rpms/zoneminder/F-8 zoneminder-1.22.3-security.patch, NONE, 1.1 zoneminder.spec, 1.5, 1.6
Martin Ebourne (mebourne)
fedora-extras-commits at redhat.com
Tue Apr 29 23:07:15 UTC 2008
Author: mebourne
Update of /cvs/pkgs/rpms/zoneminder/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32359
Modified Files:
zoneminder.spec
Added Files:
zoneminder-1.22.3-security.patch
Log Message:
* Tue Apr 29 2008 Martin Ebourne <martin at zepler.org> - 1.22.3-10
- Patch for CVE-2008-1381
zoneminder-1.22.3-security.patch:
--- NEW FILE zoneminder-1.22.3-security.patch ---
diff -ru ZoneMinder-1.22.3/web/zm_export_funcs.php ZoneMinder-1.22.3-fix/web/zm_export_funcs.php
--- ZoneMinder-1.22.3/web/zm_export_funcs.php 2006-03-27 16:01:33.000000000 -0600
+++ ZoneMinder-1.22.3-fix/web/zm_export_funcs.php 2008-04-28 10:07:32.000000000 -0500
@@ -314,7 +314,7 @@
{
$archive = "temp/".$export_root.".tar.gz";
@unlink( $archive );
- $command = "tar --create --gzip --file=$archive --files-from=$list_file";
+ $command = "tar --create --gzip --file=".escapeshellarg($archive)." --files-from=".escapeshellarg($list_file);
exec( $command, $output, $status );
if ( $status )
{
@@ -329,7 +329,7 @@
$archive = "temp/zm_export.zip";
$archive = "temp/".$export_root.".zip";
@unlink( $archive );
- $command = "cat $list_file | zip -q $archive -@";
+ $command = "cat ".escapeshellarg($list_file)." | zip -q ".escapeshellarg($archive)." -@";
exec( $command, $output, $status );
if ( $status )
{
diff -ru ZoneMinder-1.22.3/web/zm_funcs.php ZoneMinder-1.22.3-fix/web/zm_funcs.php
--- ZoneMinder-1.22.3/web/zm_funcs.php 2006-11-09 04:51:10.000000000 -0600
+++ ZoneMinder-1.22.3-fix/web/zm_funcs.php 2008-04-28 10:16:17.000000000 -0500
@@ -724,20 +724,20 @@
function packageControl( $command )
{
- $string = ZM_PATH_BIN."/zmpkg.pl $command";
+ $string = ZM_PATH_BIN."/zmpkg.pl ".escapeshellarg( $command );
$string .= " 2>/dev/null >&- <&- >/dev/null";
exec( $string );
}
function daemonControl( $command, $daemon=false, $args=false )
{
- $string = ZM_PATH_BIN."/zmdc.pl $command";
+ $string = ZM_PATH_BIN."/zmdc.pl ".escapeshellarg( $command );
if ( $daemon )
{
- $string .= " $daemon";
+ $string .= " ".escapeshellarg( $daemon );
if ( $args )
{
- $string .= " $args";
+ $string .= " ".escapeshellarg( $args );
}
}
$string .= " 2>/dev/null >&- <&- >/dev/null";
@@ -893,9 +893,9 @@
$string = ZM_PATH_BIN."/zmdc.pl check";
if ( $daemon )
{
- $string .= " $daemon";
+ $string .= " ".escapeshellarg( $daemon );
if ( $args )
- $string .= " $args";
+ $string .= " ".escapeshellarg( $args );
}
$result = exec( $string );
return( preg_match( '/running/', $result ) );
@@ -973,7 +973,7 @@
{
if ( ZM_WEB_SCALE_THUMBS )
{
- $command = ZM_PATH_NETPBM."/jpegtopnm -quiet -dct fast $image_path | ".ZM_PATH_NETPBM."/pnmscalefixed -quiet $fraction | ".ZM_PATH_NETPBM."/pnmtojpeg -quiet -dct=fast > $thumb_path";
+ $command = ZM_PATH_NETPBM."/jpegtopnm -quiet -dct fast ".escapeshellarg( $image_path )." | ".ZM_PATH_NETPBM."/pnmscalefixed -quiet ".escapeshellarg( $fraction )." | ".ZM_PATH_NETPBM."/pnmtojpeg -quiet -dct=fast > ".escapeshellarg( $thumb_path );
exec( $command );
}
else
@@ -1040,7 +1040,7 @@
$command = ZM_PATH_BIN."/zmvideo.pl -e ".$event['Id']." -f ".$format." -r ".sprintf( "%.2f", ($rate/RATE_BASE) )." -s ".sprintf( "%.2f", ($scale/SCALE_BASE) );
if ( $overwrite )
$command .= " -o";
- $result = exec( $command, $output, $status );
+ $result = exec( escapeshellcmd( $command ), $output, $status );
return( $status?"":rtrim($result) );
}
@@ -1062,7 +1062,7 @@
function executeFilter( $filter )
{
- $command = ZM_PATH_BIN."/zmfilter.pl --filter ".$filter;
+ $command = ZM_PATH_BIN."/zmfilter.pl --filter ".escapeshellarg( $filter );
$result = exec( $command, $output, $status );
$result = mysql_query( "delete from Filters where Name like '_TempFilter%'" );
if ( !$result )
@@ -1882,13 +1882,7 @@
{
// Can't connect so use script
$command = ZM_PATH_BIN."/zmx10.pl --command $status --key $key";
- //$command .= " 2>/dev/null >&- <&- >/dev/null";
- $result = exec( $string );
- if ( preg_match( '/^'.$key.'\s+(.*)/', $result, $matches ) )
- $status = $matches[1];
- else
- $status = "unknown";
- $x10_response = exec( escapeshellcmd( $x10_command ) );
+ $x10_response = exec( escapeshellcmd( $command ) );
}
if ( preg_match( '/^'.$key.'\s+(.*)/', $x10_response, $matches ) )
$status = $matches[1];
diff -ru ZoneMinder-1.22.3/web/zm_xhtml_view_eventdetails.php ZoneMinder-1.22.3-fix/web/zm_xhtml_view_eventdetails.php
--- ZoneMinder-1.22.3/web/zm_xhtml_view_eventdetails.php 2006-11-09 05:48:56.000000000 -0600
+++ ZoneMinder-1.22.3-fix/web/zm_xhtml_view_eventdetails.php 2008-04-28 10:07:32.000000000 -0500
@@ -75,7 +75,7 @@
$fraction = sprintf( "%.2f", $scale/100 );
if ( file_exists( $image_path ) )
{
- $command = ZM_PATH_NETPBM."/jpegtopnm -dct fast $image_path | ".ZM_PATH_NETPBM."/pnmscalefixed $fraction | ".ZM_PATH_NETPBM."/ppmtojpeg --dct=fast > $thumb_image";
+ $command = ZM_PATH_NETPBM."/jpegtopnm -dct fast ".escapeshellarg($image_path)." | ".ZM_PATH_NETPBM."/pnmscalefixed ".escapeshellarg($fraction)." | ".ZM_PATH_NETPBM."/ppmtojpeg --dct=fast > ".escapeshellarg($thumb_image);
exec( $command );
}
}
diff -ru ZoneMinder-1.22.3/web/zm_xhtml_view_event.php ZoneMinder-1.22.3-fix/web/zm_xhtml_view_event.php
--- ZoneMinder-1.22.3/web/zm_xhtml_view_event.php 2006-11-09 05:48:56.000000000 -0600
+++ ZoneMinder-1.22.3-fix/web/zm_xhtml_view_event.php 2008-04-28 10:07:32.000000000 -0500
@@ -278,10 +278,9 @@
{
