new deploy: 2022-10-17T07:34:40+00:00

pages
Loïc Dachary 2022-10-17 07:34:40 +00:00 committed by dachary
parent 3f96458dc0
commit f9a78e3d94
18 changed files with 1361 additions and 10 deletions

View File

@ -0,0 +1,327 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://pouet.chapril.org/@gna" />
<link rel="stylesheet" href="https://gna.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://gna.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://gna.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://gna.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>[security] Gitea &lt; 1.17.3 git option injection explained | Gna!: Managed Gitea Hosting </title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="." />
<meta property="og:title" content="[security] Gitea &lt; 1.17.3 git option injection explained | Gna!: Managed Gitea Hosting " />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;gna.org" />
<meta property="og:description" content="." />
<meta
property="og:site_name"
content="[security] Gitea &lt; 1.17.3 git option injection explained | Gna!: Managed Gitea Hosting "
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://gna.org/apple-icon-57x57.png?h=c21de14cfdf862a6472ae977557fa048a7c36d39337e61d3274705e9bd8e857f"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://gna.org/apple-icon-60x60.png?h=67089d9025a52d0d1ddce450078c7acefe2c150a2427dec9f5e13c6314f74281"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://gna.org/apple-icon-72x72.png?h=70725943de8884804f9da28202ced0ad6fed483ae9cf8f6d874aa133e30cb693"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://gna.org/apple-icon-76x76.png?h=1e6e8072df3b21bdcea254a42aac6e993611e845f91ddd79f6f35a6c441710a5"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://gna.org/apple-icon-114x114.png?h=c20099f8190ed3962fab5726c5594857a871cdb3ee98439343c622cd3727fed6"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://gna.org/apple-icon-120x120.png?h=4df78e402e60b58c6d44764678bdd737b5b6a836aeb85fb75fa49f706f7e8c81"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://gna.org/apple-icon-144x144.png?h=0c44e6655d714f89ee95cc151032d1f0dc3204bd24d1ca2ee9d94692d4ede84d"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://gna.org/apple-icon-152x152.png?h=157918f883ff95d4eeb6452d0ebb61ca5e21ea0dcac1aefe825f3e2f3999052f"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://gna.org/apple-icon-180x180.png?h=7d5c16d379b7db6d8ea5aae64921d7162b84f543763acd8fc7c107f80a600213"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://gna.org/android-icon-192x192.png?h=095e3835b082dba07f606c33fa6f71bcd671a71e987b0ab2e46dcddceef52b9c"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://gna.org/favicon-32x32.png?h=1bf54bf111572b1d1639192b5360ee4345f702e563aa71bb66610a95a7290437"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://gna.org/favicon-96x96.png?h=5a6ed96c09f5055526e3b236867a1272a26f7ba957d48b267bccd51ef0845fbe"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://gna.org/favicon-16x16.png?h=1e5fa59ae78516055f662e40bb2599dc3828a7adb34567e9d8d2cfcaa6b7aa5f"
/>
<link
rel="manifest"
href="https://gna.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://gna.org/ms-icon-144x144.png?h=8170ab51b871b84b8f98bd03cf441afdffb2998b7dfffb04abb7ebf5deeb1f94"
/>
<meta name="theme-color" content="#ffffff" />
</head>
</head>
<body class="base">
<header>
<nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<img src="https://gna.org/gna-logo-rectangle-48px.png?h=ba9eab043277265f94c51b87d5e14f9ca35789403ecb8afc9bd1e33b13c6a2a5" alt="Gna!"/>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#gna:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;gitea-clinic&#x2F;">Clinic</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;forum.gna.org">Forum</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna">Mastodon</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;hosteadashboard.gna.org&#x2F;login&#x2F;">Login</a>
</div>
<div class="nav__link-container--action">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;hosteadashboard.gna.org&#x2F;register&#x2F;">Join</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="page__container">
<h1 class="page__group-title">[security] Gitea &lt; 1.17.3 git option injection explained</h1>
<p class="blog__post-meta">
<a href="https:&#x2F;&#x2F;dachary.org" class="post__author">Loïc Dachary</a>
&middot; 17
October
,
2022 &middot; <b>2 min read</b>
</p>
<div class="blog__content">
<p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
</span></code></pre>
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
</span></code></pre>
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
</span><span>...
</span></code></pre>
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
</span></code></pre>
</div>
<br>
<br>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</div>
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
|
<a
class="license__link"
rel="noreferrer"
href="https://www.eff.org/issues/do-not-track/amp/"
target="_blank"
>&nbsp;No AMP&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://gitea.gna.org/Gna"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<a href="/tos" title="Terms of Service">ToS</a>
</div>
</div>
</footer>
</div>
</body>
</html>

