[dokuwiki/f15] * fix CVE-2012-2129

topdog topdog at fedoraproject.org
Tue Apr 24 05:58:23 UTC 2012 

commit f52ec438f44f32483b9f5af718b3173ce14faf27
Author: Andrew Colin Kissa <andrew at topdog.za.net>
Date:   Tue Apr 24 07:57:53 2012 +0200

    * fix CVE-2012-2129

 dokuwiki.spec           |    8 +++++++-
 fix-CVE-2012-2129.patch |   12 ++++++++++++
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/dokuwiki.spec b/dokuwiki.spec
index 133a163..d9b7dba 100644
--- a/dokuwiki.spec
+++ b/dokuwiki.spec
@@ -1,6 +1,6 @@
 Name:		dokuwiki
 Version:	0
-Release:	0.9.20110525.a%{?dist}
+Release:	0.10.20110525.a%{?dist}
 Summary:	Standards compliant simple to use wiki
 Group:		Applications/Internet
 License:	GPLv2
@@ -8,6 +8,7 @@ URL:		http://www.dokuwiki.org/dokuwiki
 Source0:	http://www.splitbrain.org/_media/projects/%{name}/%{name}-2011-05-25a.tgz
 #Fedora specific patches to use fedora packaged libraries
 Patch1:		dokuwiki-rm-bundled-libs.patch
+Patch2:         fix-CVE-2012-2129.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:	noarch
 Requires:	php-gd
@@ -36,6 +37,7 @@ Configures DokuWiki to run in SELinux enabled environments.
 %prep
 %setup -q -n %{name}-2011-05-25a
 %patch1 -p1 
+%patch2 -p1 
 
 chmod a-x inc/lang/az/*.{txt,html}
 
@@ -188,6 +190,10 @@ fi
 %doc DOKUWIKI-SELINUX.README
 
 %changelog
+* Tue Apr 24 2012 Andrew Colin Kissa <andrew at topdog.za.net> - 0-0.10.20110525.a
+- Fix CVE-2012-2129
+- Fix Bugzilla bugs #815123
+
 * Tue Jun 28 2011 Andrew Colin Kissa <andrew at topdog.za.net> - 0-0.9.20110525.a
 - Upgrade to latest upstream
 - Fix Bugzilla bugs #717146, #717149, #717148, #715569
diff --git a/fix-CVE-2012-2129.patch b/fix-CVE-2012-2129.patch
new file mode 100644
index 0000000..7836225
--- /dev/null
+++ b/fix-CVE-2012-2129.patch
@@ -0,0 +1,12 @@
+diff -ruN dokuwiki-2011-05-25a.orig/inc/html.php dokuwiki-2011-05-25a/inc/html.php
+--- dokuwiki-2011-05-25a.orig/inc/html.php	2011-06-14 21:58:53.000000000 +0200
++++ dokuwiki-2011-05-25a/inc/html.php	2012-04-24 06:59:27.365004291 +0200
+@@ -1283,7 +1283,7 @@
+     global $TEXT;
+ 
+     if ($param['target'] !== 'section') {
+-        msg('No editor for edit target ' . $param['target'] . ' found.', -1);
++        msg('No editor for edit target ' . hsc($param['target']) . ' found.', -1);
+     }
+ 
+     $attr = array('tabindex'=>'1');

More information about the scm-commits mailing list