Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
It seems that two channels need to be secured. The first is a custom tcp
port which is firewalled anyway. The other part is urls starting with
/cli. Instead of filtering this entry point in jenkins (and thus
breaking bin/abort.sh), we apply the filtering in apache. Thus a local
execute vulnerability remains, but we didn't care about those earlier.
|
|
|
|
Even if Git can fetch the repositories, people are unhappy when they see a 403.
|
|
|
|
|
|
|
|
|
|
This reverts commit b32118218c89ad429ef26fa03ed16d55069728ac.
|
|
|
|
otherwise `pbuilder clean` removes the symlink, and the following builds won't
use the tmpfs, etc..
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/u/l/bin/dsa-check-running-kernel on all Debian hosts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
more stable again
|
|
|
|
|
|
we have problems properly unmounting it (or rather
cleanup…) and I'm unable to debug and fix this properly
atm. thus, to avoid false ftbfs due to out of disk space
problems, we disable it temporarily.
|
|
|
|
|
|
|
|
|