[WebCalendar/f16] * Tue Oct 11 2011 Patrick Monnerat <pm at datasphere.ch> 1.2.4-1 - New upstream release. - Patch "cve20
Patrick Monnerat
monnerat at fedoraproject.org
Tue Oct 11 14:29:59 UTC 2011
commit 07e1d76b4797eef3628e6e4f95048954a75165ba
Author: Patrick Monnerat <pm at datasphere.ch>
Date: Tue Oct 11 16:29:41 2011 +0200
* Tue Oct 11 2011 Patrick Monnerat <pm at datasphere.ch> 1.2.4-1
- New upstream release.
- Patch "cve2011_3814" to fix CVE-2011-3814 vulnerability.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3814
https://sourceforge.net/tracker/?func=detail&aid=3414999&group_id=3870&atid=303870
- Patch "canadd" to fix event addition control.
https://sourceforge.net/tracker/?func=detail&aid=3304491&group_id=3870&atid=303870
.gitignore | 1 +
WebCalendar-1.2.0-php53.patch | 572 --------------------
WebCalendar-1.2.3-canadd.patch | 77 +++
WebCalendar-1.2.4-cve2011_3814.patch | 133 +++++
WebCalendar-1.2.4-php53.patch | 158 ++++++
...rcase.patch => WebCalendar-1.2.4-usercase.patch | 64 ++--
WebCalendar.spec | 22 +-
sources | 4 +-
8 files changed, 419 insertions(+), 612 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 6077857..6b03f6f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ WebCalendarUserManual-0.9.43.tar.gz
/WebCalendarUserManual-0.9.43.tar.gz
/WebCalendar-http.conf
/WebCalendar-taglang.php
+/WebCalendar-1.2.4-clean.tar.gz
diff --git a/WebCalendar-1.2.3-canadd.patch b/WebCalendar-1.2.3-canadd.patch
new file mode 100644
index 0000000..e101e22
--- /dev/null
+++ b/WebCalendar-1.2.3-canadd.patch
@@ -0,0 +1,77 @@
+diff -Naur WebCalendar-1.2.3.orig/edit_entry_handler.php WebCalendar-1.2.3.new/edit_entry_handler.php
+--- WebCalendar-1.2.3.orig/edit_entry_handler.php 2011-05-18 18:56:48.202071518 +0200
++++ WebCalendar-1.2.3.new/edit_entry_handler.php 2011-05-18 18:58:25.697834637 +0200
+@@ -290,9 +290,23 @@
+ // Value may be needed later for recreating event.
+ $user = getPostValue ( 'user' );
+ $old_create_by = ( empty ( $user ) ? '' : $user );
+-if ( empty ( $id ) )
++if (empty($id)) {
+ // New event...
+- $can_edit = true;
++ $can_edit = (!empty($readonly) && $readonly != 'Y');
++
++ if (access_is_enabled())
++ $can_edit = access_can_access_function(ACCESS_EVENT_EDIT, $user);
++
++ if ($login == '__public__')
++ $can_edit = access_is_enabled()? $can_edit: $PUBLIC_ACCESS_CAN_ADD == 'Y';
++
++ if (!$is_admin && !$is_assistant && !$is_nonuser_admin) {
++ if ($is_nonuser)
++ $can_edit = false;
++ else if (!empty($user) && $user != $login && $user != '__public__')
++ $can_edit = false;
++ }
++}
+ else {
+ // Event owner or assistant?
+ $res = dbi_execute ( 'SELECT cal_create_by FROM webcal_entry WHERE cal_id = ?',
+diff -Naur WebCalendar-1.2.3.orig/includes/classes/WebCalendar.class WebCalendar-1.2.3.new/includes/classes/WebCalendar.class
+--- WebCalendar-1.2.3.orig/includes/classes/WebCalendar.class 2011-05-18 18:56:48.266070052 +0200
++++ WebCalendar-1.2.3.new/includes/classes/WebCalendar.class 2011-05-18 18:59:11.628780770 +0200
+@@ -142,9 +142,9 @@
+ * @access private
+ */
+ function _initInitSecondPhase () {
+- global $ALLOW_VIEW_OTHER, $can_add, $can_add, $cat_id, $CATEGORIES_ENABLED,
++ global $ALLOW_VIEW_OTHER, $can_add, $cat_id, $CATEGORIES_ENABLED,
+ $CATEGORY_VIEW, $caturl, $date, $DMW, $friendly, $override, $fullname, $GROUPS_ENABLED,
+- $hour, $id, $is_admin, $is_assistant, $is_nonuser, $login, $minute, $month,
++ $hour, $id, $is_admin, $is_assistant, $is_nonuser, $is_nonuser_admin, $login, $minute, $month,
+ $NONUSER_ENABLED, $nonusers, $ovrd, $PUBLIC_ACCESS, $PUBLIC_ACCESS_CAN_ADD,
+ $PUBLIC_ACCESS_FULLNAME, $PUBLIC_ACCESS_OTHERS, $readonly, $u_url, $user,
+ $user_fullname, $USER_SEES_ONLY_HIS_GROUPS, $userlist, $valid_user, $year;
+@@ -203,8 +203,12 @@
+ if ( $PUBLIC_ACCESS_OTHERS != 'Y' )
+ $user = ''; // Security precaution.