View File

@ -4,8 +4,31 @@
<link href="https://gna.org/blog/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://gna.org/blog/"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-07-20T00:00:00+00:00</updated>
<updated>2022-10-17T00:00:00+00:00</updated>
<id>https://gna.org/blog/atom.xml</id>
<entry xml:lang="en">
<title>[security] Gitea &lt; 1.17.3 git option injection explained</title>
<published>2022-10-17T00:00:00+00:00</published>
<updated>2022-10-17T00:00:00+00:00</updated>
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
<id>https://gna.org/blog/1-17-3-git-security/</id>
<content type="html">&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna&#x2F;109176306611564720&quot;&gt;Gitea 1.17.3&lt;&#x2F;a&gt; includes a &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;commit&#x2F;d98c5db58fdeded983bf5c0fe781fd7b77a1235f&quot;&gt;security patch&lt;&#x2F;a&gt; that prevents the injection of arguments to the git command run by Gitea.&lt;&#x2F;p&gt;
&lt;p&gt;When displaying the commit graph &lt;a href=&quot;https:&#x2F;&#x2F;gitea.gna.org&#x2F;Gna&#x2F;organization&#x2F;graph?branch=refs%2Fheads%2Fmaster&quot;&gt;for the master branch&lt;&#x2F;a&gt;, the URL contains the argument &lt;strong&gt;refs%2Fheads%2Fmaster&lt;&#x2F;strong&gt; that is passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command with something like:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph refs&#x2F;head&#x2F;master
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a &lt;code&gt;git&lt;&#x2F;code&gt; argument instead of a branch name. For instance &lt;strong&gt;-h&lt;&#x2F;strong&gt; could be passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command as:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph -h
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In reality the &lt;code&gt;rev-list&lt;&#x2F;code&gt; command is called before &lt;code&gt;log&lt;&#x2F;code&gt; and in Gitea 1.17.2 the debug output will show something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:17:17 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&amp;lt;options&amp;gt;] &amp;lt;commit-id&amp;gt;... [-- &amp;lt;path&amp;gt;...]
&lt;&#x2F;span&gt;&lt;span&gt;...
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...dules&#x2F;git&#x2F;command.go:166:Run() [E] [634d0351] git command is broken: &#x2F;usr&#x2F;bin&#x2F;git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
&lt;&#x2F;span&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: git command is broken
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
</content>
</entry>
<entry xml:lang="en">
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
<published>2022-07-20T00:00:00+00:00</published>

View File

@ -213,6 +213,45 @@
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
<h2 class="blog__post-title">[security] Gitea &lt; 1.17.3 git option injection explained</h2>
<p class="blog__post-meta">
<a href="https:&#x2F;&#x2F;dachary.org" class="post__author">Loïc Dachary</a>
&middot; 17
October
,
2022 &middot; <b>2 min read</b>
</p>
<p class="blog__post-description">. </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</li>
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>

File diff suppressed because one or more lines are too long

View File

@ -9,6 +9,10 @@
<url>
<loc>https://gna.org/blog/</loc>
</url>
<url>
<loc>https://gna.org/blog/1-17-3-git-security/</loc>
<lastmod>2022-10-17</lastmod>
</url>
<url>
<loc>https://gna.org/blog/1-17-breaking-episode-1/</loc>
<lastmod>2022-06-22</lastmod>
@ -95,6 +99,12 @@
<url>
<loc>https://gna.org/tags/problem/</loc>
</url>
<url>
<loc>https://gna.org/tags/security/</loc>
</url>
<url>
<loc>https://gna.org/tags/solution/</loc>
</url>
<url>
<loc>https://gna.org/tags/troubleshoot/</loc>
</url>

