rpms/fedora-ds-admin/F-7 .cvsignore, 1.2, 1.3 fedora-ds-admin-cvs.sh, 1.1, 1.2 fedora-ds-admin.spec, 1.1, 1.2 sources, 1.2, 1.3
Richard Allen Megginson (rmeggins)
fedora-extras-commits at redhat.com
Tue Apr 15 17:20:23 UTC 2008
- Previous message (by thread): rpms/initscripts/devel sources,1.155,1.156
- Next message (by thread): rpms/fedora-ds-admin/F-8 .cvsignore, 1.2, 1.3 fedora-ds-admin-cvs.sh, 1.1, 1.2 fedora-ds-admin.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/extras/rpms/fedora-ds-admin/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15456/F-7
Modified Files:
.cvsignore fedora-ds-admin-cvs.sh fedora-ds-admin.spec sources
Log Message:
Resolves: bugs 437301 and 437320
Description: Directory Server: shell command injection in CGI replication monitor
Directory Server: unrestricted access to CGI scripts
Fix Description: remove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication
Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it "includes" that script (using perl import).
Platforms tested: all supported platforms
Flag Day: no
Doc impact: release notes are available
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-7/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- .cvsignore 10 Jan 2008 17:09:06 -0000 1.2
+++ .cvsignore 15 Apr 2008 17:19:47 -0000 1.3
@@ -1 +1 @@
-fedora-ds-admin-1.1.2.tar.bz2
+fedora-ds-admin-1.1.4.tar.bz2
Index: fedora-ds-admin-cvs.sh
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-7/fedora-ds-admin-cvs.sh,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fedora-ds-admin-cvs.sh 10 Jan 2008 17:09:06 -0000 1.1
+++ fedora-ds-admin-cvs.sh 15 Apr 2008 17:19:47 -0000 1.2
@@ -1,8 +1,8 @@
#!/bin/bash
DATE=`date +%Y%m%d`
-CVSTAG=FedoraDirSrvAdmin113
-VERSION=1.1.2
+CVSTAG=FedoraDirSrvAdmin114
+VERSION=1.1.4
PKGNAME=fedora-ds-admin
export CVSROOT=:pserver:anonymous at cvs.fedoraproject.org:/cvs/dirsec
#SRCNAME=$PKGNAME-$VERSION-$DATE
Index: fedora-ds-admin.spec
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-7/fedora-ds-admin.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fedora-ds-admin.spec 10 Jan 2008 17:09:06 -0000 1.1
+++ fedora-ds-admin.spec 15 Apr 2008 17:19:47 -0000 1.2
@@ -3,7 +3,7 @@
Summary: Fedora Administration Server (admin)
Name: fedora-ds-admin
-Version: 1.1.2
+Version: 1.1.4
Release: 1%{?dist}
License: GPLv2
URL: http://directory.fedoraproject.org/
@@ -102,6 +102,15 @@
%{_libdir}/%{pkgname}
%changelog
+* Tue Apr 15 2008 Rich Megginson <rmeggins at redhat.com> - 1.1.4-1
+- Resolves: Bug 437301
+- Directory Server: shell command injection in CGI replication monitor
+- Fix: rewrite the perl script to ignore all input parameters - replmon.conf
+- file will have to be hard coded to be in the admin-serv directory
+- Resolves: Bug 437320
+- Directory Server: unrestricted access to CGI scripts
+- Fix: remove script alias for /bin/admin/admin/bin/
+
* Wed Jan 9 2008 Rich Megginson <rmeggins at redhat.com> - 1.1.2-1
- Fix issues associated with Fedora pkg review bug 249548
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-7/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sources 10 Jan 2008 17:09:06 -0000 1.2
+++ sources 15 Apr 2008 17:19:47 -0000 1.3
@@ -1 +1 @@
-c4d149eb3d72ee84f0c0f54c7fe0b216 fedora-ds-admin-1.1.2.tar.bz2
+02d3da65fbb4901c7abf6f3c1dad78f9 fedora-ds-admin-1.1.4.tar.bz2
- Previous message (by thread): rpms/initscripts/devel sources,1.155,1.156
- Next message (by thread): rpms/fedora-ds-admin/F-8 .cvsignore, 1.2, 1.3 fedora-ds-admin-cvs.sh, 1.1, 1.2 fedora-ds-admin.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list