[ganglia] Update to ganglia-web 3.5.10

terjeros terjeros at fedoraproject.org
Wed Nov 27 18:16:53 UTC 2013 

commit 19a173a720b9574be5092eee2b67ce4b7bc62f38
Author: Terje Røsten <terje.rosten at ntnu.no>
Date:   Wed Nov 27 19:16:42 2013 +0100

    Update to ganglia-web 3.5.10
    
    - Add patch as workaround for CVE-2013-6395 (bz #1034527)

 .gitignore                             |    1 +
 ganglia-web-3.5.10-cve-2013-6395.patch |   13 +++++++++++++
 ganglia.spec                           |   10 ++++++++--
 sources                                |    2 +-
 4 files changed, 23 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 808e8bb..624eaae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ ganglia-3.1.7.tar.gz
 /ganglia-web-3.5.7.tar.gz
 /ganglia-3.6.0.tar.gz
 /ganglia-web-3.5.8.tar.gz
+/ganglia-web-3.5.10.tar.gz
diff --git a/ganglia-web-3.5.10-cve-2013-6395.patch b/ganglia-web-3.5.10-cve-2013-6395.patch
new file mode 100644
index 0000000..19e87ea
--- /dev/null
+++ b/ganglia-web-3.5.10-cve-2013-6395.patch
@@ -0,0 +1,13 @@
+diff --git a/header.php b/header.php
+index 046f476..7d298c7 100755
+--- a/header.php
++++ b/header.php
+@@ -491,7 +491,7 @@ $data->assign("custom_time", $custom_time);
+ /////////////////////////////////////////////////////////////////////////
+ if ( $context == "cluster" ) {
+   if ( isset($user['host_regex']) && $user['host_regex'] != "" )
+-    $set_host_regex_value="value='" . $user['host_regex'] . "'";
++    $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'";
+   else
+     $set_host_regex_value="";
+ 
diff --git a/ganglia.spec b/ganglia.spec
index b38fa17..cb48b2f 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -1,5 +1,5 @@
 %global gangver     3.6.0
-%global webver      3.5.8
+%global webver      3.5.10
 
 %if 0%{?fedora} >= 18
 %global systemd     1
@@ -13,7 +13,7 @@
 
 Name:               ganglia
 Version:            %{gangver}
-Release:            2%{?dist}
+Release:            3%{?dist}
 Summary:            Distributed Monitoring System
 Group:              Applications/Internet
 License:            BSD
@@ -27,6 +27,7 @@ Source5:            ganglia-httpd.conf.d
 Source6:            conf.php
 Patch0:             ganglia-web-3.5.8-xss.patch
 Patch1:             ganglia-web-3.5.7-statedir.patch
+Patch2:             ganglia-web-3.5.10-cve-2013-6395.patch
 Buildroot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 %if 0%{?systemd}
 BuildRequires:      systemd-units
@@ -143,6 +144,7 @@ mv ganglia-web-%{webver} web
 cd web
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure \
@@ -413,6 +415,10 @@ fi
 %dir %attr(0755,apache,apache) %{_localstatedir}/lib/%{name}/dwoo/compiled
 
 %changelog
+* Wed Nov 30 2013 Terje Rosten <terje.rosten at ntnu.no> - 3.6.0-3
+- Update to ganglia-web 3.5.10
+- Add patch as workaround for CVE-2013-6395 (bz #1034527)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.6.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
diff --git a/sources b/sources
index cbf2af2..cfa24f6 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
+2945275f8f2b24dd5fb820f2c309ee26  ganglia-web-3.5.10.tar.gz
 05926bb18c22af508a3718a90b2e9a2c  ganglia-3.6.0.tar.gz
-4e99eb06afceb4fee8040f4a3969aa7d  ganglia-web-3.5.8.tar.gz

More information about the scm-commits mailing list