Fixed
Status Update
Comments
li...@gmail.com <li...@gmail.com> #2
It's not a .git directory but a .svn directory. :) That said, even though Subversion use by the llvm project has been long discontinued, it should still not be exposed, or even better, the directory should be cleaned up.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
CC'ing Mike Edwards, who I hope is able to get rid of that directory.
ra...@gtempaccount.com <ra...@gtempaccount.com>
di...@gtempaccount.com <di...@gtempaccount.com> #4
Yes along with .svn i was able to download .git folder too.
I have attached the zip file, you can find the git folder inside it.
I have attached the zip file, you can find the git folder inside it.
di...@gtempaccount.com <di...@gtempaccount.com> #5
Pulling in Tom Stellard and Tobias Hieta as the LLVM release managers on this issue reported to the LLVM security group.
While .svn or .git directories probably shouldn't be present athttps://releases.llvm.org , I wonder how this is a security issue.
Is some of the information in those directories perhaps not available publicly already?
While .svn or .git directories probably shouldn't be present at
Is some of the information in those directories perhaps not available publicly already?
an...@gmail.com <an...@gmail.com> #6
I don' think there is any problem to have the .git directory exposed. I'm not sure about .svn though. I'm fairly certain we can remove the .svn directory, but not sure about the .git directory. Anton is probably the best person to talk to about this.
re...@gmail.com <re...@gmail.com> #7
cc-ing in Anton.
ma...@gmail.com <ma...@gmail.com> #8
FWIW https://bugs.chromium.org/p/llvm/issues/detail?id=36 reported a similar issue on https://llvm.org/.git the reporter mentioned that the source code of the website could be downloaded and searched for vulnerabilities. Not sure whether that will be the case with this one.
it...@gmail.com <it...@gmail.com> #9
The source code for the website is hosted on github, so it's already possible to search for vulnerabilities.
vi...@gmail.com <vi...@gmail.com> #10
Thanks, this was some kind of oversight during Apache => NGINX migration. For the sake of sanity we're reporting 404 for all hidden files.
un...@gmail.com <un...@gmail.com> #11
(CND cache was purged as well)
ch...@gmail.com <ch...@gmail.com> #12
Just to be 100% sure: Anton: you have removed the .svn/.git directories that were reported, so we can mark this ticket as fixed?
re...@gmail.com <re...@gmail.com> #13
# wget https://releases.llvm.org/.svn
--2024-01-18 10:34:56--https://releases.llvm.org/.svn
Resolvingreleases.llvm.org (releases.llvm.org )... 151.101.214.49
Connecting toreleases.llvm.org (releases.llvm.org )|151.101.214.49|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
--2024-01-18 10:34:56--
Resolving
Connecting to
HTTP request sent, awaiting response... 404 Not Found
2024-01-18 10:34:56 ERROR 404: Not Found.
re...@gmail.com <re...@gmail.com> #14
[Empty comment from Monorail migration]
Description
applicable)
Host OS: Linux x86_64 (Ubuntu 11.04)
SDK tools version (available in the "About" section of the 'android' tool
UI): Revistion 12
Eclipse version: N/A
ADT plug-in version: N/A
Platform targeted by your project: any
Version of the platform running in the emulator: any
STEPS TO REPRODUCE:
1. Launch emulator with -scale between 0.50 and 1, e.g. emulator @Gingerbread -scale 0.85
2. Launch emulator with -scale below 0.50, e.g. emulator @Gingerbread -scale 0.49
EXPECTED RESULTS:
1. Observe distorted (8-bit palette?) colors, see android-emulator-sdk12-4. Observe normal colors, e.g. android-emulator-sdk12-scale049.png
scale085.png
2. Observe normal colors, see android-emulator-sdk12-scale049.png
OBSERVED RESULTS:
1. Normal colors, like android-emulator-sdk11-scale085.png