buildbot: fix CVE-2019-7313
parent
138f2cc707
commit
fe792ef27a
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, lib, openssh, buildbot-worker, buildbot-pkg, pythonPackages, runCommand, makeWrapper }:
|
||||
{ stdenv, lib, fetchpatch, openssh, buildbot-worker, buildbot-pkg, pythonPackages, runCommand, makeWrapper }:
|
||||
|
||||
let
|
||||
withPlugins = plugins: runCommand "wrapped-${package.name}" {
|
||||
|
@ -74,6 +74,15 @@ let
|
|||
# This patch disables the test that tries to read /etc/os-release which
|
||||
# is not accessible in sandboxed builds.
|
||||
./skip_test_linux_distro.patch
|
||||
|
||||
# CVE-2019-7313
|
||||
# https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
|
||||
# https://github.com/buildbot/buildbot/compare/v1.8.0...v1.8.1
|
||||
(fetchpatch {
|
||||
url = "https://github.com/buildbot/buildbot/commit/bdae9fea4e8978b19e12425776b2d083febd91a6.diff";
|
||||
sha256 = "18fbcbqphs8jjmfvjjcbcnv5wj87mj6jv9lmx17lfhpi5hg2axph";
|
||||
stripLen = 1;
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
|
Loading…
Reference in New Issue