rpms/fedora-ds-admin/F-8 .cvsignore, 1.2, 1.3 fedora-ds-admin-cvs.sh, 1.1, 1.2 fedora-ds-admin.spec, 1.1, 1.2 sources, 1.2, 1.3

Richard Allen Megginson (rmeggins) fedora-extras-commits at redhat.com
Tue Apr 15 17:20:29 UTC 2008 

Author: rmeggins

Update of /cvs/extras/rpms/fedora-ds-admin/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15456/F-8

Modified Files:
	.cvsignore fedora-ds-admin-cvs.sh fedora-ds-admin.spec sources 
Log Message:
Resolves: bugs 437301 and 437320
Description: Directory Server: shell command injection in CGI replication monitor
Directory Server: unrestricted access to CGI scripts
Fix Description: remove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication
Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it "includes" that script (using perl import).
Platforms tested: all supported platforms
Flag Day: no
Doc impact: release notes are available



Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-8/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- .cvsignore	10 Jan 2008 17:09:18 -0000	1.2
+++ .cvsignore	15 Apr 2008 17:19:54 -0000	1.3
@@ -1 +1 @@
-fedora-ds-admin-1.1.2.tar.bz2
+fedora-ds-admin-1.1.4.tar.bz2


Index: fedora-ds-admin-cvs.sh
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-8/fedora-ds-admin-cvs.sh,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fedora-ds-admin-cvs.sh	10 Jan 2008 17:09:18 -0000	1.1
+++ fedora-ds-admin-cvs.sh	15 Apr 2008 17:19:54 -0000	1.2
@@ -1,8 +1,8 @@
 #!/bin/bash
 
 DATE=`date +%Y%m%d`
-CVSTAG=FedoraDirSrvAdmin113
-VERSION=1.1.2
+CVSTAG=FedoraDirSrvAdmin114
+VERSION=1.1.4
 PKGNAME=fedora-ds-admin
 export CVSROOT=:pserver:anonymous at cvs.fedoraproject.org:/cvs/dirsec
 #SRCNAME=$PKGNAME-$VERSION-$DATE


Index: fedora-ds-admin.spec
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-8/fedora-ds-admin.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fedora-ds-admin.spec	10 Jan 2008 17:09:18 -0000	1.1
+++ fedora-ds-admin.spec	15 Apr 2008 17:19:54 -0000	1.2
@@ -3,7 +3,7 @@
 
 Summary:          Fedora Administration Server (admin)
 Name:             fedora-ds-admin
-Version:          1.1.2
+Version:          1.1.4
 Release:          1%{?dist}
 License:          GPLv2
 URL:              http://directory.fedoraproject.org/
@@ -102,6 +102,15 @@
 %{_libdir}/%{pkgname}
 
 %changelog
+* Tue Apr 15 2008 Rich Megginson <rmeggins at redhat.com> - 1.1.4-1
+- Resolves: Bug 437301
+- Directory Server: shell command injection in CGI replication monitor
+- Fix: rewrite the perl script to ignore all input parameters - replmon.conf
+- file will have to be hard coded to be in the admin-serv directory
+- Resolves: Bug 437320
+- Directory Server: unrestricted access to CGI scripts
+- Fix: remove script alias for /bin/admin/admin/bin/
+
 * Wed Jan  9 2008 Rich Megginson <rmeggins at redhat.com> - 1.1.2-1
 - Fix issues associated with Fedora pkg review bug 249548
 


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/fedora-ds-admin/F-8/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sources	10 Jan 2008 17:09:18 -0000	1.2
+++ sources	15 Apr 2008 17:19:54 -0000	1.3
@@ -1 +1 @@
-c4d149eb3d72ee84f0c0f54c7fe0b216  fedora-ds-admin-1.1.2.tar.bz2
+02d3da65fbb4901c7abf6f3c1dad78f9  fedora-ds-admin-1.1.4.tar.bz2

More information about the fedora-extras-commits mailing list