-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tarbomb in release src tarball file #19066
Comments
fair point, IMO, this shouldn't be hard to fix. |
That's generated by Github I think, maybe you should submit an issue to them? |
absolutely same thing but it was resolved without Github intervention. |
|
We'd need to use Line 648 in ed1d95c
@eleksir would you like to test and propose a PR? documentation for the tar command and the https://www.gnu.org/software/tar/manual/html_section/transform.html |
Use a directory prefix instead on creating the tar file. Fixes: #19066
…tea#19396) Use a directory prefix instead on creating the tar file. Fixes: go-gitea#19066
Gitea Version
1.16.3
Git Version
N/A
Operating System
N/A
How are you running Gitea?
tar xf gitea-src-1.16.3.tar.gz
Database
No response
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
N/A
Description
Gitea official src, gitea-src-1.16.3.tar.gz, (from releases page at github, particulary at release of 1.16.3) contains tarbomb. Such behavior is considered bad etiquette on the part of the archive's creator.
Expected behavior is (after untarring) to find this pile of files in subdir named gitea-src-1.16.3 or even better in subdir named gitea-1.16.3.
Screenshots
N/A
The text was updated successfully, but these errors were encountered: