rpms/roundcubemail/devel roundcubemail-0.2-beta-CVE-2008-5620.patch, NONE, 1.1 roundcubemail.spec, 1.16, 1.17

Jon Ciesla limb at fedoraproject.org
Wed Dec 17 17:37:42 UTC 2008


Author: limb

Update of /cvs/pkgs/rpms/roundcubemail/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19393

Modified Files:
	roundcubemail.spec 
Added Files:
	roundcubemail-0.2-beta-CVE-2008-5620.patch 
Log Message:
CVE-2008-5620.


roundcubemail-0.2-beta-CVE-2008-5620.patch:

--- NEW FILE roundcubemail-0.2-beta-CVE-2008-5620.patch ---
--- /home/limb/rpmbuild/BUILD/roundcubemail-0.2-beta-dep/bin/html2text.php	2008-09-12 06:22:43.000000000 -0500
+++ html2text.php	2008-12-16 11:21:24.000000000 -0600
@@ -1,0 +2 @@
+/*
@@ -3 +4,19 @@
-define('INSTALL_PATH', realpath('./../') . '/');
+ +-----------------------------------------------------------------------+
+ | bin/html2text.php                                                     |
+ |                                                                       |
+ | This file is part of the RoundCube Webmail client                     |
+ | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
+ | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   Convert HTML message to plain text                                  |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube at gmail.com>                        |
+ +-----------------------------------------------------------------------+
+
+ $Id: html2text.php 2070 2008-11-20 10:29:34Z alec $
+
+*/
+
+define('INSTALL_PATH', realpath(dirname(__FILE__) . '/..') . '/');
@@ -6 +25 @@
-$converter = new html2text(html_entity_decode($HTTP_RAW_POST_DATA, ENT_COMPAT, 'UTF-8'));
+$converter = new html2text($HTTP_RAW_POST_DATA);
--- /home/limb/rpmbuild/BUILD/roundcubemail-0.2-beta-dep/bin/quotaimg.php	2008-09-12 11:48:23.000000000 -0500
+++ quotaimg.php	2008-12-16 11:21:30.000000000 -0600
@@ -4 +4 @@
- | program/bin/quotaimg.php                                              |
+ | bin/quotaimg.php                                                      |
@@ -7 +7 @@
- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
+ | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
@@ -17 +17 @@
- $Id: $
+ $Id$
@@ -21,4 +21,4 @@
-$used   = ((isset($_GET['u']) && !empty($_GET['u'])) || $_GET['u']=='0')?(int)$_GET['u']:'??';
-$quota  = ((isset($_GET['q']) && !empty($_GET['q'])) || $_GET['q']=='0')?(int)$_GET['q']:'??';
-$width  = empty($_GET['w']) ? 100 : (int)$_GET['w'];
-$height = empty($_GET['h']) ? 14 : (int)$_GET['h'];
+$used   = isset($_GET['u']) ? intval($_GET['u']) : '??';
+$quota  = isset($_GET['q']) ? intval($_GET['q']) : '??';
+$width  = empty($_GET['w']) ? 100 : min(300, intval($_GET['w']));
+$height = empty($_GET['h']) ? 14  : min(50,  intval($_GET['h']));
@@ -99 +99 @@
-    }
+	}
@@ -101,2 +101 @@
-	if (strpos($used, '?') !== false || strpos($total, '?') !== false
-        && $used != 0) {
+	if (strpos($used, '?') !== false || strpos($total, '?') !== false && $used != 0) {
@@ -104 +103 @@
-    }
+	}
@@ -156 +155 @@
-		    // if($quota >= $limit['low'])
+			// if($quota >= $limit['low'])
@@ -166 +165 @@
-        // Print percent in black
+		// Print percent in black
@@ -171,5 +170,5 @@
-    
-    // @todo is harcoding GMT necessary?
-	header('Expires: ' . gmdate('D, d M Y H:i:s', mktime()+86400) . ' GMT');
-	header('Cache-Control: ');
-	header('Pragma: ');
+
+	// cache for 1 hour
+	$maxage = 3600;
+	header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$maxage). ' GMT');
+	header('Cache-Control: max-age=' . $maxage);
@@ -181 +180,7 @@
-genQuota($used, $quota, $width, $height);
+if ($width > 1 && $height > 1) {
+	genQuota($used, $quota, $width, $height);  
+}
+else {
+	header("HTTP/1.0 404 Not Found");
+}
+
@@ -183 +188 @@
-?>
\ No newline at end of file
+?>


Index: roundcubemail.spec
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/devel/roundcubemail.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- roundcubemail.spec	12 Dec 2008 16:30:28 -0000	1.16
+++ roundcubemail.spec	17 Dec 2008 17:37:12 -0000	1.17
@@ -1,7 +1,7 @@
 %define roundcubedir %{_datadir}/roundcubemail
 Name: roundcubemail
 Version:  0.2
-Release:  4.beta%{?dist}
+Release:  5.beta%{?dist}
 Summary: Round Cube Webmail is a browser-based multilingual IMAP client
 
 Group: Applications/System         
@@ -14,6 +14,8 @@
 Patch0: roundcubemail-0.2-beta-confpath.patch
 # From upstream, not in a release yet, BZ 476223.
 Patch1: roundcubemail-0.2-beta-html2text.patch
+# From upstream, not in a release yet, BZ 476830.
+Patch2: roundcubemail-0.2-beta-CVE-2008-5620.patch
 
 BuildArch: noarch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n)
@@ -45,6 +47,7 @@
 
 %patch0 -p0
 %patch1 -p0
+%patch2 -p0
 
 # fix permissions and remove any .htaccess files
 find . -type f -print | xargs chmod a-x
@@ -132,6 +135,9 @@
 %config(noreplace) %{_sysconfdir}/logrotate.d/roundcubemail
 
 %changelog
+* Wed Dec 17 2008 Jon Ciesla <limb at jcomserv.net> = 0.2-5.beta
+- Security fix, BZ 476830.
+
 * Fri Dec 12 2008 Jon Ciesla <limb at jcomserv.net> = 0.2-4.beta
 - Security fix, BZ 476223.
 




More information about the fedora-extras-commits mailing list