mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-04-26 05:30:19 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
forgejo/modules
History
Gusted dc15aefa3e
fix: ensure correct ssh public key is used for authentication 
- The root cause is described in b4f1988a35
- Move to a fork of `github.com/gliderlabs/ssh` that exposes the
permissions that was chosen by `x/crypto/ssh` after succesfully
authenticating, this is the recommended mitigation by the Golang
security team. The fork exposes this, since `gliderlabs/ssh` instead
relies on context values to do so, which is vulnerable to the same
attack, although partially mitigated by the fix in `x/crypto/ssh` it
would not be good practice and defense deep to rely on it.
- Existing tests covers that the functionality is preserved.
- No tests are added to ensure it fixes the described security, the
exploit relies on non-standard SSH behavior it would be too hard to
craft SSH packets to exploit this.

(cherry picked from commit 3e1b03838e)

Conflicts:
	go.mod
	go.sum
  trivial context conflict
2024-12-12 07:09:00 +01:00
..
actions Fix wrong status of Set up Job when first step is skipped (#32120) 2024-09-29 11:52:09 +02:00
activitypub Use forum.gitea.com instead of old URL (#31989) 2024-09-09 20:54:47 +02:00
analyze
assetfs
auth
avatar
base fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
cache Increase cacheContextLifetime to reduce false reports (#32011) 2024-09-14 17:09:03 +02:00
charset
container
csv
emoji
eventsource fix: use better code to group UID and stopwatches 2024-11-17 19:18:45 +00:00
forgefed style: reenable switch check 2024-08-18 15:19:01 +02:00
generate
git Fix: return correct type in GetSubModule 2024-12-03 03:24:54 +00:00
gitgraph
gitrepo [CHORE] Drop go-git support 2024-08-12 19:11:09 +02:00
graceful
hcaptcha
highlight fix: normalize guessed languages from enry 2024-11-27 18:25:12 +00:00
hostmatcher Support allowed hosts for migrations to work with proxy (#32025) 2024-09-14 17:52:54 +02:00
html
httpcache Fix wrong last modify time (#32102) 2024-09-27 08:13:30 +00:00
httplib Fix wrong last modify time (#32102) 2024-09-27 08:13:30 +00:00
indexer Fixed race condition when deleting documents by repoId in ElasticSearch (#32185) 2024-10-06 11:45:22 +02:00
issue/template Fix linting issues 2024-08-18 16:25:13 +02:00
json
keying [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
label
lfs [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
log [CHORE] Fix darwin compatibility 2024-08-09 17:44:41 +02:00
markup fix: remove softbreak from github legacy callout 2024-12-04 23:12:58 +00:00
mcaptcha
metrics
migration Use correct function name (#31887) 2024-08-25 11:56:35 +02:00
nosql [FEAT] Only implement used API of Redis client 2024-08-30 04:33:15 +02:00
optional
options
packages fix: handle renamed dependency for cargo registery 2024-11-13 22:56:30 +00:00
paginator
pprof
private
process
proxy
proxyprotocol
public
queue chore: update mock redis client 2024-09-01 05:42:34 +02:00
recaptcha
references
regexplru
repository style: reenable switch check 2024-08-18 15:19:01 +02:00
secret
session [FEAT] Only implement used API of Redis client 2024-08-30 04:33:15 +02:00
setting fix: Specify default value for EXPLORE_DEFAULT_SORT. 2024-10-20 23:07:18 +00:00
sitemap
ssh fix: ensure correct ssh public key is used for authentication 2024-12-12 07:09:00 +01:00
storage
structs fix: add label to issues and PR labeled/unlabeled events 2024-11-04 14:10:27 +00:00
svg
sync
system
templates Lazy load avatar images (#32051) 2024-09-27 08:13:29 +00:00
test
testlogger fix: make branch protection work for new branches 2024-10-24 20:21:43 +00:00
timeutil
translation
turnstile
typesniffer
updatechecker
uri
user
util feat: add IfZero utility function 2024-09-27 08:13:29 +00:00
validation
web
webhook
zstd Cache generated binary across jobs 2024-08-26 23:43:09 +02:00