View File

@ -4,8 +4,31 @@
<link href="https://gna.org/tags/gitea/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://gna.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-07-20T00:00:00+00:00</updated>
<updated>2022-10-17T00:00:00+00:00</updated>
<id>https://gna.org/tags/gitea/atom.xml</id>
<entry xml:lang="en">
<title>[security] Gitea &lt; 1.17.3 git option injection explained</title>
<published>2022-10-17T00:00:00+00:00</published>
<updated>2022-10-17T00:00:00+00:00</updated>
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
<id>https://gna.org/blog/1-17-3-git-security/</id>
<content type="html">&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna&#x2F;109176306611564720&quot;&gt;Gitea 1.17.3&lt;&#x2F;a&gt; includes a &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;commit&#x2F;d98c5db58fdeded983bf5c0fe781fd7b77a1235f&quot;&gt;security patch&lt;&#x2F;a&gt; that prevents the injection of arguments to the git command run by Gitea.&lt;&#x2F;p&gt;
&lt;p&gt;When displaying the commit graph &lt;a href=&quot;https:&#x2F;&#x2F;gitea.gna.org&#x2F;Gna&#x2F;organization&#x2F;graph?branch=refs%2Fheads%2Fmaster&quot;&gt;for the master branch&lt;&#x2F;a&gt;, the URL contains the argument &lt;strong&gt;refs%2Fheads%2Fmaster&lt;&#x2F;strong&gt; that is passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command with something like:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph refs&#x2F;head&#x2F;master
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a &lt;code&gt;git&lt;&#x2F;code&gt; argument instead of a branch name. For instance &lt;strong&gt;-h&lt;&#x2F;strong&gt; could be passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command as:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph -h
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In reality the &lt;code&gt;rev-list&lt;&#x2F;code&gt; command is called before &lt;code&gt;log&lt;&#x2F;code&gt; and in Gitea 1.17.2 the debug output will show something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:17:17 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&amp;lt;options&amp;gt;] &amp;lt;commit-id&amp;gt;... [-- &amp;lt;path&amp;gt;...]
&lt;&#x2F;span&gt;&lt;span&gt;...
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...dules&#x2F;git&#x2F;command.go:166:Run() [E] [634d0351] git command is broken: &#x2F;usr&#x2F;bin&#x2F;git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
&lt;&#x2F;span&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: git command is broken
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
</content>
</entry>
<entry xml:lang="en">
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
<published>2022-07-20T00:00:00+00:00</published>

View File

@ -219,6 +219,36 @@
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
<h2 class="blog__post-title">[security] Gitea &lt; 1.17.3 git option injection explained</h2>
<p class="blog__post-meta">
17
October
,
2022 &middot; <b>2 min read</b>
</p>
<p class="blog__post-description">. </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</li>
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>

View File

@ -4,8 +4,31 @@
<link href="https://gna.org/tags/gna/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://gna.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-07-20T00:00:00+00:00</updated>
<updated>2022-10-17T00:00:00+00:00</updated>
<id>https://gna.org/tags/gna/atom.xml</id>
<entry xml:lang="en">
<title>[security] Gitea &lt; 1.17.3 git option injection explained</title>
<published>2022-10-17T00:00:00+00:00</published>
<updated>2022-10-17T00:00:00+00:00</updated>
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
<id>https://gna.org/blog/1-17-3-git-security/</id>
<content type="html">&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna&#x2F;109176306611564720&quot;&gt;Gitea 1.17.3&lt;&#x2F;a&gt; includes a &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;commit&#x2F;d98c5db58fdeded983bf5c0fe781fd7b77a1235f&quot;&gt;security patch&lt;&#x2F;a&gt; that prevents the injection of arguments to the git command run by Gitea.&lt;&#x2F;p&gt;
&lt;p&gt;When displaying the commit graph &lt;a href=&quot;https:&#x2F;&#x2F;gitea.gna.org&#x2F;Gna&#x2F;organization&#x2F;graph?branch=refs%2Fheads%2Fmaster&quot;&gt;for the master branch&lt;&#x2F;a&gt;, the URL contains the argument &lt;strong&gt;refs%2Fheads%2Fmaster&lt;&#x2F;strong&gt; that is passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command with something like:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph refs&#x2F;head&#x2F;master
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a &lt;code&gt;git&lt;&#x2F;code&gt; argument instead of a branch name. For instance &lt;strong&gt;-h&lt;&#x2F;strong&gt; could be passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command as:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph -h
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In reality the &lt;code&gt;rev-list&lt;&#x2F;code&gt; command is called before &lt;code&gt;log&lt;&#x2F;code&gt; and in Gitea 1.17.2 the debug output will show something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:17:17 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&amp;lt;options&amp;gt;] &amp;lt;commit-id&amp;gt;... [-- &amp;lt;path&amp;gt;...]
&lt;&#x2F;span&gt;&lt;span&gt;...
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...dules&#x2F;git&#x2F;command.go:166:Run() [E] [634d0351] git command is broken: &#x2F;usr&#x2F;bin&#x2F;git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
&lt;&#x2F;span&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: git command is broken
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
</content>
</entry>
<entry xml:lang="en">
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
<published>2022-07-20T00:00:00+00:00</published>

