noodles pushed to ganglia (el6). "Update to ganglia-web 3.5.7 (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Tue Apr 21 05:08:46 UTC 2015 

>From e95976b9f63fd3debdf3abb785dd0bee07b15ec5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Terje=20R=C3=B8sten?= <terje.rosten at ntnu.no>
Date: Wed, 20 Feb 2013 19:27:44 +0100
Subject: Update to ganglia-web 3.5.7

- Add extra patch for XSS security

diff --git a/.gitignore b/.gitignore
index 662106c..800af9e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ ganglia-3.1.7.tar.gz
 /ganglia-3.3.7.tar.gz
 /ganglia-3.5.0.tar.gz
 /ganglia-web-3.5.4.tar.gz
+/ganglia-web-3.5.7.tar.gz
diff --git a/ganglia-web-3.5.7-statedir.patch b/ganglia-web-3.5.7-statedir.patch
new file mode 100644
index 0000000..f5ddaba
--- /dev/null
+++ b/ganglia-web-3.5.7-statedir.patch
@@ -0,0 +1,13 @@
+diff --git a/conf_default.php b/conf_default.php
+index 61e28e6..290c91f 100644
+--- a/conf_default.php
++++ b/conf_default.php
+@@ -10,7 +10,7 @@
+ # Gmetad-webfrontend version. Used to check for updates.
+ #
+ $conf['gweb_root'] = dirname(__FILE__);
+-$conf['gweb_confdir'] = "/var/lib/ganglia-web";
++$conf['gweb_confdir'] = "/var/lib/ganglia";
+ 
+ include_once $conf['gweb_root'] . "/version.php";
+ 
diff --git a/ganglia-web-3.5.7-xss.patch b/ganglia-web-3.5.7-xss.patch
new file mode 100644
index 0000000..24d99be
--- /dev/null
+++ b/ganglia-web-3.5.7-xss.patch
@@ -0,0 +1,50 @@
+diff --git a/get_context.php b/get_context.php
+index c7c3baf..9b5956a 100644
+--- a/get_context.php
++++ b/get_context.php
+@@ -91,7 +91,7 @@ if ( isset($_GET['max_graphs']) && is_numeric($_GET['max_graphs'] ) )
+ 
+ /////////////////////////////////////////////////////////////////////////////
+ 
+-$user['selected_tab'] = isset($_GET["tab"]) ? rawurldecode($_GET["tab"]) : 'm';
++$user['selected_tab'] = isset($_GET["tab"]) ? clean_string( rawurldecode($_GET["tab"]) ) : 'm';
+  
+ $user['compare_hosts'] = ($user['selected_tab'] == 'ch') ? 1 : NULL;
+ 
+diff --git a/graph_all_periods.php b/graph_all_periods.php
+index 605e0b5..c18854d 100644
+--- a/graph_all_periods.php
++++ b/graph_all_periods.php
+@@ -120,8 +120,8 @@ if ( ! isset($_GET['embed'] ) ) {
+ ?>
+ <script type="text/javascript">
+   var default_time = 'hour';
+-  var metric = "<?php if (isset($_GET['g'])) echo $_GET['g']; else echo $_GET['m']; ?>";
+-  var base_url = "<?php print 'graph.php?flot=1&amp;' . $_GET['m'] . $query_string ?>" + "&amp;r=" + default_time;
++  var metric = "<?php if (isset($_GET['g'])) echo htmlentities($_GET['g']); else echo htmlentities($_GET['m']); ?>";
++  var base_url = "<?php print 'graph.php?flot=1&amp;' . htmlentities($_GET['m']) . $query_string ?>" + "&amp;r=" + default_time;
+ </script>
+ <script type="text/javascript" src="js/create-flot-graphs.js"></script>
+ <?php
+diff --git a/tasseo.php b/tasseo.php
+index e9494cd..1a9058c 100644
+--- a/tasseo.php
++++ b/tasseo.php
+@@ -51,7 +51,7 @@ if ( ! isset($_REQUEST['view_name']) ) {
+   ?>
+ <html>
+ <head>
+-<title>Live Dashboard for <?php print $user['view_name']; ?></title>
++<title>Live Dashboard for <?php print htmlentities($user['view_name']); ?></title>
+ <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+ <link rel="stylesheet" type="text/css" href="css/tasseo.css" />
+ <script type="text/javascript" src="js/jquery-1.9.1.min.js"></script>
+@@ -60,7 +60,7 @@ if ( ! isset($_REQUEST['view_name']) ) {
+ </head>
+ <body>
+    <div id='title'>
+-      <span><?php print $user['view_name']; ?></span>
++      <span><?php print htmlentities($user['view_name']); ?></span>
+       <div id='toolbar'>
+         <ul class='timepanel'>
+           <li class='timepanel live selected'>
diff --git a/ganglia.spec b/ganglia.spec
index a7c95e4..7768454 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -1,5 +1,5 @@
 %global gangver     3.5.0
-%global webver      3.5.4
+%global webver      3.5.7
 
 %if 0%{?fedora} >= 18
 %global systemd     1
@@ -9,7 +9,7 @@
 
 Name:               ganglia
 Version:            %{gangver}
-Release:            2%{?dist}
+Release:            3%{?dist}
 Summary:            Ganglia Distributed Monitoring System
 Group:              Applications/Internet
 License:            BSD
@@ -21,6 +21,8 @@ Source3:            gmetad.service
 Source4:            ganglia-httpd24.conf.d
 Source5:            ganglia-httpd.conf.d
 Source6:            conf.php
+Patch0:             ganglia-web-3.5.7-xss.patch
+Patch1:             ganglia-web-3.5.7-statedir.patch
 Buildroot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 %if 0%{?systemd}
 BuildRequires:      systemd-units
@@ -34,6 +36,7 @@ BuildRequires:      expat-devel
 BuildRequires:      python-devel
 BuildRequires:      freetype-devel
 BuildRequires:      pcre-devel
+BuildRequires:      /usr/bin/pod2man
 
 
 %description
@@ -128,6 +131,9 @@ programmers can use to build scalable cluster or grid applications
 # web part
 %setup -q -T -D -a 1
 mv ganglia-web-%{webver} web
+cd web
+%patch0 -p1
+%patch1 -p1
 
 %build
 %configure \
@@ -393,6 +399,10 @@ fi
 %dir %attr(0755,apache,apache) %{_localstatedir}/lib/%{name}/dwoo/compiled
 
 %changelog
+* Wed Feb 20 2013 Terje Rosten <terje.rosten at ntnu.no> - 3.5.0-3
+- Update to ganglia-web 3.5.7
+- Add extra patch for XSS security
+
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.5.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
diff --git a/sources b/sources
index 5aa887a..99c64fc 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 51b3a16c5e3f775d9f6f19c4c6cd5610  ganglia-3.5.0.tar.gz
-29c433e3f7be7f76ced56e341770ac5b  ganglia-web-3.5.4.tar.gz
+bdb26d33c7f28dd0179614bd9a844fc2  ganglia-web-3.5.7.tar.gz
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/ganglia.git/commit/?h=el6&id=e95976b9f63fd3debdf3abb785dd0bee07b15ec5

More information about the scm-commits mailing list