+ }
+- if ( $is_nonuser )
+- $can_add = false;
++ if (!$is_admin && !$is_assistant && !$is_nonuser_admin) {
++ if ($is_nonuser)
++ $can_add = false;
++ else if (!empty($user) && $user != $login && $user != '__public__')
++ $can_add = false;
++ }
+
+ if ( $GROUPS_ENABLED == 'Y' && $USER_SEES_ONLY_HIS_GROUPS == 'Y' && ! $is_admin ) {
+ $userlist = get_my_users ();
+diff -Naur WebCalendar-1.2.3.orig/includes/menu/index.php WebCalendar-1.2.3.new/includes/menu/index.php
+--- WebCalendar-1.2.3.orig/includes/menu/index.php 2011-05-18 18:56:48.290069502 +0200
++++ WebCalendar-1.2.3.new/includes/menu/index.php 2011-05-18 18:59:34.756250102 +0200
+@@ -29,8 +29,12 @@
+ if ( $login == '__public__' )
+ $can_add = ( access_is_enabled () ? $can_add : $PUBLIC_ACCESS_CAN_ADD == 'Y' );
+
+-if ( $is_nonuser )
+- $can_add = false;
++if (!$is_admin && !$is_assistant && !$is_nonuser_admin) {
++ if ($is_nonuser)
++ $can_add = false;
++ else if (!empty($user) && $user != $login && $user != '__public__')
++ $can_add = false;
++}
+
+ $export_url = $import_url = $new_entry_url = $new_task_url = '';
+ $search_url = $select_user_url = $unapproved_url = '';
diff --git a/WebCalendar-1.2.4-cve2011_3814.patch b/WebCalendar-1.2.4-cve2011_3814.patch
new file mode 100644
index 0000000..bccc988
--- /dev/null
+++ b/WebCalendar-1.2.4-cve2011_3814.patch
@@ -0,0 +1,133 @@
+diff -Naur WebCalendar-1.2.4.orig/includes/classes/hKit/hcal.profile.php WebCalendar-1.2.4.new/includes/classes/hKit/hcal.profile.php
+--- WebCalendar-1.2.4.orig/includes/classes/hKit/hcal.profile.php 2007-08-06 04:28:33.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/classes/hKit/hcal.profile.php 2011-09-30 18:19:06.397245502 +0200
+@@ -2,6 +2,9 @@
+ // hcal profile for hkit
+ // hacked together by Ray Jones 06/26/2006
+
++ if (!isset($this)) // Prevent CVE-2011-3814.
++ die();
++
+ $this->root_class = 'vevent';
+
+ $this->classes = array (
+@@ -57,4 +60,4 @@
+ $vevent = array_change_key_case($vevent, CASE_UPPER);
+ }
+
+-?>
+\ No newline at end of file
++?>
+diff -Naur WebCalendar-1.2.4.orig/includes/common_admin_pref.php WebCalendar-1.2.4.new/includes/common_admin_pref.php
+--- WebCalendar-1.2.4.orig/includes/common_admin_pref.php 2007-07-28 21:21:57.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/common_admin_pref.php 2011-09-30 18:19:06.417244020 +0200
+@@ -2,6 +2,7 @@
+ /* Consolidating parts of admin.php and pref.php.
+ * $Id: common_admin_pref.php,v 1.4 2007/07/28 19:21:57 bbannon Exp $
+ */
++function_exists('translate') or die('You cannot access this file directly!');
+ // .
+ // Force the CSS cache to clear by incrementing webcalendar_csscache cookie.
+ $webcalendar_csscache = 1;
+@@ -334,4 +335,4 @@
+ load_user_preferences ();
+ }
+
+-?>
+\ No newline at end of file
++?>
+diff -Naur WebCalendar-1.2.4.orig/includes/date_formats.php WebCalendar-1.2.4.new/includes/date_formats.php
+--- WebCalendar-1.2.4.orig/includes/date_formats.php 2007-08-06 04:28:32.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/date_formats.php 2011-09-30 18:19:06.418243948 +0200
+@@ -22,6 +22,7 @@
+ // .
