[php-nusoap/f14/master] - moved to version 0.9.5 to follow upstream - patched XSS security vulnerability (thanks to David Hi
David Nalley
ke4qqq at fedoraproject.org
Fri Sep 3 03:10:14 UTC 2010
commit e9dbba8adb5edc859c389cd03a0a3b3ab7714c1d
Author: David Nalley <david at gnsa.us>
Date: Thu Sep 2 23:10:09 2010 -0400
- moved to version 0.9.5 to follow upstream
- patched XSS security vulnerability (thanks to David Hicks <hickseydr at optusnet.com.au> from MantisBT community) BZ# 629585
- improved spec legibility with addition of newlines
- corrected license
- changed versioned php require to php-common
- Initial Packaging
.gitignore | 1 +
nusoap.xss.patch | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
php-nusoap.spec | 9 ++++-
sources | 2 +-
4 files changed, 98 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d25992f..c97cd67 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
nusoap-0.7.3.zip
+/nusoap-0.9.5.zip
diff --git a/nusoap.xss.patch b/nusoap.xss.patch
new file mode 100644
index 0000000..a03bf2e
--- /dev/null
+++ b/nusoap.xss.patch
@@ -0,0 +1,89 @@
+--- lib/class.wsdl.php 2010-04-26 16:38:08.000000000 -0400
++++ lib.new/class.wsdl.php 2010-09-02 22:27:53.963411943 -0400
+@@ -842,9 +842,9 @@
+ <body>
+ <div class=content>
+ <br><br>
+- <div class=title>'.$this->serviceName.'</div>
++ <div class=title>'.htmlentities($this->serviceName).'</div>
+ <div class=nav>
+- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
++ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
+ Click on an operation name to view it's details.</p>
+ <ul>';
+ foreach($this->getOperations() as $op => $data){
+@@ -854,21 +854,21 @@
+ <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
+ foreach($data as $donnie => $marie){ // loop through opdata
+ if($donnie == 'input' || $donnie == 'output'){ // show input/output data
+- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
+ foreach($marie as $captain => $tenille){ // loop through data
+ if($captain == 'parts'){ // loop thru parts
+- $b .= " $captain:<br>";
++ $b .= " ".htmlentities($captain).":<br>";
+ //if(is_array($tenille)){
+ foreach($tenille as $joanie => $chachi){
+- $b .= " $joanie: $chachi<br>";
++ $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
+ }
+ //}
+ } else {
+- $b .= " $captain: $tenille<br>";
++ $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>";
+ }
+ }
+ } else {
+- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
+ }
+ }
+ $b .= '</div>';
+@@ -1935,4 +1935,4 @@
+ }
+ }
+
+-?>
+\ No newline at end of file
++?>
+--- lib/nusoap.php 2010-04-26 16:38:08.000000000 -0400
++++ lib.new/nusoap.php 2010-09-02 22:40:38.277661391 -0400
+@@ -5424,9 +5424,9 @@
+ <body>
+ <div class=content>
+ <br><br>
+- <div class=title>'.$this->serviceName.'</div>
++ <div class=title>'.htmlentities($this->serviceName).'</div>
+ <div class=nav>
+- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
++ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
+ Click on an operation name to view it's details.</p>
+ <ul>';
+ foreach($this->getOperations() as $op => $data){
+@@ -5436,21 +5436,21 @@
+ <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
+ foreach($data as $donnie => $marie){ // loop through opdata
+ if($donnie == 'input' || $donnie == 'output'){ // show input/output data
+- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
+ foreach($marie as $captain => $tenille){ // loop through data
+ if($captain == 'parts'){ // loop thru parts
+- $b .= " $captain:<br>";
++ $b .= " ".htmlentities($captain).":<br>";
+ //if(is_array($tenille)){
+ foreach($tenille as $joanie => $chachi){
+- $b .= " $joanie: $chachi<br>";
++ $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
+ }
+ //}
+ } else {
+- $b .= " $captain: $tenille<br>";
++ $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>";
+ }
+ }
+ } else {
+- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
++ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
+ }
+ }
+ $b .= '</div>';
diff --git a/php-nusoap.spec b/php-nusoap.spec
index 5061e80..0574d55 100644
--- a/php-nusoap.spec
+++ b/php-nusoap.spec
@@ -1,12 +1,13 @@
%global php_libname nusoap
Name: php-nusoap
-Version: 0.7.3
-Release: 2%{?dist}
+Version: 0.9.5
+Release: 1%{?dist}
License: LGPLv2+
Summary: SOAP Toolkit for PHP
Group: Development/Libraries
URL: http://nusoap.sourceforge.net/
Source: http://downloads.sourceforge.net/%{php_libname}/%{php_libname}-%{version}.zip
+Patch0: nusoap.xss.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: php-common
BuildRequires: dos2unix
@@ -19,6 +20,7 @@ create and consume web services based on SOAP 1.1, WSDL 1.1 and HTTP 1.0/1.1.
%prep
%setup -c -q
+%patch0 -p0
dos2unix samples/*
dos2unix lib/changelog
iconv -f iso8859-1 -t utf-8 lib/changelog > lib/changelog.txt && mv -f lib/changelog.txt lib/changelog
@@ -40,6 +42,9 @@ rm -rf %{buildroot}
%{_datadir}/php/%{php_libname}
%changelog
+* Thu Sep 02 2010 David Nalley <david at gnsa.us> 0.9.5-1
+- moved to version 0.9.5 to follow upstream
+- patched XSS security vulnerability (thanks to David Hicks <hickseydr at optusnet.com.au> from MantisBT community) BZ# 629585
* Tue Dec 08 2009 David Nalley <david at gnsa.us> 0.7.3-2
- improved spec legibility with addition of newlines
- corrected license
diff --git a/sources b/sources
index 6bd2b99..6351607 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-19843319571f6b79f9ed56ef3bb59100 nusoap-0.7.3.zip
+39c5ee539904f4576def9b3776752592 nusoap-0.9.5.zip
More information about the scm-commits
mailing list