rpms/sword/F-7 sword-diatheke.patch,NONE,1.1 sword.spec,1.16,1.17

Deji Akingunola (deji) fedora-extras-commits at redhat.com
Thu Feb 21 08:05:46 UTC 2008 

Author: deji

Update of /cvs/extras/rpms/sword/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4483

Modified Files:
	sword.spec 
Added Files:
	sword-diatheke.patch 
Log Message:
* Thu Feb 21 2008 Deji Akingunola <dakingun at gmail.com> - 1.5.10-2
- Fix command injection bug (Bug #433723) 


sword-diatheke.patch:

--- NEW FILE sword-diatheke.patch ---
--- utilities/diatheke/cgi/diatheke.pl	2005-05-25 07:56:49.000000000 -0400
+++ utilities/diatheke/cgi/diatheke.pl.new	2008-02-20 22:46:57.000000000 -0500
@@ -110,8 +110,7 @@
 	    $range = $mydata;
 	    $range =~ tr/+/ /;
 	    $range =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
-	    $range = "-r \"$range\"";
-            $range = shell_escape($range);
+	    $range = "-r '" . shell_escape($range) . "'";
 	}
 
 	elsif ($varname eq "strongs") {


Index: sword.spec
===================================================================
RCS file: /cvs/extras/rpms/sword/F-7/sword.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- sword.spec	6 Nov 2007 17:04:52 -0000	1.16
+++ sword.spec	21 Feb 2008 08:05:04 -0000	1.17
@@ -1,6 +1,6 @@
 Name:           sword           
 Version:        1.5.10
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Free Bible Software Project
 
 Group:          System Environment/Libraries
@@ -9,6 +9,7 @@
 Source0:        http://www.crosswire.org/ftpmirror/pub/sword/source/v1.5/sword-%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+Patch0:		sword-diatheke.patch
 BuildRequires:  openssl-devel
 BuildRequires:  curl-devel
 BuildRequires:  zlib-devel
@@ -40,6 +41,7 @@
 
 %prep
 %setup -q
+%patch0 -p0 -b .diat
 
 %build
 %configure --disable-static --with-icu --with-lucene
@@ -82,6 +84,9 @@
 
 
 %changelog
+* Thu Feb 21 2008 Deji Akingunola <dakingun at gmail.com> - 1.5.10-2
+- Fix command injection bug (Bug #433723) 
+
 * Tue Nov 06 2007 Deji Akingunola <dakingun at gmail.com> - 1.5.10-1
 - Update to version 1.5.10

More information about the fedora-extras-commits mailing list