+ // This will force $LANGUAGE to the current value
+ // and eliminate having to double click the 'SAVE' button.
++function_exists('reset_language') or die('You cannot access this file directly!');
+ reset_language ( get_pref_setting ( $login, 'LANGUAGE' ) );
+ define_languages (); // Load the language list.
+ reset ( $languages );
+diff -Naur WebCalendar-1.2.4.orig/includes/help_list.php WebCalendar-1.2.4.new/includes/help_list.php
+--- WebCalendar-1.2.4.orig/includes/help_list.php 2008-02-12 20:08:52.000000000 +0100
++++ WebCalendar-1.2.4.new/includes/help_list.php 2011-09-30 18:19:06.418243948 +0200
+@@ -5,7 +5,7 @@
+ * This should make it easier to add new help screens without having to
+ * touch each file every time.
+ */
+-defined ( '_ISVALID' ) or ( 'You cannot access this file directly!' );
++defined ( '_ISVALID' ) or die( 'You cannot access this file directly!' );
+ // DO NOT DELETE translate ( 'Index' ) translate ( 'Documentation' )
+ $help_list = array ();
+ $help_list['Index'] = 'help_index.php';
+diff -Naur WebCalendar-1.2.4.orig/includes/js/visible.php WebCalendar-1.2.4.new/includes/js/visible.php
+--- WebCalendar-1.2.4.orig/includes/js/visible.php 2008-01-28 21:17:08.000000000 +0100
++++ WebCalendar-1.2.4.new/includes/js/visible.php 2011-09-30 18:19:06.418243948 +0200
+@@ -183,7 +183,12 @@
+ colorCell.style.backgroundColor = "#000000";
+ input.select ();
+ input.focus ();
+- alert ( '<?php etranslate ( 'Invalid Color', true ) ?>');
++ alert ( '<?php
++ $m = 'Invalid Color';
++ if (function_exists('etranslate')) // Prevent CVE-2011-3814.
++ etranslate($m, true);
++ else
++ echo $m; ?>');
+ } else {
+ colorCell.style.backgroundColor = color;
+ }
+diff -Naur WebCalendar-1.2.4.orig/ws/login.php WebCalendar-1.2.4.new/ws/login.php
+--- WebCalendar-1.2.4.orig/ws/login.php 2011-08-07 19:56:16.000000000 +0200
++++ WebCalendar-1.2.4.new/ws/login.php 2011-09-30 18:23:16.913819417 +0200
+@@ -9,15 +9,13 @@
+ // relative to current working directory.
+ define ( '__WC_INCLUDEDIR', '../includes' );
+
+-include __WC_INCLUDEDIR . '/translate.php';
++foreach (array('config', 'dbi4php', 'formvars', 'functions', 'translate') as $i)
++ include_once __WC_INCLUDEDIR . '/' . $i . '.php';
++
+ require_once __WC_INCLUDEDIR . '/classes/WebCalendar.class';
+
+ $WebCalendar = new WebCalendar ( __FILE__ );
+
+-include __WC_INCLUDEDIR . '/config.php';
+-include __WC_INCLUDEDIR . '/dbi4php.php';
+-include __WC_INCLUDEDIR . '/functions.php';
+-
+ $WebCalendar->initializeFirstPhase ();
+
+ include __WC_INCLUDEDIR . '/' .$user_inc;
+diff -Naur WebCalendar-1.2.4.orig/ws/ws.php WebCalendar-1.2.4.new/ws/ws.php
+--- WebCalendar-1.2.4.orig/ws/ws.php 2011-08-07 19:56:16.000000000 +0200
++++ WebCalendar-1.2.4.new/ws/ws.php 2011-09-30 18:26:27.827774230 +0200
+@@ -19,23 +19,17 @@
+ // relative to current working directory.