View File

@ -219,6 +219,36 @@
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
<h2 class="blog__post-title">[security] Gitea &lt; 1.17.3 git option injection explained</h2>
<p class="blog__post-meta">
17
October
,
2022 &middot; <b>2 min read</b>
</p>
<p class="blog__post-description">. </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</li>
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>

View File

@ -297,7 +297,7 @@
<span class="tag__meta">10 entries</span>
<span class="tag__meta">11 entries</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;gitea&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
@ -315,7 +315,7 @@
<span class="tag__meta">10 entries</span>
<span class="tag__meta">11 entries</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;gna&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
@ -353,7 +353,7 @@
<span class="tag__meta">8 entries</span>
<span class="tag__meta">9 entries</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;problem&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
@ -365,6 +365,46 @@
</li>
</a>
<li class="tag__item">
<a href="https://gna.org/tags/security/" class="tag__item-link">
<h2 class="tag__item-title">#security</h2>
<span class="tag__meta">1 entry</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;security&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon"
alt="RSS icon"
/>
</a>
</li>
</a>
<li class="tag__item">
<a href="https://gna.org/tags/solution/" class="tag__item-link">
<h2 class="tag__item-title">#solution</h2>
<span class="tag__meta">1 entry</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;solution&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon"
alt="RSS icon"
/>
</a>
</li>
</a>
<li class="tag__item">
<a href="https://gna.org/tags/troubleshoot/" class="tag__item-link">
<h2 class="tag__item-title">#troubleshoot</h2>
@ -407,7 +447,7 @@
<span class="tag__meta">3 entries</span>
<span class="tag__meta">4 entries</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;upgrade&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img

View File

@ -4,8 +4,31 @@
<link href="https://gna.org/tags/problem/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://gna.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-07-20T00:00:00+00:00</updated>
<updated>2022-10-17T00:00:00+00:00</updated>
<id>https://gna.org/tags/problem/atom.xml</id>
<entry xml:lang="en">
<title>[security] Gitea &lt; 1.17.3 git option injection explained</title>
<published>2022-10-17T00:00:00+00:00</published>
<updated>2022-10-17T00:00:00+00:00</updated>
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
<id>https://gna.org/blog/1-17-3-git-security/</id>
<content type="html">&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna&#x2F;109176306611564720&quot;&gt;Gitea 1.17.3&lt;&#x2F;a&gt; includes a &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;commit&#x2F;d98c5db58fdeded983bf5c0fe781fd7b77a1235f&quot;&gt;security patch&lt;&#x2F;a&gt; that prevents the injection of arguments to the git command run by Gitea.&lt;&#x2F;p&gt;
&lt;p&gt;When displaying the commit graph &lt;a href=&quot;https:&#x2F;&#x2F;gitea.gna.org&#x2F;Gna&#x2F;organization&#x2F;graph?branch=refs%2Fheads%2Fmaster&quot;&gt;for the master branch&lt;&#x2F;a&gt;, the URL contains the argument &lt;strong&gt;refs%2Fheads%2Fmaster&lt;&#x2F;strong&gt; that is passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command with something like:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph refs&#x2F;head&#x2F;master
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a &lt;code&gt;git&lt;&#x2F;code&gt; argument instead of a branch name. For instance &lt;strong&gt;-h&lt;&#x2F;strong&gt; could be passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command as:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph -h
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In reality the &lt;code&gt;rev-list&lt;&#x2F;code&gt; command is called before &lt;code&gt;log&lt;&#x2F;code&gt; and in Gitea 1.17.2 the debug output will show something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:17:17 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&amp;lt;options&amp;gt;] &amp;lt;commit-id&amp;gt;... [-- &amp;lt;path&amp;gt;...]
&lt;&#x2F;span&gt;&lt;span&gt;...
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...dules&#x2F;git&#x2F;command.go:166:Run() [E] [634d0351] git command is broken: &#x2F;usr&#x2F;bin&#x2F;git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
&lt;&#x2F;span&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: git command is broken
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
</content>
</entry>
<entry xml:lang="en">
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
<published>2022-07-20T00:00:00+00:00</published>

