java/code/webapp/WEB-INF/struts-config.xml | 2 ++ java/spacewalk-java.spec | 6 +++++- rel-eng/packages/spacewalk-java | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-)
New commits: commit 876fb64b2967355a7fe2004f8f8f7b9fd9c73c3e Author: Tomas Lestach tlestach@redhat.com Date: Tue Nov 12 16:58:55 2013 +0100
Automatic commit of package [spacewalk-java] release [2.1.72-1].
diff --git a/java/spacewalk-java.spec b/java/spacewalk-java.spec index 5f0ece5..8df11a6 100644 --- a/java/spacewalk-java.spec +++ b/java/spacewalk-java.spec @@ -28,7 +28,7 @@ Name: spacewalk-java Summary: Spacewalk Java site packages Group: Applications/Internet License: GPLv2 -Version: 2.1.71 +Version: 2.1.72 Release: 1%{?dist} URL: https://fedorahosted.org/spacewalk Source0: https://fedorahosted.org/releases/s/p/spacewalk/%%7Bname%7D-%%7Bversion%7D.t... @@ -785,6 +785,10 @@ fi %{jardir}/postgresql-jdbc.jar
%changelog +* Tue Nov 12 2013 Tomas Lestach tlestach@redhat.com 2.1.72-1 +- CVE-2013-4480 - restrict user creation to org_admin only +- CVE-2013-4480 - restrict first user creation with need_first_user acl + * Tue Nov 12 2013 Tomas Lestach tlestach@redhat.com 2.1.71-1 - 1029066 - enhance Package.listOrphans query - TestFactoryWrapperTest: avoid adding TestImpl.hbm.xml twice diff --git a/rel-eng/packages/spacewalk-java b/rel-eng/packages/spacewalk-java index d748668..e6d6e03 100644 --- a/rel-eng/packages/spacewalk-java +++ b/rel-eng/packages/spacewalk-java @@ -1 +1 @@ -2.1.71-1 java/ +2.1.72-1 java/
commit 0204b18962a21f6d678166c043ff54491c5e700c Author: Tomas Lestach tlestach@redhat.com Date: Tue Nov 5 12:11:30 2013 +0100
CVE-2013-4480 - restrict user creation to org_admin only
diff --git a/java/code/webapp/WEB-INF/struts-config.xml b/java/code/webapp/WEB-INF/struts-config.xml index e122665..eb9a7ee 100644 --- a/java/code/webapp/WEB-INF/struts-config.xml +++ b/java/code/webapp/WEB-INF/struts-config.xml @@ -1445,6 +1445,7 @@ type="com.redhat.rhn.frontend.action.user.CreateUserAction" className="com.redhat.rhn.frontend.struts.RhnActionMapping"> <set-property property="postRequired" value="true" /> + <set-property property="acls" value="user_role(org_admin)"/> <forward name="existorgsuccess" path="/users/ActiveList.do" redirect="true"/> <forward name="failure" path="/users/CreateUser.do"/>
commit 60f69966e06599481ddd3337ecd47f33dab786ca Author: Tomas Lestach tlestach@redhat.com Date: Thu Oct 31 12:12:57 2013 +0100
CVE-2013-4480 - restrict first user creation with need_first_user acl
diff --git a/java/code/webapp/WEB-INF/struts-config.xml b/java/code/webapp/WEB-INF/struts-config.xml index babc41a..e122665 100644 --- a/java/code/webapp/WEB-INF/struts-config.xml +++ b/java/code/webapp/WEB-INF/struts-config.xml @@ -1431,6 +1431,7 @@ type="com.redhat.rhn.frontend.action.user.CreateUserAction" className="com.redhat.rhn.frontend.struts.RhnActionMapping"> <set-property property="postRequired" value="true" /> + <set-property property="acls" value="need_first_user()"/> <forward name="success_sat" path="/YourRhn.do" redirect="true"/> <forward name="fail-sat" path="/newlogin/CreateFirstUser.do"/>
spacewalk-commits@lists.fedorahosted.org