rpms/viewvc/F-11 viewvc-1.1.2-validate_regex.patch, NONE, 1.1 viewvc.spec, 1.23, 1.24
bojan
bojan at fedoraproject.org
Wed Sep 23 00:42:52 UTC 2009
Author: bojan
Update of /cvs/pkgs/rpms/viewvc/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7419
Modified Files:
viewvc.spec
Added Files:
viewvc-1.1.2-validate_regex.patch
Log Message:
Patch upstream issue #427.
viewvc-1.1.2-validate_regex.patch:
viewvc.py | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- NEW FILE viewvc-1.1.2-validate_regex.patch ---
Index: lib/viewvc.py
===================================================================
--- lib/viewvc.py (revision 2264)
+++ lib/viewvc.py (working copy)
@@ -633,13 +633,16 @@
'400 Bad Request')
def _validate_regex(value):
- # hmm. there isn't anything that we can do here.
-
### we need to watch the flow of these parameters through the system
### to ensure they don't hit the page unescaped. otherwise, these
### parameters could constitute a CSS attack.
- pass
+ try:
+ re.compile(value)
+ return True
+ except:
+ return None
+
def _validate_view(value):
# Return true iff VALUE is one of our allowed views.
return _views.has_key(value)
Index: viewvc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/viewvc/F-11/viewvc.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -p -r1.23 -r1.24
--- viewvc.spec 13 Aug 2009 04:01:47 -0000 1.23
+++ viewvc.spec 23 Sep 2009 00:42:52 -0000 1.24
@@ -2,7 +2,7 @@
Name: viewvc
Version: 1.1.2
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: Browser interface for CVS and SVN version control repositories
Group: Development/Tools
@@ -11,7 +11,8 @@ URL: http://www.viewvc.org/
Source0: http://www.viewvc.org/%{name}-%{version}.tar.gz
Source1: viewvc.conf
Source2: README.httpd
-Source3: viewvc-lexer-mimetypes.py
+Source3: viewvc-lexer-mimetypes.py
+Patch1: viewvc-1.1.2-validate_regex.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: %{name}-selinux < 1.0.3-13
@@ -43,6 +44,7 @@ with decent performance when run under A
%prep
%setup -q
+%patch1 -p0 -b .validate_regex
%build
@@ -118,6 +120,9 @@ with decent performance when run under A
%config(noreplace) %{_sysconfdir}/httpd/conf.d/viewvc.conf
%changelog
+* Wed Sep 23 2009 Bojan Smojver <bojan at rexursive.com> - 1.1.2-5
+- patch upstream issue #427
+
* Thu Aug 13 2009 Bojan Smojver <bojan at rexursive.com> - 1.1.2-4
- try one more time
More information about the fedora-extras-commits
mailing list