+ define ( '__WC_INCLUDEDIR', '../includes' );
+
+- include_once __WC_INCLUDEDIR . '/translate.php';
+- require_once __WC_INCLUDEDIR . '/classes/WebCalendar.class';
+- require_once __WC_INCLUDEDIR . '/classes/Event.class';
+- require_once __WC_INCLUDEDIR . '/classes/RptEvent.class';
++ foreach(array('access', 'config', 'dbi4php', 'formvars', 'functions',
++ 'site_extras', 'translate', 'validate') as $i)
++ include_once __WC_INCLUDEDIR . '/' . $i . '.php';
+
+- $WebCalendar = new WebCalendar ( __FILE__ );
+-
+- include_once __WC_INCLUDEDIR . '/config.php';
+- include_once __WC_INCLUDEDIR . '/dbi4php.php';
+- include_once __WC_INCLUDEDIR . '/access.php';
+- include_once __WC_INCLUDEDIR . '/functions.php';
++ foreach(array('WebCalendar', 'Event', 'RptEvent') as $i)
++ include_once __WC_INCLUDEDIR . '/classes/' . $i . '.class';
+
++ $WebCalendar = new WebCalendar ( __FILE__ );
+ $WebCalendar->initializeFirstPhase ();
+
+ include_once __WC_INCLUDEDIR . '/' . $user_inc;
+- include_once __WC_INCLUDEDIR . '/validate.php';
+- include_once __WC_INCLUDEDIR . '/site_extras.php';
+
+ $WebCalendar->initializeSecondPhase ();
+
diff --git a/WebCalendar-1.2.4-php53.patch b/WebCalendar-1.2.4-php53.patch
new file mode 100644
index 0000000..dd06cd0
--- /dev/null
+++ b/WebCalendar-1.2.4-php53.patch
@@ -0,0 +1,158 @@
+diff -Naur WebCalendar-1.2.4.orig/includes/classes/phpmailer/class.phpmailer.php WebCalendar-1.2.4.new/includes/classes/phpmailer/class.phpmailer.php
+--- WebCalendar-1.2.4.orig/includes/classes/phpmailer/class.phpmailer.php 2007-08-06 04:28:33.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/classes/phpmailer/class.phpmailer.php 2011-09-30 16:30:10.006341799 +0200
+@@ -1087,12 +1087,18 @@
+ $this->SetError($this->Lang("file_open") . $path);
+ return "";
+ }
+- $magic_quotes = get_magic_quotes_runtime ();
+- set_magic_quotes_runtime(0);
++
++ if (function_exists('set_magic_quotes_runtime')) {
++ $magic_quotes = @get_magic_quotes_runtime();
++ @set_magic_quotes_runtime(0);
++ }
++
+ $file_buffer = fread($fd, filesize($path));
+ $file_buffer = $this->EncodeString($file_buffer, $encoding);
+ fclose($fd);
+- set_magic_quotes_runtime($magic_quotes);
++
++ if (isset($magic_quotes))
++ @set_magic_quotes_runtime($magic_quotes);
+
+ return $file_buffer;
+ }
+diff -Naur WebCalendar-1.2.4.orig/includes/translate.php WebCalendar-1.2.4.new/includes/translate.php
+--- WebCalendar-1.2.4.orig/includes/translate.php 2011-08-07 19:56:15.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/translate.php 2011-09-30 16:30:10.020340757 +0200
+@@ -67,7 +67,8 @@
+ if ( strlen ( $buffer ) == 0 )
+ continue;
+
+- if ( get_magic_quotes_runtime () && $strip )
++ if (function_exists('get_magic_quotes_runtime') &&
++ @get_magic_quotes_runtime() && $strip)
+ $buffer = stripslashes ( $buffer );
+
+ // Convert quotes to entities.
+diff -Naur WebCalendar-1.2.4.orig/includes/user-app-postnuke.php WebCalendar-1.2.4.new/includes/user-app-postnuke.php
+--- WebCalendar-1.2.4.orig/includes/user-app-postnuke.php 2011-08-07 19:56:15.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/user-app-postnuke.php 2011-09-30 16:30:10.020340758 +0200
+@@ -490,4 +490,4 @@
+ global $error;
+ $error = 'User admin not supported.'; return false;
+ }
+-?>
+\ No newline at end of file
++?>
+diff -Naur WebCalendar-1.2.4.orig/install/index.php WebCalendar-1.2.4.new/install/index.php
+--- WebCalendar-1.2.4.orig/install/index.php 2011-08-09 05:12:43.000000000 +0200
++++ WebCalendar-1.2.4.new/install/index.php 2011-09-30 16:30:10.022340608 +0200
+@@ -109,8 +109,13 @@
+
+ // First pass at settings.php.
+ // We need to read it first in order to get the md5 password.
+-$magic = @get_magic_quotes_runtime ();
+- at set_magic_quotes_runtime (0);
++if (function_exists('set_magic_quotes_runtime')) {
++ $magic = @get_magic_quotes_runtime();
++ @set_magic_quotes_runtime(0);
++ }
++else
++ unset($magic);
++
+ $fd = @fopen ( $file, 'rb', true );
+ $settings = array ();
+ $password = '';
+@@ -132,7 +137,9 @@
+ $forcePassword = true;
+ }
+ }
+- at set_magic_quotes_runtime ($magic);
++
++if (isset($magic))
++ @set_magic_quotes_runtime($magic);
+
+ session_start ();
+ $doLogin = false;
+@@ -251,8 +258,13 @@
+ exit;
+ }
+
+-$magic = @get_magic_quotes_runtime ();
+- at set_magic_quotes_runtime (0);
++if (function_exists('set_magic_quotes_runtime')) {
++ $magic = @get_magic_quotes_runtime();
++ @set_magic_quotes_runtime(0);
++ }
++else
++ unset($magic);
++
+ $fd = @fopen ( $file, 'rb', false );
+ if ( ! empty ( $fd ) ) {
+ while ( ! feof ( $fd ) ) {
+@@ -270,7 +282,9 @@
+ }
+ fclose ( $fd );
+ }
+- at set_magic_quotes_runtime ($magic);
++
++if (isset($magic))
++ @set_magic_quotes_runtime($magic);
+
+ $action = getGetValue ( 'action' );
+ // We were set here because of a mismatch of $PROGRAM_VERSION
+diff -Naur WebCalendar-1.2.4.orig/install/install_functions.php WebCalendar-1.2.4.new/install/install_functions.php
+--- WebCalendar-1.2.4.orig/install/install_functions.php 2007-08-06 04:28:33.000000000 +0200
++++ WebCalendar-1.2.4.new/install/install_functions.php 2011-09-30 16:30:10.022340608 +0200
+@@ -454,8 +454,12 @@
+
+ $current_pointer = false;
+ $full_sql = '';
+- $magic = @get_magic_quotes_runtime ();
+- @set_magic_quotes_runtime ( 0 );
++
++ if (function_exists('set_magic_quotes_runtime')) {
++ $magic = @get_magic_quotes_runtime();
++ @set_magic_quotes_runtime(0);
++ }
++
+ $fd = @fopen ( 'sql/' . $install_filename, 'r', true );
+
+ // Discard everything up to the required point in the upgrade file.
+@@ -483,7 +487,9 @@
+ $full_sql .= $data;
+ }
+
+- @set_magic_quotes_runtime ( $magic );
++ if (isset($magic))
++ @set_magic_quotes_runtime($magic);
++
+ fclose ( $fd );
+ $parsed_sql = parse_sql ( $full_sql );
+
+diff -Naur WebCalendar-1.2.4.orig/register.php WebCalendar-1.2.4.new/register.php
+--- WebCalendar-1.2.4.orig/register.php 2011-08-07 19:56:14.000000000 +0200
++++ WebCalendar-1.2.4.new/register.php 2011-09-30 16:30:10.040339271 +0200
+@@ -28,7 +28,7 @@
+ $WebCalendar->setLanguage ();
+
+ require ( 'includes/classes/WebCalMailer.class' );
+-$mail = &new WebCalMailer;
++$mail = new WebCalMailer;
+
+ $appStr = generate_application_name ();
+
+diff -Naur WebCalendar-1.2.4.orig/usersel.php WebCalendar-1.2.4.new/usersel.php
+--- WebCalendar-1.2.4.orig/usersel.php 2008-10-15 05:05:11.000000000 +0200
++++ WebCalendar-1.2.4.new/usersel.php 2011-09-30 16:30:10.069337116 +0200
+@@ -21,7 +21,7 @@
+ }
+
+ // Parse $users.
+-$exp = split ( ',', $users );
++$exp = explode(',', $users);
+ $groups = $selected = $sql_params = array ();
+ for ( $i = 0, $cnt = count ( $exp ); $i < $cnt; $i++ ) {
+ $selected[$exp[$i]] = 1;
diff --git a/WebCalendar-1.2.3-usercase.patch b/WebCalendar-1.2.4-usercase.patch
similarity index 66%
rename from WebCalendar-1.2.3-usercase.patch
rename to WebCalendar-1.2.4-usercase.patch
index ea888c5..ab694ab 100644
--- a/WebCalendar-1.2.3-usercase.patch
+++ b/WebCalendar-1.2.4-usercase.patch
@@ -1,6 +1,6 @@
-diff -Naur WebCalendar-1.2.3.orig/includes/classes/WebCalendar.class WebCalendar-1.2.3.new/includes/classes/WebCalendar.class
---- WebCalendar-1.2.3.orig/includes/classes/WebCalendar.class 2011-04-15 16:04:54.283579361 +0200
-+++ WebCalendar-1.2.3.new/includes/classes/WebCalendar.class 2011-04-15 16:10:30.358195449 +0200
+diff -Naur WebCalendar-1.2.4.orig/includes/classes/WebCalendar.class WebCalendar-1.2.4.new/includes/classes/WebCalendar.class
+--- WebCalendar-1.2.4.orig/includes/classes/WebCalendar.class 2011-09-30 17:09:31.835185072 +0200
++++ WebCalendar-1.2.4.new/includes/classes/WebCalendar.class 2011-09-30 17:11:16.210456941 +0200
@@ -152,7 +152,7 @@
load_global_settings ();
@@ -20,9 +20,9 @@ diff -Naur WebCalendar-1.2.3.orig/includes/classes/WebCalendar.class WebCalendar
}
/* Initializations from includes/connect.php.
-diff -Naur WebCalendar-1.2.3.orig/includes/config.php WebCalendar-1.2.3.new/includes/config.php
---- WebCalendar-1.2.3.orig/includes/config.php 2010-08-15 20:54:34.000000000 +0200
-+++ WebCalendar-1.2.3.new/includes/config.php 2011-04-15 16:06:24.009200588 +0200
+diff -Naur WebCalendar-1.2.4.orig/includes/config.php WebCalendar-1.2.4.new/includes/config.php
+--- WebCalendar-1.2.4.orig/includes/config.php 2011-08-09 05:27:56.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/config.php 2011-09-30 17:11:16.210456941 +0200
@@ -104,9 +104,10 @@
function do_config ( $fileLoc ) {
@@ -35,8 +35,8 @@ diff -Naur WebCalendar-1.2.3.orig/includes/config.php WebCalendar-1.2.3.new/incl
+ $settings, $single_user, $single_user_login, $TROUBLE_URL, $use_http_auth,
+ $user_inc;
- $PROGRAM_VERSION = 'v1.2.3';
- $PROGRAM_DATE = '14 Aug 2010';
+ $PROGRAM_VERSION = 'v1.2.4';
+ $PROGRAM_DATE = '08 Aug 2011';
@@ -232,6 +233,11 @@
$use_http_auth = ( preg_match ( '/(1|yes|true|on)/i',
$settings['use_http_auth'] ) ? true : false );
@@ -49,10 +49,10 @@ diff -Naur WebCalendar-1.2.3.orig/includes/config.php WebCalendar-1.2.3.new/incl
// Type of user authentication.
$user_inc = $settings['user_inc'];
-diff -Naur WebCalendar-1.2.3.orig/includes/functions.php WebCalendar-1.2.3.new/includes/functions.php
---- WebCalendar-1.2.3.orig/includes/functions.php 2011-04-15 16:04:54.285579173 +0200
-+++ WebCalendar-1.2.3.new/includes/functions.php 2011-04-15 16:22:45.223561231 +0200
-@@ -6135,4 +6135,19 @@
+diff -Naur WebCalendar-1.2.4.orig/includes/functions.php WebCalendar-1.2.4.new/includes/functions.php
+--- WebCalendar-1.2.4.orig/includes/functions.php 2011-09-30 17:09:31.836184998 +0200
++++ WebCalendar-1.2.4.new/includes/functions.php 2011-09-30 17:11:16.212456828 +0200
+@@ -6136,4 +6136,19 @@
return $ret;
}
@@ -72,9 +72,9 @@ diff -Naur WebCalendar-1.2.3.orig/includes/functions.php WebCalendar-1.2.3.new/i
+}
+
?>
-diff -Naur WebCalendar-1.2.3.orig/includes/settings.php.orig WebCalendar-1.2.3.new/includes/settings.php.orig
---- WebCalendar-1.2.3.orig/includes/settings.php.orig 2007-09-28 15:19:45.000000000 +0200
-+++ WebCalendar-1.2.3.new/includes/settings.php.orig 2011-04-15 16:06:24.009200588 +0200
+diff -Naur WebCalendar-1.2.4.orig/includes/settings.php.orig WebCalendar-1.2.4.new/includes/settings.php.orig
+--- WebCalendar-1.2.4.orig/includes/settings.php.orig 2007-09-28 15:19:45.000000000 +0200
++++ WebCalendar-1.2.4.new/includes/settings.php.orig 2011-09-30 17:11:16.212456828 +0200
@@ -71,5 +71,10 @@
# need to modify user-ldap.php to configure some settings.
user_inc: user.php
@@ -86,26 +86,26 @@ diff -Naur WebCalendar-1.2.3.orig/includes/settings.php.orig WebCalendar-1.2.3.n
+
# end */
?>
-diff -Naur WebCalendar-1.2.3.orig/install/index.php WebCalendar-1.2.3.new/install/index.php
---- WebCalendar-1.2.3.orig/install/index.php 2011-04-15 16:04:54.221585149 +0200
-+++ WebCalendar-1.2.3.new/install/index.php 2011-04-15 16:06:24.009200588 +0200
+diff -Naur WebCalendar-1.2.4.orig/install/index.php WebCalendar-1.2.4.new/install/index.php
+--- WebCalendar-1.2.4.orig/install/index.php 2011-09-30 17:09:31.789188478 +0200
++++ WebCalendar-1.2.4.new/install/index.php 2011-09-30 17:11:16.213456768 +0200
@@ -660,6 +660,7 @@
$settings['install_password'] = '';
$settings['single_user_login'] = '';
$settings['use_http_auth'] = 'false';
+ $settings['ignore_user_case'] = 'false';
$settings['single_user'] = 'false';
+ $settings['mode'] = 'prod';
}
- } else {
-@@ -686,6 +687,7 @@
+@@ -688,6 +689,7 @@
$y = getPostValue ( 'app_settings' );
if ( ! empty ( $y ) ) {
$settings['single_user_login'] = getPostValue ( 'form_single_user_login' );
+ $settings['ignore_user_case'] = getPostValue ( 'form_ignore_user_case' );
$settings['readonly'] = getPostValue ( 'form_readonly' );
- $settings['mode'] = getPostValue ( 'form_mode' );
if ( getPostValue ( 'form_user_inc' ) == 'http' ) {
-@@ -836,8 +838,10 @@
+ $settings['use_http_auth'] = 'true';
+@@ -838,8 +840,10 @@
}
if ( form.form_user_inc.options[listid].selected ) {
makeVisible ( "singleuser" );
@@ -116,7 +116,7 @@ diff -Naur WebCalendar-1.2.3.orig/install/index.php WebCalendar-1.2.3.new/instal
}
}
-@@ -1496,6 +1500,16 @@
+@@ -1498,6 +1502,16 @@
<td>
<input name="form_single_user_login" size="20" value="<?php echo ( empty ( $settings['single_user_login'] ) ? '' : $settings['single_user_login'] );?>" /></td>
</tr>
@@ -133,9 +133,9 @@ diff -Naur WebCalendar-1.2.3.orig/install/index.php WebCalendar-1.2.3.new/instal
<tr>
<td class="prompt"><?php etranslate ( 'Read-Only' ) ?>:</td>
<td>
-diff -Naur WebCalendar-1.2.3.orig/tools/send_reminders.php WebCalendar-1.2.3.new/tools/send_reminders.php
---- WebCalendar-1.2.3.orig/tools/send_reminders.php 2011-04-15 16:04:54.224584869 +0200
-+++ WebCalendar-1.2.3.new/tools/send_reminders.php 2011-04-15 16:15:05.960459242 +0200
+diff -Naur WebCalendar-1.2.4.orig/tools/send_reminders.php WebCalendar-1.2.4.new/tools/send_reminders.php
+--- WebCalendar-1.2.4.orig/tools/send_reminders.php 2011-08-07 19:56:16.000000000 +0200
++++ WebCalendar-1.2.4.new/tools/send_reminders.php 2011-09-30 17:11:16.213456768 +0200
@@ -101,7 +101,7 @@
$allusers = user_get_users ();
$allusercnt = count ( $allusers );
@@ -154,9 +154,9 @@ diff -Naur WebCalendar-1.2.3.orig/tools/send_reminders.php WebCalendar-1.2.3.new
$percentage[$row[0]] = $row[1];
}
}
-diff -Naur WebCalendar-1.2.3.orig/translations/English-US.txt WebCalendar-1.2.3.new/translations/English-US.txt
---- WebCalendar-1.2.3.orig/translations/English-US.txt 2011-04-15 16:04:54.190588045 +0200
-+++ WebCalendar-1.2.3.new/translations/English-US.txt 2011-04-15 16:06:24.011200370 +0200
+diff -Naur WebCalendar-1.2.4.orig/translations/English-US.txt WebCalendar-1.2.4.new/translations/English-US.txt
+--- WebCalendar-1.2.4.orig/translations/English-US.txt 2011-09-30 17:09:31.771189810 +0200
++++ WebCalendar-1.2.4.new/translations/English-US.txt 2011-09-30 17:11:16.214456702 +0200
@@ -1844,6 +1844,7 @@
Web Server (detected): Web Server (detected)
Web Server (not detected): Web Server (not detected)
@@ -165,9 +165,9 @@ diff -Naur WebCalendar-1.2.3.orig/translations/English-US.txt WebCalendar-1.2.3.
Read-Only: Read-Only
Environment: Environment
Production: Production
-diff -Naur WebCalendar-1.2.3.orig/translations/French.txt WebCalendar-1.2.3.new/translations/French.txt
---- WebCalendar-1.2.3.orig/translations/French.txt 2011-04-15 16:04:54.200587110 +0200
-+++ WebCalendar-1.2.3.new/translations/French.txt 2011-04-15 16:06:24.011200370 +0200
+diff -Naur WebCalendar-1.2.4.orig/translations/French.txt WebCalendar-1.2.4.new/translations/French.txt
+--- WebCalendar-1.2.4.orig/translations/French.txt 2011-09-30 17:09:31.781189070 +0200
++++ WebCalendar-1.2.4.new/translations/French.txt 2011-09-30 17:11:16.214456702 +0200
@@ -1794,6 +1794,7 @@
Web Server (detected): =
Web Server (not detected): =
diff --git a/WebCalendar.spec b/WebCalendar.spec
index 96c18e8..1acbc77 100644
--- a/WebCalendar.spec
+++ b/WebCalendar.spec
@@ -12,15 +12,15 @@
# tar czf WebCalendar-%{version}-clean.tar.gz WebCalendar-%{version}/
#
# Upstream tarball MD5 sum:
-# c1dc4772e2d0d64d1e08f7dd236ec5f4 WebCalendar-1.2.3.tar.gz
+# 337e784a932b8963911fffb83b9d28f7 WebCalendar-1.2.4.tar.gz
#
# Source tarball WebCalendar-1.2.0-newmenuicons.tar.gz is Fedora-
# specific and thus, has no "upstream".
Name: WebCalendar
Summary: Single/multi-user web-based calendar application
-Version: 1.2.3
-Release: 4%{?dist}
+Version: 1.2.4
+Release: 1%{?dist}
License: GPLv2
Group: Applications/Internet
Source0: WebCalendar-%{version}-clean.tar.gz
@@ -37,13 +37,15 @@ Patch6: WebCalendar-1.2.0-offsetdays.patch
Patch7: WebCalendar-1.2.0-approve.patch
Patch8: WebCalendar-1.2.0-httpauthpub.patch
Patch9: WebCalendar-1.2.0-eventstatus.patch
-Patch10: WebCalendar-1.2.0-php53.patch
+Patch10: WebCalendar-1.2.4-php53.patch
Patch11: WebCalendar-1.2.0-daylightbug.patch
Patch12: WebCalendar-1.2.0-viewothers.patch
Patch13: WebCalendar-1.2.3-nonuser.patch
-Patch14: WebCalendar-1.2.3-usercase.patch
+Patch14: WebCalendar-1.2.4-usercase.patch
Patch15: WebCalendar-1.2.3-authsettings.patch
Patch16: WebCalendar-1.2.3-etp.patch
+Patch17: WebCalendar-1.2.3-canadd.patch
+Patch18: WebCalendar-1.2.4-cve2011_3814.patch
URL: http://www.k5n.us/webcalendar.php
Requires: webserver
Requires: php >= 4.1.0
@@ -113,6 +115,8 @@ rm -rf includes/classes/captcha
%patch14 -p 1
%patch15 -p 1
%patch16 -p 1
+%patch17 -p 1
+%patch18 -p 1
#-------------------------------------------------------------------------------
@@ -258,6 +262,14 @@ rm -rf "${RPM_BUILD_ROOT}"
%changelog
#-------------------------------------------------------------------------------
+* Tue Oct 11 2011 Patrick Monnerat <pm at datasphere.ch> 1.2.4-1
+- New upstream release.
+- Patch "cve2011_3814" to fix CVE-2011-3814 vulnerability.
+ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3814
+ https://sourceforge.net/tracker/?func=detail&aid=3414999&group_id=3870&atid=303870
+- Patch "canadd" to fix event addition control.
+ https://sourceforge.net/tracker/?func=detail&aid=3304491&group_id=3870&atid=303870
+
* Fri Apr 15 2011 Patrick Monnerat <pm at datasphere.ch> 1.2.3-4
- Patch "nonuser" to fix handling of non-user calendars.
https://sourceforge.net/tracker/?func=detail&aid=3287576&group_id=3870&atid=303870
diff --git a/sources b/sources
index 318f279..36d2875 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,3 @@
-24abd68064ecf044bfabff0e4aa4f43a WebCalendar-1.2.3-clean.tar.gz
+3653f846dffaa4f61a3121a1e867b81b WebCalendar-1.2.4-clean.tar.gz
c746b936b582c04f69b6052c8c4be2f8 WebCalendar-1.2.0-newmenuicons.tar.gz
ef48b67a09af50404167c66856cc724d WebCalendarUserManual-0.9.43.tar.gz
-d10cef8fbd0e4a4acae2d393122da07b WebCalendar-http.conf
-9d4d438b872f288a152a28fe63857127 WebCalendar-taglang.php
More information about the scm-commits
mailing list