noodles pushed to ganglia (epel7). "Update to ganglia-web 3.5.10 (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 22 02:15:07 UTC 2015
>From 19a173a720b9574be5092eee2b67ce4b7bc62f38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Terje=20R=C3=B8sten?= <terje.rosten at ntnu.no>
Date: Wed, 27 Nov 2013 19:16:42 +0100
Subject: Update to ganglia-web 3.5.10
- Add patch as workaround for CVE-2013-6395 (bz #1034527)
diff --git a/.gitignore b/.gitignore
index 808e8bb..624eaae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ ganglia-3.1.7.tar.gz
/ganglia-web-3.5.7.tar.gz
/ganglia-3.6.0.tar.gz
/ganglia-web-3.5.8.tar.gz
+/ganglia-web-3.5.10.tar.gz
diff --git a/ganglia-web-3.5.10-cve-2013-6395.patch b/ganglia-web-3.5.10-cve-2013-6395.patch
new file mode 100644
index 0000000..19e87ea
--- /dev/null
+++ b/ganglia-web-3.5.10-cve-2013-6395.patch
@@ -0,0 +1,13 @@
+diff --git a/header.php b/header.php
+index 046f476..7d298c7 100755
+--- a/header.php
++++ b/header.php
+@@ -491,7 +491,7 @@ $data->assign("custom_time", $custom_time);
+ /////////////////////////////////////////////////////////////////////////
+ if ( $context == "cluster" ) {
+ if ( isset($user['host_regex']) && $user['host_regex'] != "" )
+- $set_host_regex_value="value='" . $user['host_regex'] . "'";
++ $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'";
+ else
+ $set_host_regex_value="";
+
diff --git a/ganglia.spec b/ganglia.spec
index b38fa17..cb48b2f 100644
--- a/ganglia.spec
+++ b/ganglia.spec
@@ -1,5 +1,5 @@
%global gangver 3.6.0
-%global webver 3.5.8
+%global webver 3.5.10
%if 0%{?fedora} >= 18
%global systemd 1
@@ -13,7 +13,7 @@
Name: ganglia
Version: %{gangver}
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Distributed Monitoring System
Group: Applications/Internet
License: BSD
@@ -27,6 +27,7 @@ Source5: ganglia-httpd.conf.d
Source6: conf.php
Patch0: ganglia-web-3.5.8-xss.patch
Patch1: ganglia-web-3.5.7-statedir.patch
+Patch2: ganglia-web-3.5.10-cve-2013-6395.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if 0%{?systemd}
BuildRequires: systemd-units
@@ -143,6 +144,7 @@ mv ganglia-web-%{webver} web
cd web
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
%configure \
@@ -413,6 +415,10 @@ fi
%dir %attr(0755,apache,apache) %{_localstatedir}/lib/%{name}/dwoo/compiled
%changelog
+* Wed Nov 30 2013 Terje Rosten <terje.rosten at ntnu.no> - 3.6.0-3
+- Update to ganglia-web 3.5.10
+- Add patch as workaround for CVE-2013-6395 (bz #1034527)
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/sources b/sources
index cbf2af2..cfa24f6 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
+2945275f8f2b24dd5fb820f2c309ee26 ganglia-web-3.5.10.tar.gz
05926bb18c22af508a3718a90b2e9a2c ganglia-3.6.0.tar.gz
-4e99eb06afceb4fee8040f4a3969aa7d ganglia-web-3.5.8.tar.gz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/ganglia.git/commit/?h=epel7&id=19a173a720b9574be5092eee2b67ce4b7bc62f38
More information about the scm-commits
mailing list