[ocsinventory/f15] fix CVE-2011-4024

Tue Oct 25 12:27:14 UTC 2011

commit 705b7c9bce7d7b21a7c3b8548b0fd0032ddb6967
Author: remi <fedora at famillecollet.com>
Date:   Tue Oct 25 14:27:09 2011 +0200

    fix CVE-2011-4024

 .gitignore                  |    1 +
 ocsinventory-shorttag.patch |   12 ------------
 ocsinventory-xss.patch      |   20 ++++++++++++++++++++
 ocsinventory.spec           |   14 ++++++++++++--
 4 files changed, 33 insertions(+), 14 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index 4ca0276..2832fab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
+*spec~
 OCSNG_UNIX_SERVER-1.3.2.tar.gz
 /OCSNG_UNIX_SERVER-1.3.3.tar.gz
diff --git a/ocsinventory-xss.patch b/ocsinventory-xss.patch
new file mode 100644
index 0000000..042509b
--- /dev/null
+++ b/ocsinventory-xss.patch
@@ -0,0 +1,20 @@
+diff -up ocsreports/preferences.php.orig ocsreports/preferences.php
+--- ocsreports/preferences.php.orig	2010-11-23 09:35:19.000000000 +0100
++++ ocsreports/preferences.php	2011-10-22 09:43:24.000000000 +0200
+@@ -748,6 +748,7 @@ function ShowResults($req,$sortable=true
+ 			}*/			
+ 
+ 			foreach($tabChamps as $chmp) {// Affichage de toutes les valeurs r�sultats
++				$item[$chmp] = strip_tags($item[$chmp]);
+                 echo "<td align='center'>";
+                 $isLink = FALSE;
+ 				if($chmp==TAG_LBL)
+@@ -1594,7 +1595,7 @@ function textDecode( $txt ) {
+ 	for( $i=0; $i<UTF8_DEGREE; $i++ ) {
+ 		$txt = utf8_decode( $txt );
+ 	}
+-	return $txt;
++	return strip_tags($txt);
+ }
+ 
+ 
diff --git a/ocsinventory.spec b/ocsinventory.spec
index ad53cd6..de469dd 100644
--- a/ocsinventory.spec
+++ b/ocsinventory.spec
@@ -12,7 +12,7 @@ Name:        ocsinventory
 Summary:     Open Computer and Software Inventory Next Generation
 
 Version:     1.3.3
-Release:     2%{?dist}
+Release:     5%{?dist}
 
 Group:       Applications/Internet
 License:     GPLv2
@@ -24,6 +24,8 @@ Source1:     ocsinventory-reports.conf
 
 # Upstream patch from Bzr
 Patch1:      %{name}-upstream.patch
+# Patch for CVE-2011-4024
+Patch2:      %{name}-xss.patch
 
 
 BuildArch:   noarch
@@ -105,7 +107,10 @@ Group:    Applications/Internet
 Summary:  OCS Inventory NG - Communication server
 # From PHP_Compat : date, mysql, ereg, pcre, zip, hash, xml, gd, zlib 
 Requires: php
-Requires: php-mysql php-zip php-gd php-domxml
+Requires: php-mysql php-gd php-domxml
+%if 0%{?fedora} < 16
+Requires: php-zip
+%endif
 # Required by the original setup script, but not detected automatically :
 Requires: perl(DBD::mysql)
 # Required by ipdiscover-util.pl (nmap and nmblookup)
@@ -130,6 +135,7 @@ navigateur favori.
 %setup -q -n %{tarname}-%{version}
 
 %patch1 -p0
+%patch2 -p0
 
 
 %build
@@ -278,6 +284,10 @@ fi
 
 
 %changelog
+* Tue Oct 25 2011 Remi Collet <Fedora at famillecollet.com> - 1.3.3-5
+- fix XSS vulnerabity (Bug #748072, CVE-2011-4024)
+- Don't require php-zip for F16 and up.
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 
