Commit 2980b18b authored by Francesco Colista's avatar Francesco Colista

main/patchwork: security fix (CVE-2019-13122)

parent 8cad441d
......@@ -2,7 +2,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=patchwork
pkgver=1.1.3
pkgrel=0
pkgrel=1
pkgdesc="Web-based patch tracking system"
url="https://github.com/getpatchwork/patchwork"
arch="noarch"
......@@ -14,10 +14,15 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/getpatchwork/$pkgname/archiv
0001-support-busybox-readlink.patch
0002-remove-uneeded-bashism-from-tools-and-change-path.patch
nginx-uwsgi-patchwork-conf.ini
nginx-patchwork.conf"
nginx-patchwork.conf
CVE-2019-13122.patch"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 1.1.3-r1:
# - CVE-2019-13122
build() {
cd "$builddir"
return 0
......@@ -79,4 +84,5 @@ sha512sums="e718ce942781c64e672c7ce9df4362277df418ba2adb61d8b512bf11ffd275d675f9
a5d4e24741b66092a39c1ef4fdc76dffa1ddf87a69544ab0c374fb0701b0f7340a62ead86835d9bb412df5713f3ea3c0218e9e2e0cd01d9a1aad9414a3cc75fa 0001-support-busybox-readlink.patch
12d1b184c6cb1d3f2c51adab6b60638e4869e055e677897bb66ee1a52312e77817bec543842324e2cbc2c226f3ab9d11c3782b5ef3a6f5f5712996cadbc6c9c9 0002-remove-uneeded-bashism-from-tools-and-change-path.patch
28911a25e00a254237f7214fb681e5e984a2eae331e610be62967d5e246958e0f8d3f84861d8fd17c1190c1df72a25f28ddb33843b3679a3864beb00cb4b4961 nginx-uwsgi-patchwork-conf.ini
862dd2522236a0b18d2a8d06f1ad91ad0fd0936fa502d95e09556641e67d42e1212821bfd7fb98923e4fe8b8a7369ded8c23831fb496b1e2833d9831c1b23725 nginx-patchwork.conf"
862dd2522236a0b18d2a8d06f1ad91ad0fd0936fa502d95e09556641e67d42e1212821bfd7fb98923e4fe8b8a7369ded8c23831fb496b1e2833d9831c1b23725 nginx-patchwork.conf
9c8d7a6257259ec2467a5398fdfcad637aad61434427ab71588cca31432fdc060ec29ba1d35cd560b83e13ead9794d4a2e9435c75909ea7a86044734ec1aa5a8 CVE-2019-13122.patch"
diff --git a/patchwork/templatetags/patch.py b/patchwork/templatetags/patch.py
index c65bd5e..9a447bc 100644
--- a/patchwork/templatetags/patch.py
+++ b/patchwork/templatetags/patch.py
@@ -21,6 +21,7 @@
from __future__ import absolute_import
from django import template
+from django.utils.html import escape
from django.utils.safestring import mark_safe
from django.template.defaultfilters import stringfilter
@@ -65,4 +66,4 @@ def state_class(state):
@register.filter
@stringfilter
def msgid(value):
- return mark_safe(value.strip('<>'))
+ return escape(value.strip('<>'))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment