pool/gitea-tea
SHA256
17
0
Fork 3
Code Issues Pull Requests 1 Activity

leap-16.0 Update from Factory #4

Manually merged
anag_factory merged 2 commits from michals/gitea-tea:leap-16.0 into leap-16.0 2025-12-04 13:51:08 +01:00
Conversation 9 Commits 2 Files Changed 3 +35
3 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gitea-tea.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Nov 28 09:35:29 UTC 2025 - Michal Suchanek <msuchanek@suse.de>
- Do not make config file group-readable.
* remove-config-file-group-readwrite-permission-856.patch
-------------------------------------------------------------------
Sat Nov 8 12:34:56 UTC 2025 - olaf@aepfle.de

1
gitea-tea.spec
View File

@@ -26,6 +26,7 @@ Source0: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
Patch0: fix-CVE-2025-58190.patch
Patch1: fix-CVE-2025-47911.patch
Patch3: remove-config-file-group-readwrite-permission-856.patch
BuildRequires: golang(API) >= 1.24
Conflicts: tea

28
remove-config-file-group-readwrite-permission-856.patch Normal file
View File

@@ -0,0 +1,28 @@
From f6d4b5fa4fdf4ebb777cc465f9c3ec30c8024548 Mon Sep 17 00:00:00 2001
From: TheFox0x7 <thefox0x7@gmail.com>
Date: Thu, 27 Nov 2025 22:45:25 +0000
Subject: [PATCH] remove group readwrite permission (#856)
closes: https://gitea.com/gitea/tea/issues/855
Reviewed-on: https://gitea.com/gitea/tea/pulls/856
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
---
modules/config/config.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/config/config.go b/modules/config/config.go
index 70443ca..30b59f3 100644
--- a/modules/config/config.go
+++ b/modules/config/config.go
@@ -104,5 +104,5 @@ func saveConfig() error {
if err != nil {
return err
}
- return os.WriteFile(ymlPath, bs, 0o660)
+ return os.WriteFile(ymlPath, bs, 0o600)
}
--
2.51.0