View File

@ -219,6 +219,36 @@
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
<h2 class="blog__post-title">[security] Gitea &lt; 1.17.3 git option injection explained</h2>
<p class="blog__post-meta">
17
October
,
2022 &middot; <b>2 min read</b>
</p>
<p class="blog__post-description">. </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</li>
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>

32
tags/security/atom.xml Normal file
View File

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - security</title>
<link href="https://gna.org/tags/security/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://gna.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-10-17T00:00:00+00:00</updated>
<id>https://gna.org/tags/security/atom.xml</id>
<entry xml:lang="en">
<title>[security] Gitea &lt; 1.17.3 git option injection explained</title>
<published>2022-10-17T00:00:00+00:00</published>
<updated>2022-10-17T00:00:00+00:00</updated>
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
<id>https://gna.org/blog/1-17-3-git-security/</id>
<content type="html">&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna&#x2F;109176306611564720&quot;&gt;Gitea 1.17.3&lt;&#x2F;a&gt; includes a &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;commit&#x2F;d98c5db58fdeded983bf5c0fe781fd7b77a1235f&quot;&gt;security patch&lt;&#x2F;a&gt; that prevents the injection of arguments to the git command run by Gitea.&lt;&#x2F;p&gt;
&lt;p&gt;When displaying the commit graph &lt;a href=&quot;https:&#x2F;&#x2F;gitea.gna.org&#x2F;Gna&#x2F;organization&#x2F;graph?branch=refs%2Fheads%2Fmaster&quot;&gt;for the master branch&lt;&#x2F;a&gt;, the URL contains the argument &lt;strong&gt;refs%2Fheads%2Fmaster&lt;&#x2F;strong&gt; that is passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command with something like:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph refs&#x2F;head&#x2F;master
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a &lt;code&gt;git&lt;&#x2F;code&gt; argument instead of a branch name. For instance &lt;strong&gt;-h&lt;&#x2F;strong&gt; could be passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command as:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph -h
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In reality the &lt;code&gt;rev-list&lt;&#x2F;code&gt; command is called before &lt;code&gt;log&lt;&#x2F;code&gt; and in Gitea 1.17.2 the debug output will show something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:17:17 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&amp;lt;options&amp;gt;] &amp;lt;commit-id&amp;gt;... [-- &amp;lt;path&amp;gt;...]
&lt;&#x2F;span&gt;&lt;span&gt;...
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...dules&#x2F;git&#x2F;command.go:166:Run() [E] [634d0351] git command is broken: &#x2F;usr&#x2F;bin&#x2F;git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
&lt;&#x2F;span&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: git command is broken
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
</content>
</entry>
</feed>

