[dokuwiki/f15] * fix CVE-2012-2129
topdog
topdog at fedoraproject.org
Tue Apr 24 05:58:23 UTC 2012
commit f52ec438f44f32483b9f5af718b3173ce14faf27
Author: Andrew Colin Kissa <andrew at topdog.za.net>
Date: Tue Apr 24 07:57:53 2012 +0200
* fix CVE-2012-2129
dokuwiki.spec | 8 +++++++-
fix-CVE-2012-2129.patch | 12 ++++++++++++
2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/dokuwiki.spec b/dokuwiki.spec
index 133a163..d9b7dba 100644
--- a/dokuwiki.spec
+++ b/dokuwiki.spec
@@ -1,6 +1,6 @@
Name: dokuwiki
Version: 0
-Release: 0.9.20110525.a%{?dist}
+Release: 0.10.20110525.a%{?dist}
Summary: Standards compliant simple to use wiki
Group: Applications/Internet
License: GPLv2
@@ -8,6 +8,7 @@ URL: http://www.dokuwiki.org/dokuwiki
Source0: http://www.splitbrain.org/_media/projects/%{name}/%{name}-2011-05-25a.tgz
#Fedora specific patches to use fedora packaged libraries
Patch1: dokuwiki-rm-bundled-libs.patch
+Patch2: fix-CVE-2012-2129.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Requires: php-gd
@@ -36,6 +37,7 @@ Configures DokuWiki to run in SELinux enabled environments.
%prep
%setup -q -n %{name}-2011-05-25a
%patch1 -p1
+%patch2 -p1
chmod a-x inc/lang/az/*.{txt,html}
@@ -188,6 +190,10 @@ fi
%doc DOKUWIKI-SELINUX.README
%changelog
+* Tue Apr 24 2012 Andrew Colin Kissa <andrew at topdog.za.net> - 0-0.10.20110525.a
+- Fix CVE-2012-2129
+- Fix Bugzilla bugs #815123
+
* Tue Jun 28 2011 Andrew Colin Kissa <andrew at topdog.za.net> - 0-0.9.20110525.a
- Upgrade to latest upstream
- Fix Bugzilla bugs #717146, #717149, #717148, #715569
diff --git a/fix-CVE-2012-2129.patch b/fix-CVE-2012-2129.patch
new file mode 100644
index 0000000..7836225
--- /dev/null
+++ b/fix-CVE-2012-2129.patch
@@ -0,0 +1,12 @@
+diff -ruN dokuwiki-2011-05-25a.orig/inc/html.php dokuwiki-2011-05-25a/inc/html.php
+--- dokuwiki-2011-05-25a.orig/inc/html.php 2011-06-14 21:58:53.000000000 +0200
++++ dokuwiki-2011-05-25a/inc/html.php 2012-04-24 06:59:27.365004291 +0200
+@@ -1283,7 +1283,7 @@
+ global $TEXT;
+
+ if ($param['target'] !== 'section') {
+- msg('No editor for edit target ' . $param['target'] . ' found.', -1);
++ msg('No editor for edit target ' . hsc($param['target']) . ' found.', -1);
+ }
+
+ $attr = array('tabindex'=>'1');
More information about the scm-commits
mailing list