lunny
approved these changes
Dec 19, 2022
GiteaBot
added
lgtm/done
This PR has enough approvals to get merged. There are no important open reservations anymore.
and removed
lgtm/need 1
This PR needs approval from one additional maintainer to be merged.
labels
Dec 19, 2022
zeripath
deleted the
fix-22161-no-storage-these-things-should-not-be-executable
branch
December 19, 2022 13:15
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
backport/done
All backports for this PR have been created
issue/regression
Indicates a previously functioning feature or behavior that has broken or regressed after a change
lgtm/done
This PR has enough approvals to get merged. There are no important open reservations anymore.
outdated/backport/v1.18
This PR should be backported to Gitea 1.18
type/bug
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The PR #21198 introduced a probable security vulnerability which resulted in making all storage files be marked as executable.
This PR ensures that these are forcibly marked as non-executable.
Fix #22161
Signed-off-by: Andrew Thornton [email protected]