318
tags/security/index.html Normal file
View File

@ -0,0 +1,318 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://pouet.chapril.org/@gna" />
<link rel="stylesheet" href="https://gna.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://gna.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://gna.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://gna.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>security | Gna!: Managed Gitea Hosting </title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="security" />
<meta property="og:title" content="security | Gna!: Managed Gitea Hosting " />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;gna.org" />
<meta property="og:description" content="security" />
<meta
property="og:site_name"
content="security | Gna!: Managed Gitea Hosting "
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://gna.org/apple-icon-57x57.png?h=c21de14cfdf862a6472ae977557fa048a7c36d39337e61d3274705e9bd8e857f"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://gna.org/apple-icon-60x60.png?h=67089d9025a52d0d1ddce450078c7acefe2c150a2427dec9f5e13c6314f74281"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://gna.org/apple-icon-72x72.png?h=70725943de8884804f9da28202ced0ad6fed483ae9cf8f6d874aa133e30cb693"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://gna.org/apple-icon-76x76.png?h=1e6e8072df3b21bdcea254a42aac6e993611e845f91ddd79f6f35a6c441710a5"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://gna.org/apple-icon-114x114.png?h=c20099f8190ed3962fab5726c5594857a871cdb3ee98439343c622cd3727fed6"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://gna.org/apple-icon-120x120.png?h=4df78e402e60b58c6d44764678bdd737b5b6a836aeb85fb75fa49f706f7e8c81"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://gna.org/apple-icon-144x144.png?h=0c44e6655d714f89ee95cc151032d1f0dc3204bd24d1ca2ee9d94692d4ede84d"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://gna.org/apple-icon-152x152.png?h=157918f883ff95d4eeb6452d0ebb61ca5e21ea0dcac1aefe825f3e2f3999052f"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://gna.org/apple-icon-180x180.png?h=7d5c16d379b7db6d8ea5aae64921d7162b84f543763acd8fc7c107f80a600213"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://gna.org/android-icon-192x192.png?h=095e3835b082dba07f606c33fa6f71bcd671a71e987b0ab2e46dcddceef52b9c"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://gna.org/favicon-32x32.png?h=1bf54bf111572b1d1639192b5360ee4345f702e563aa71bb66610a95a7290437"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://gna.org/favicon-96x96.png?h=5a6ed96c09f5055526e3b236867a1272a26f7ba957d48b267bccd51ef0845fbe"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://gna.org/favicon-16x16.png?h=1e5fa59ae78516055f662e40bb2599dc3828a7adb34567e9d8d2cfcaa6b7aa5f"
/>
<link
rel="manifest"
href="https://gna.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://gna.org/ms-icon-144x144.png?h=8170ab51b871b84b8f98bd03cf441afdffb2998b7dfffb04abb7ebf5deeb1f94"
/>
<meta name="theme-color" content="#ffffff" />
</head>
</head>
<body class="base">
<header>
<nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<img src="https://gna.org/gna-logo-rectangle-48px.png?h=ba9eab043277265f94c51b87d5e14f9ca35789403ecb8afc9bd1e33b13c6a2a5" alt="Gna!"/>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#gna:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;gitea-clinic&#x2F;">Clinic</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;forum.gna.org">Forum</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna">Mastodon</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;hosteadashboard.gna.org&#x2F;login&#x2F;">Login</a>
</div>
<div class="nav__link-container--action">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;hosteadashboard.gna.org&#x2F;register&#x2F;">Join</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<div class="tag__title-container">
<h1 class="tag__title">#security</h1>
<a class="tag__rss-link--single" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;security&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon--single"
alt="RSS icon"
/>
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
<h2 class="blog__post-title">[security] Gitea &lt; 1.17.3 git option injection explained</h2>
<p class="blog__post-meta">
17
October
,
2022 &middot; <b>2 min read</b>
</p>
<p class="blog__post-description">. </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://gna.org/rss.xml">
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
|
<a
class="license__link"
rel="noreferrer"
href="https://www.eff.org/issues/do-not-track/amp/"
target="_blank"
>&nbsp;No AMP&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://gitea.gna.org/Gna"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<a href="/tos" title="Terms of Service">ToS</a>
</div>
</div>
</footer>
</div>
</body>
</html>

32
tags/solution/atom.xml Normal file
View File

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - solution</title>
<link href="https://gna.org/tags/solution/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://gna.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-10-17T00:00:00+00:00</updated>
<id>https://gna.org/tags/solution/atom.xml</id>
<entry xml:lang="en">
<title>[security] Gitea &lt; 1.17.3 git option injection explained</title>
<published>2022-10-17T00:00:00+00:00</published>
<updated>2022-10-17T00:00:00+00:00</updated>
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
<id>https://gna.org/blog/1-17-3-git-security/</id>
<content type="html">&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna&#x2F;109176306611564720&quot;&gt;Gitea 1.17.3&lt;&#x2F;a&gt; includes a &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;commit&#x2F;d98c5db58fdeded983bf5c0fe781fd7b77a1235f&quot;&gt;security patch&lt;&#x2F;a&gt; that prevents the injection of arguments to the git command run by Gitea.&lt;&#x2F;p&gt;
&lt;p&gt;When displaying the commit graph &lt;a href=&quot;https:&#x2F;&#x2F;gitea.gna.org&#x2F;Gna&#x2F;organization&#x2F;graph?branch=refs%2Fheads%2Fmaster&quot;&gt;for the master branch&lt;&#x2F;a&gt;, the URL contains the argument &lt;strong&gt;refs%2Fheads%2Fmaster&lt;&#x2F;strong&gt; that is passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command with something like:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph refs&#x2F;head&#x2F;master
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a &lt;code&gt;git&lt;&#x2F;code&gt; argument instead of a branch name. For instance &lt;strong&gt;-h&lt;&#x2F;strong&gt; could be passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command as:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph -h
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In reality the &lt;code&gt;rev-list&lt;&#x2F;code&gt; command is called before &lt;code&gt;log&lt;&#x2F;code&gt; and in Gitea 1.17.2 the debug output will show something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:17:17 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&amp;lt;options&amp;gt;] &amp;lt;commit-id&amp;gt;... [-- &amp;lt;path&amp;gt;...]
&lt;&#x2F;span&gt;&lt;span&gt;...
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...dules&#x2F;git&#x2F;command.go:166:Run() [E] [634d0351] git command is broken: &#x2F;usr&#x2F;bin&#x2F;git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
&lt;&#x2F;span&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: git command is broken
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
</content>
</entry>
</feed>

