forked from pool/rabbitmq-server
Compare commits
4 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| c72944e331 | |||
| 08497b7673 | |||
| 529d7d02c2 | |||
| 79c18db752 |
23
fix-CVE-2025-30219.patch
Normal file
23
fix-CVE-2025-30219.patch
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
From b0cdbf3d25c486934d1673044809a6d0bb5e1503 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Klishin <michael@clojurewerkz.org>
|
||||||
|
Date: Fri, 25 Oct 2024 22:14:41 -0400
|
||||||
|
Subject: [PATCH] Use fmt_string in this error message
|
||||||
|
|
||||||
|
(cherry picked from commit 8ad8d3197ec0a233d1427479f9e88879cfda5ea4)
|
||||||
|
---
|
||||||
|
deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs b/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
|
||||||
|
index fdbbe1b8e025..6276f10d8771 100644
|
||||||
|
--- a/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
|
||||||
|
+++ b/deps/rabbitmq_management/priv/www/js/tmpl/overview.ejs
|
||||||
|
@@ -27,7 +27,7 @@
|
||||||
|
if (vhosts[i].cluster_state[vhost_status_node] != 'running') {
|
||||||
|
%>
|
||||||
|
<p class="warning">
|
||||||
|
- Virtual host <b><%= vhosts[i].name %></b> experienced an error on node <b><%= vhost_status_node %></b> and may be inaccessible
|
||||||
|
+ Virtual host <b><%= fmt_string(vhosts[i].name) %></b> experienced an error on node <b><%= fmt_string(vhost_status_node) %></b> and may be inaccessible
|
||||||
|
</p>
|
||||||
|
<% }}} %>
|
||||||
|
</div>
|
||||||
@@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 30 07:31:55 UTC 2025 - Simon Lees <sflees@suse.de>
|
||||||
|
|
||||||
|
- Correctly escape hostname that could lead to xss attack
|
||||||
|
(bsc#1240071, CVE-2025-30219)
|
||||||
|
* fix-CVE-2025-30219.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 24 02:53:26 UTC 2025 - Simon Lees <sflees@suse.de>
|
||||||
|
|
||||||
|
- Force non parallel build, this has been the cause of some
|
||||||
|
intermittent build failures.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Feb 19 16:07:28 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
|
Wed Feb 19 16:07:28 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
|||||||
@@ -54,6 +54,7 @@ Source6: rabbitmq-server.service
|
|||||||
Source7: https://raw.githubusercontent.com/rabbitmq/rabbitmq-packaging/v%{version}/RPMS/Fedora/rabbitmq-server.tmpfiles
|
Source7: https://raw.githubusercontent.com/rabbitmq/rabbitmq-packaging/v%{version}/RPMS/Fedora/rabbitmq-server.tmpfiles
|
||||||
Source8: README.SUSE
|
Source8: README.SUSE
|
||||||
Patch0: rabbitmq-server-allow-elixir-1.18.patch
|
Patch0: rabbitmq-server-allow-elixir-1.18.patch
|
||||||
|
Patch1: fix-CVE-2025-30219.patch
|
||||||
BuildRequires: elixir
|
BuildRequires: elixir
|
||||||
# https://www.rabbitmq.com/which-erlang.html
|
# https://www.rabbitmq.com/which-erlang.html
|
||||||
BuildRequires: erlang >= 25.0
|
BuildRequires: erlang >= 25.0
|
||||||
@@ -141,7 +142,7 @@ cp %{SOURCE8} .
|
|||||||
# Make elixir happy with Unicode
|
# Make elixir happy with Unicode
|
||||||
export LANG=en_US.UTF-8
|
export LANG=en_US.UTF-8
|
||||||
export PYTHON=%{_bindir}/python3
|
export PYTHON=%{_bindir}/python3
|
||||||
make all %{_make_args} %{?_smp_mflags}
|
make all %{_make_args} -j1
|
||||||
|
|
||||||
%install
|
%install
|
||||||
# Make elixir happy with Unicode
|
# Make elixir happy with Unicode
|
||||||
|
|||||||
Reference in New Issue
Block a user