rpms/viewvc/EL-5 viewvc-1.1.2-validate_regex.patch, NONE, 1.1 viewvc.spec, 1.9, 1.10

bojan bojan at fedoraproject.org
Wed Sep 23 00:49:03 UTC 2009 

Author: bojan

Update of /cvs/pkgs/rpms/viewvc/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11025

Modified Files:
	viewvc.spec 
Added Files:
	viewvc-1.1.2-validate_regex.patch 
Log Message:
Patch upstream issue #427.

viewvc-1.1.2-validate_regex.patch:
 viewvc.py |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- NEW FILE viewvc-1.1.2-validate_regex.patch ---
Index: lib/viewvc.py
===================================================================
--- lib/viewvc.py	(revision 2264)
+++ lib/viewvc.py	(working copy)
@@ -633,13 +633,16 @@
     '400 Bad Request')
 
 def _validate_regex(value):
-  # hmm. there isn't anything that we can do here.
-
   ### we need to watch the flow of these parameters through the system
   ### to ensure they don't hit the page unescaped. otherwise, these
   ### parameters could constitute a CSS attack.
-  pass
 
+  try:
+    re.compile(value)
+    return True
+  except:
+    return None
+
 def _validate_view(value):
   # Return true iff VALUE is one of our allowed views.
   return _views.has_key(value)


Index: viewvc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/viewvc/EL-5/viewvc.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- viewvc.spec	4 Sep 2009 06:38:22 -0000	1.9
+++ viewvc.spec	23 Sep 2009 00:49:01 -0000	1.10
@@ -2,7 +2,7 @@
 
 Name:           viewvc
 Version:        1.1.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Browser interface for CVS and SVN version control repositories
 
 Group:          Development/Tools
@@ -12,6 +12,7 @@ Source0:        http://www.viewvc.org/%{
 Source1:        viewvc.conf
 Source2:        README.httpd
 Source3:        viewvc-lexer-mimetypes.py
+Patch1:         viewvc-1.1.2-validate_regex.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Obsoletes:      %{name}-selinux < 1.0.3-11
@@ -43,6 +44,7 @@ with decent performance when run under A
 
 %prep
 %setup -q
+%patch1 -p0 -b .validate_regex
 
 %build
 
@@ -114,6 +116,9 @@ with decent performance when run under A
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/viewvc.conf
 
 %changelog
+* Wed Sep 23 2009 Bojan Smojver <bojan at rexursive.com> - 1.1.2-2
+- patch upstream issue #427
+
 * Fri Sep  4 2009 Bojan Smojver <bojan at rexursive.com> - 1.1.2-1
 - bump up to 1.1.2

More information about the fedora-extras-commits mailing list