318
tags/solution/index.html Normal file
View File

@ -0,0 +1,318 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://pouet.chapril.org/@gna" />
<link rel="stylesheet" href="https://gna.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://gna.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://gna.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://gna.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>solution | Gna!: Managed Gitea Hosting </title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="solution" />
<meta property="og:title" content="solution | Gna!: Managed Gitea Hosting " />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;gna.org" />
<meta property="og:description" content="solution" />
<meta
property="og:site_name"
content="solution | Gna!: Managed Gitea Hosting "
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://gna.org/apple-icon-57x57.png?h=c21de14cfdf862a6472ae977557fa048a7c36d39337e61d3274705e9bd8e857f"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://gna.org/apple-icon-60x60.png?h=67089d9025a52d0d1ddce450078c7acefe2c150a2427dec9f5e13c6314f74281"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://gna.org/apple-icon-72x72.png?h=70725943de8884804f9da28202ced0ad6fed483ae9cf8f6d874aa133e30cb693"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://gna.org/apple-icon-76x76.png?h=1e6e8072df3b21bdcea254a42aac6e993611e845f91ddd79f6f35a6c441710a5"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://gna.org/apple-icon-114x114.png?h=c20099f8190ed3962fab5726c5594857a871cdb3ee98439343c622cd3727fed6"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://gna.org/apple-icon-120x120.png?h=4df78e402e60b58c6d44764678bdd737b5b6a836aeb85fb75fa49f706f7e8c81"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://gna.org/apple-icon-144x144.png?h=0c44e6655d714f89ee95cc151032d1f0dc3204bd24d1ca2ee9d94692d4ede84d"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://gna.org/apple-icon-152x152.png?h=157918f883ff95d4eeb6452d0ebb61ca5e21ea0dcac1aefe825f3e2f3999052f"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://gna.org/apple-icon-180x180.png?h=7d5c16d379b7db6d8ea5aae64921d7162b84f543763acd8fc7c107f80a600213"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://gna.org/android-icon-192x192.png?h=095e3835b082dba07f606c33fa6f71bcd671a71e987b0ab2e46dcddceef52b9c"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://gna.org/favicon-32x32.png?h=1bf54bf111572b1d1639192b5360ee4345f702e563aa71bb66610a95a7290437"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://gna.org/favicon-96x96.png?h=5a6ed96c09f5055526e3b236867a1272a26f7ba957d48b267bccd51ef0845fbe"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://gna.org/favicon-16x16.png?h=1e5fa59ae78516055f662e40bb2599dc3828a7adb34567e9d8d2cfcaa6b7aa5f"
/>
<link
rel="manifest"
href="https://gna.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://gna.org/ms-icon-144x144.png?h=8170ab51b871b84b8f98bd03cf441afdffb2998b7dfffb04abb7ebf5deeb1f94"
/>
<meta name="theme-color" content="#ffffff" />
</head>
</head>
<body class="base">
<header>
<nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<img src="https://gna.org/gna-logo-rectangle-48px.png?h=ba9eab043277265f94c51b87d5e14f9ca35789403ecb8afc9bd1e33b13c6a2a5" alt="Gna!"/>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#gna:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;gitea-clinic&#x2F;">Clinic</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;forum.gna.org">Forum</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna">Mastodon</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;hosteadashboard.gna.org&#x2F;login&#x2F;">Login</a>
</div>
<div class="nav__link-container--action">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;hosteadashboard.gna.org&#x2F;register&#x2F;">Join</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<div class="tag__title-container">
<h1 class="tag__title">#solution</h1>
<a class="tag__rss-link--single" href="https:&#x2F;&#x2F;gna.org&#x2F;tags&#x2F;solution&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon--single"
alt="RSS icon"
/>
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
<h2 class="blog__post-title">[security] Gitea &lt; 1.17.3 git option injection explained</h2>
<p class="blog__post-meta">
17
October
,
2022 &middot; <b>2 min read</b>
</p>
<p class="blog__post-description">. </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://gna.org/rss.xml">
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
|
<a
class="license__link"
rel="noreferrer"
href="https://www.eff.org/issues/do-not-track/amp/"
target="_blank"
>&nbsp;No AMP&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://gitea.gna.org/Gna"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<a href="/tos" title="Terms of Service">ToS</a>
</div>
</div>
</footer>
</div>
</body>
</html>

