diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2019-07-04 06:56:39 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2019-07-04 06:56:39 +0000 |
| commit | 2980b18bfd45cb88d294fcdef0b77ca724f61749 (patch) | |
| tree | ef45dced56e405e5266ef27eff7bdf0fd5394c21 /main | |
| parent | 8cad441d0bb3d51026cb0231485848ce9a821e6a (diff) | |
| download | aports-2980b18bfd45cb88d294fcdef0b77ca724f61749.tar.bz2 aports-2980b18bfd45cb88d294fcdef0b77ca724f61749.tar.xz | |
main/patchwork: security fix (CVE-2019-13122)
Diffstat (limited to 'main')
| -rw-r--r-- | main/patchwork/APKBUILD | 12 | ||||
| -rw-r--r-- | main/patchwork/CVE-2019-13122.patch | 18 |
2 files changed, 27 insertions, 3 deletions
diff --git a/main/patchwork/APKBUILD b/main/patchwork/APKBUILD index 3b45b6004d..f9bed1ab60 100644 --- a/main/patchwork/APKBUILD +++ b/main/patchwork/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=patchwork pkgver=1.1.3 -pkgrel=0 +pkgrel=1 pkgdesc="Web-based patch tracking system" url="https://github.com/getpatchwork/patchwork" arch="noarch" @@ -14,10 +14,15 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/getpatchwork/$pkgname/archiv 0001-support-busybox-readlink.patch 0002-remove-uneeded-bashism-from-tools-and-change-path.patch nginx-uwsgi-patchwork-conf.ini - nginx-patchwork.conf" + nginx-patchwork.conf + CVE-2019-13122.patch" builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 1.1.3-r1: +# - CVE-2019-13122 + build() { cd "$builddir" return 0 @@ -79,4 +84,5 @@ sha512sums="e718ce942781c64e672c7ce9df4362277df418ba2adb61d8b512bf11ffd275d675f9 a5d4e24741b66092a39c1ef4fdc76dffa1ddf87a69544ab0c374fb0701b0f7340a62ead86835d9bb412df5713f3ea3c0218e9e2e0cd01d9a1aad9414a3cc75fa 0001-support-busybox-readlink.patch 12d1b184c6cb1d3f2c51adab6b60638e4869e055e677897bb66ee1a52312e77817bec543842324e2cbc2c226f3ab9d11c3782b5ef3a6f5f5712996cadbc6c9c9 0002-remove-uneeded-bashism-from-tools-and-change-path.patch 28911a25e00a254237f7214fb681e5e984a2eae331e610be62967d5e246958e0f8d3f84861d8fd17c1190c1df72a25f28ddb33843b3679a3864beb00cb4b4961 nginx-uwsgi-patchwork-conf.ini -862dd2522236a0b18d2a8d06f1ad91ad0fd0936fa502d95e09556641e67d42e1212821bfd7fb98923e4fe8b8a7369ded8c23831fb496b1e2833d9831c1b23725 nginx-patchwork.conf" +862dd2522236a0b18d2a8d06f1ad91ad0fd0936fa502d95e09556641e67d42e1212821bfd7fb98923e4fe8b8a7369ded8c23831fb496b1e2833d9831c1b23725 nginx-patchwork.conf +9c8d7a6257259ec2467a5398fdfcad637aad61434427ab71588cca31432fdc060ec29ba1d35cd560b83e13ead9794d4a2e9435c75909ea7a86044734ec1aa5a8 CVE-2019-13122.patch" diff --git a/main/patchwork/CVE-2019-13122.patch b/main/patchwork/CVE-2019-13122.patch new file mode 100644 index 0000000000..3210c14cf1 --- /dev/null +++ b/main/patchwork/CVE-2019-13122.patch @@ -0,0 +1,18 @@ +diff --git a/patchwork/templatetags/patch.py b/patchwork/templatetags/patch.py +index c65bd5e..9a447bc 100644 +--- a/patchwork/templatetags/patch.py ++++ b/patchwork/templatetags/patch.py +@@ -21,6 +21,7 @@ + from __future__ import absolute_import + + from django import template ++from django.utils.html import escape + from django.utils.safestring import mark_safe + from django.template.defaultfilters import stringfilter + +@@ -65,4 +66,4 @@ def state_class(state): + @register.filter + @stringfilter + def msgid(value): +- return mark_safe(value.strip('<>')) ++ return escape(value.strip('<>')) |