The .htaccess files are used to protect some directories that shouldn't be web accessible.
I believe it was rMREL41c86dd3eb87: make-release: Simplify excludes, just drop all .dotfiles that caused this.
Legoktm | |
Jul 7 2018, 7:11 PM |
F23930879: 0001-Don-t-exclude-.htaccess-files-from-git-archive.patch | |
Jul 20 2018, 8:32 PM |
The .htaccess files are used to protect some directories that shouldn't be web accessible.
I believe it was rMREL41c86dd3eb87: make-release: Simplify excludes, just drop all .dotfiles that caused this.
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Reedy | T199021 Release MediaWiki 1.27.5/1.29.3/1.30.1/1.31.1 | |||
Resolved | Reedy | T181665 Tracking bug for 1.27.5/1.29.3/1.30.1/1.31.1 security release | |||
Resolved | Legoktm | T199029 1.31.0 tarball is missing .htaccess files (CVE-2018-13258) |
The patch is really simple obviously. I'm still working on the new release script (T199467) though to actually use gitattributes.
Has this been included in your bundled patches for the branches? Or is this still in addition to T181665#4552739 ?
Just to make sure it doesn't accidentally get forgotten about :)
It should be included in each of the patch tars :) It does require using the new release script though, since that uses .gitattributes when deciding what to exclude. If we don't end up using it, we'll need to figure out a different solution for this bug (that said, I'd rather invest in fixing the new release script :))