Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes PulpImport in the presence of Django path-traversal CVE fix. #1791

Merged
merged 1 commit into from
Jan 5, 2022
Merged

Fixes PulpImport in the presence of Django path-traversal CVE fix. #1791

merged 1 commit into from
Jan 5, 2022

Conversation

ggainey
Copy link
Contributor

@ggainey ggainey commented Jan 4, 2022

Fixes #9660.
[nocoverage]

@pulpbot
Copy link
Member

pulpbot commented Jan 4, 2022

Attached issue: https://pulp.plan.io/issues/9660

goosemania
goosemania reviewed Jan 4, 2022
View reviewed changes
pulpcore/app/tasks/importer.py
with open(src, "rb") as f:
default_storage.save(dest, f)
default_storage.save(base_path, f)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 relative paths FTW

@ggainey ggainey mentioned this pull request Jan 4, 2022
Merged
goosemania added a commit to goosemania/pulp_rpm that referenced this pull request Jan 5, 2022
@goosemania
Fix distribution tree sync for repos with partial .treeinfo files
ebcb455 
*** WARNING ***
DO NOT try to PATCH your system with these changes. This fix contains a database migration.
It's hard to revert the changes. You will BREAK YOUR UPGRADE PATH if you use this patch.
***************

closes pulp#2305 (was redmine 9583)

Required PR: pulp/pulpcore#1791
@ggainey ggainey force-pushed the 9660_import_save branch 3 times, most recently from 96a8e47 to 1d25cf8 Compare January 5, 2022 13:59
@fao89 fao89 requested a review from goosemania January 5, 2022 15:15
@goosemania
Copy link
Member

I pressed the wrong button, apologies. This can be merged without waiting for CI to finish.

@ggainey ggainey merged commit ba1b9fa into pulp:main Jan 5, 2022
goosemania added a commit to pulp/pulp_rpm that referenced this pull request Jan 5, 2022
@goosemania
Fix distribution tree sync for repos with partial .treeinfo files
1b845aa 
*** WARNING ***
DO NOT try to PATCH your system with these changes. This fix contains a database migration.
It's hard to revert the changes. You will BREAK YOUR UPGRADE PATH if you use this patch.
***************

closes #2305 (was redmine 9583)

Required PR: pulp/pulpcore#1791
@fao89 fao89 mentioned this pull request Jan 17, 2022
Closed
@ggainey ggainey deleted the 9660_import_save branch May 10, 2022 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkliban dkliban dkliban approved these changes

@dralley dralley dralley approved these changes

@goosemania goosemania goosemania approved these changes

@fao89 fao89 fao89 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ggainey @pulpbot @goosemania @dkliban @dralley @fao89