View File

@ -4,8 +4,31 @@
<link href="https://gna.org/tags/upgrade/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://gna.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-05-28T00:00:00+00:00</updated>
<updated>2022-10-17T00:00:00+00:00</updated>
<id>https://gna.org/tags/upgrade/atom.xml</id>
<entry xml:lang="en">
<title>[security] Gitea &lt; 1.17.3 git option injection explained</title>
<published>2022-10-17T00:00:00+00:00</published>
<updated>2022-10-17T00:00:00+00:00</updated>
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
<id>https://gna.org/blog/1-17-3-git-security/</id>
<content type="html">&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;pouet.chapril.org&#x2F;@gna&#x2F;109176306611564720&quot;&gt;Gitea 1.17.3&lt;&#x2F;a&gt; includes a &lt;a href=&quot;https:&#x2F;&#x2F;lab.forgefriends.org&#x2F;forgefriends&#x2F;forgefriends&#x2F;-&#x2F;commit&#x2F;d98c5db58fdeded983bf5c0fe781fd7b77a1235f&quot;&gt;security patch&lt;&#x2F;a&gt; that prevents the injection of arguments to the git command run by Gitea.&lt;&#x2F;p&gt;
&lt;p&gt;When displaying the commit graph &lt;a href=&quot;https:&#x2F;&#x2F;gitea.gna.org&#x2F;Gna&#x2F;organization&#x2F;graph?branch=refs%2Fheads%2Fmaster&quot;&gt;for the master branch&lt;&#x2F;a&gt;, the URL contains the argument &lt;strong&gt;refs%2Fheads%2Fmaster&lt;&#x2F;strong&gt; that is passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command with something like:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph refs&#x2F;head&#x2F;master
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a &lt;code&gt;git&lt;&#x2F;code&gt; argument instead of a branch name. For instance &lt;strong&gt;-h&lt;&#x2F;strong&gt; could be passed to the &lt;code&gt;git&lt;&#x2F;code&gt; command as:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;shell&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-shell &quot;&gt;&lt;code class=&quot;language-shell&quot; data-lang=&quot;shell&quot;&gt;&lt;span&gt;git log --graph -h
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In reality the &lt;code&gt;rev-list&lt;&#x2F;code&gt; command is called before &lt;code&gt;log&lt;&#x2F;code&gt; and in Gitea 1.17.2 the debug output will show something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:17:17 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&amp;lt;options&amp;gt;] &amp;lt;commit-id&amp;gt;... [-- &amp;lt;path&amp;gt;...]
&lt;&#x2F;span&gt;&lt;span&gt;...
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...dules&#x2F;git&#x2F;command.go:166:Run() [E] [634d0351] git command is broken: &#x2F;usr&#x2F;bin&#x2F;git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
&lt;&#x2F;span&gt;&lt;span&gt;2022&#x2F;10&#x2F;17 07:25:05 ...s&#x2F;web&#x2F;repo&#x2F;commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root&#x2F;test, Will Ignore branches and try again. Underlying Error: git command is broken
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
</content>
</entry>
<entry xml:lang="en">
<title>[solved] Gitea 1.15 and up: path not found or permission denied</title>
<published>2022-05-28T00:00:00+00:00</published>

View File

@ -219,6 +219,36 @@
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
<h2 class="blog__post-title">[security] Gitea &lt; 1.17.3 git option injection explained</h2>
<p class="blog__post-meta">
17
October
,
2022 &middot; <b>2 min read</b>
</p>
<p class="blog__post-description">. </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/gna">#gna</a>
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
<a class="blog__post-tag" href="/tags/security">#security</a>
<a class="blog__post-tag" href="/tags/problem">#problem</a>
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
<a class="blog__post-tag" href="/tags/solution">#solution</a>
</div>
</li>
<li class="blog__post-item">
<a href="https://gna.org/blog/path-not-found/" class="blog__post-link">
<h2 class="blog__post-title">[solved] Gitea 1.15 and up: path not found or permission denied</h2>