Cherry-pick: Infrastructure Hardening #666
Description
Upstream Cherry-Pick
Source: openclaw/openclaw
Scanned: 2026-03-10 (Batch 5)
Sync cursor: d82c042b0 → 6222d6650
Commits
| Hash | Subject | Tier |
|---|---|---|
7dad7cc2c |
fix(ci): align sync boundary realpath canonicalization | AUTO-PICK |
35e40f113 |
ui: remove Google Fonts import blocked by CSP (style-src 'self' 'unsafe-inline') | AUTO-PICK |
4b37b7b6a |
fix(media): serve JavaScript assets with text/javascript | AUTO-PICK |
b1bbf3fff |
fix: harden temp dir perms for umask 0002 (landed from openclaw#27860 by @stakeswky) | PICK (needs rebrand — tmp-openclaw-dir.ts renamed in fork) |
Adaptation Notes
b1bbf3fff needs rebrand — src/infra/tmp-openclaw-dir.ts was renamed to tmp-remoteclaw-dir.ts in the fork (WI-142). Apply the permission hardening logic to the renamed file. CHANGELOG in b1bbf3fff should be skipped.
Execution
Cherry-pick checklist:
- Commits applied
- b1bbf3f adapted to renamed file
- Post-pick verification passed
- Pick-notes written
- Issue closed