Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
thanks DSA
|
|
future
|
|
|
|
|
|
|
|
|
|
|
|
|
|
year/month/day variation on all amd64 builds now
|
|
|
|
creating the chroot, should allow to ignore the expired Release file
|
|
|
|
|
|
|
|
This reverts commit 567afbb4cc8cf8e002d0a7de9af61bc3a298751c.
|
|
|
|
|
|
|
|
|
|
|
|
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
It seems that two channels need to be secured. The first is a custom tcp
port which is firewalled anyway. The other part is urls starting with
/cli. Instead of filtering this entry point in jenkins (and thus
breaking bin/abort.sh), we apply the filtering in apache. Thus a local
execute vulnerability remains, but we didn't care about those earlier.
|
|
|
|
Even if Git can fetch the repositories, people are unhappy when they see a 403.
|
|
|
|
|
|
|
|
|
|
This reverts commit b32118218c89ad429ef26fa03ed16d55069728ac.
|
|
|
|
otherwise `pbuilder clean` removes the symlink, and the following builds won't
use the tmpfs, etc..
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/u/l/bin/dsa-check-running-kernel on all Debian hosts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|