$anal_image = preg_replace( "/capture/", "analyse", $capt_image );
if ( file_exists( $anal_image ) )
- $command = ZM_PATH_NETPBM."/jpegtopnm -dct fast $anal_image | ".ZM_PATH_NETPBM."/pnmscalefixed $fraction | ".ZM_PATH_NETPBM."/ppmtojpeg --dct=fast > $thumb_image";
+ $command = ZM_PATH_NETPBM."/jpegtopnm -dct fast ".escapeshellarg($anal_image)." | ".ZM_PATH_NETPBM."/pnmscalefixed ".escapeshellarg($fraction)." | ".ZM_PATH_NETPBM."/ppmtojpeg --dct=fast > ".escapeshellarg($thumb_image);
else
- $command = ZM_PATH_NETPBM."/jpegtopnm -dct fast $capt_image | ".ZM_PATH_NETPBM."/pnmscalefixed $fraction | ".ZM_PATH_NETPBM."/ppmtojpeg --dct=fast > $thumb_image";
- #exec( escapeshellcmd( $command ) );
+ $command = ZM_PATH_NETPBM."/jpegtopnm -dct fast ".escapeshellarg($capt_image)." | ".ZM_PATH_NETPBM."/pnmscalefixed ".escapeshellarg($fraction)." | ".ZM_PATH_NETPBM."/ppmtojpeg --dct=fast > ".escapeshellarg($thumb_image);
exec( $command );
}
}
diff -ru ZoneMinder-1.22.3/web/zm_xhtml_view_video.php ZoneMinder-1.22.3-fix/web/zm_xhtml_view_video.php
--- ZoneMinder-1.22.3/web/zm_xhtml_view_video.php 2006-11-09 05:48:56.000000000 -0600
+++ ZoneMinder-1.22.3-fix/web/zm_xhtml_view_video.php 2008-04-28 10:07:32.000000000 -0500
@@ -102,7 +102,7 @@
$command = ZM_PATH_BIN."/zmvideo.pl -e ".$event['Id']." -f ".$video_format." -r ".sprintf( "%.2f", ($rate/RATE_BASE) )." -S ".$video_size;
if ( $overwrite )
$command .= " -o";
- $generated = exec( $command, $output, $status );
+ $generated = exec( escapeshellcmd( $command ), $output, $status );
}
$video_files = array();
Index: zoneminder.spec
===================================================================
RCS file: /cvs/pkgs/rpms/zoneminder/F-8/zoneminder.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- zoneminder.spec 21 Aug 2007 22:37:05 -0000 1.5
+++ zoneminder.spec 29 Apr 2008 23:06:39 -0000 1.6
@@ -5,7 +5,7 @@
Name: zoneminder
Version: 1.22.3
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: A camera monitoring and analysis tool
Group: System Environment/Daemons
License: GPLv2+
@@ -19,6 +19,7 @@
Source4: README.Fedora
Patch1: zoneminder-1.22.3-dbinstall.patch
Patch10: zoneminder-1.22.3-installfix.patch
+Patch12: zoneminder-1.22.3-security.patch
Conflicts: zm <= 1.22.3
@@ -50,6 +51,7 @@
%setup -q -n ZoneMinder-%{version}
%patch1 -p0 -b .dbinstall
%patch10 -p0 -b .installfix
+%patch12 -p1 -b .security
gunzip -c %{SOURCE1} | tar xf - cambozola-*/dist/cambozola.jar
cp %{SOURCE4} README.Fedora
@@ -165,6 +167,9 @@
%changelog
+* Tue Apr 29 2008 Martin Ebourne <martin at zepler.org> - 1.22.3-10
+- Patch for CVE-2008-1381
+
* Thu Aug 2 2007 Martin Ebourne <martin at zepler.org> - 1.22.3-8
- Fix licence tag
More information about the fedora-extras-commits
mailing list