rpms/sahana/EL-5 sahana.patch, NONE, 1.1 import.log, 1.2, 1.3 sahana.spec, 1.2, 1.3
David Nalley
ke4qqq at fedoraproject.org
Thu Oct 22 02:19:52 UTC 2009
- Previous message (by thread): rpms/sahana/F-12 sahana.patch, NONE, 1.1 import.log, 1.2, 1.3 sahana.spec, 1.3, 1.4
- Next message (by thread): rpms/python-fedora/devel .cvsignore, 1.35, 1.36 python-fedora.spec, 1.45, 1.46 sources, 1.36, 1.37
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ke4qqq
Update of /cvs/pkgs/rpms/sahana/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4607/EL-5
Modified Files:
import.log sahana.spec
Added Files:
sahana.patch
Log Message:
* Wed Oct 21 2009 David Nalley <david at gnsa.us> 0.6.2.2-6
- fixed security issue noted in bz 530255
sahana.patch:
index.php | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
--- NEW FILE sahana.patch ---
--- www/index.php 2007-12-10 05:04:15.000000000 -0500
+++ www/index.php 2009-10-21 21:40:00.823878649 -0400
@@ -92,11 +92,31 @@ if (!file_exists($APPROOT.'conf/sysconf.
}
-// === cleans the GET and POST ===
+// === cleans the GET and POST and REQUEST ===
function shn_main_clean_getpost()
{
$purifier = new HTMLPurifier();
+
+ foreach ($_REQUEST as $key=>$val){
+ if(is_array($_REQUEST[$key])==true){
+
+ }else{
+ $val = $purifier->purify($val);
+ $val=escapeHTML($val);
+ $_REQUEST[$key]=$val;
+ }
+ }
+
+ foreach ($_GET as $key=>$val){
+ if(is_array($_GET[$key])==true){
+
+ }else{
+ $val = $purifier->purify($val);
+ $val=escapeHTML($val);
+ $_GET[$key]=$val;
+ }
+ }
foreach ($_POST as $key=>$val){
if(is_array($_POST[$key])==true){
@@ -164,6 +184,9 @@ function shn_main_front_controller()
// check the users access permissions for this action
$module_function = 'shn_'.$stream_.$module.'_'.$action;
+ // fixes the security vulnerability associated with null characters in the $module string
+ $module = str_replace("\0", "", $module);
+
// include the correct module file based on action and module
$module_file = $APPROOT.'mod/'.$module.'/main.inc';
Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/sahana/EL-5/import.log,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- import.log 1 Apr 2009 17:51:17 -0000 1.2
+++ import.log 22 Oct 2009 02:19:52 -0000 1.3
@@ -1,2 +1,3 @@
sahana-0_6_2_2-3_fc10:EL-5:sahana-0.6.2.2-3.fc10.src.rpm:1238605197
sahana-0_6_2_2-4_fc10:EL-5:sahana-0.6.2.2-4.fc10.src.rpm:1238608186
+sahana-0_6_2_2-6_fc11:EL-5:sahana-0.6.2.2-6.fc11.src.rpm:1256178063
Index: sahana.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sahana/EL-5/sahana.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- sahana.spec 1 Apr 2009 17:51:17 -0000 1.2
+++ sahana.spec 22 Oct 2009 02:19:52 -0000 1.3
@@ -3,7 +3,7 @@
Name: sahana
Version: 0.6.2.2
-Release: 4%{?dist}
+Release: 6%{?dist}
Summary: Sahana is a free open source disaster management application
Group: Applications/Publishing
License: LGPLv2+
@@ -11,6 +11,7 @@ URL: http://www.sahana.lk/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
#URL for source is http://code.zikula.org/core/downloads/99
Source1: sahana.conf
+Patch0: sahana.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: dos2unix
@@ -38,7 +39,7 @@ semanage fcontext -a -t httpd_var_run_t
%prep
%setup -qn %{name}
-
+%patch0 -p0
%build
#nothing really for this section but rpmbuild complains if build is empty
@@ -108,6 +109,12 @@ symlinks -crs /usr/share/sahana >/dev/nu
%changelog
+* Wed Oct 21 2009 David Nalley <david at gnsa.us> 0.6.2.2-6
+- fixed security issue noted in bz 530255
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.2.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
* Wed Apr 01 2009 David Nalley <david at gnsa.us> 0.6.2.2-4
- removed -executable predicate from find so it will build on EL-5 and F-9
* Tue Mar 31 2009 David Nalley <david at gnsa.us> 0.6.2.2-3
- Previous message (by thread): rpms/sahana/F-12 sahana.patch, NONE, 1.1 import.log, 1.2, 1.3 sahana.spec, 1.3, 1.4
- Next message (by thread): rpms/python-fedora/devel .cvsignore, 1.35, 1.36 python-fedora.spec, 1.45, 1.46 sources, 1.36, 1.37
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list