Bug 530

Summary: Restrict /packages POST to buildsystem host IP
Product: Websites Reporter: Romain d'Alverny <rdalverny>
Component: OtherAssignee: Atelier Team <atelier-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal    
Version: trunk   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Romain d'Alverny 2011-03-24 17:56:52 CET
The buildsystem posts to the maintainers db every package upload.

This post is protected with a secret key in buildsystem config, but we should as well control from maintdb that the poster IP address matches the one from the buildsystem host. Here, that is valstar.

$ host valstar.mageia.org
valstar.mageia.org has address 212.85.158.147
valstar.mageia.org has IPv6 address 2a02:2178:2:7::3


Reproducible: 

Steps to Reproduce:
Comment 1 Nicolas Vigier 2011-09-26 23:14:29 CEST
Closing as maintdb has been replaced by something else.

Status: NEW => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2011-09-26 23:17:23 CEST

Component: maintdb.mageia.org => Other

Nicolas Vigier 2014-05-08 18:05:26 CEST

CC: boklm => (none)