rpms/moin/EL-5 moin-1.5.8-cookieidfix.patch, NONE, 1.1 moin.spec, 1.16, 1.17
Matthias Saou (thias)
fedora-extras-commits at redhat.com
Sat Feb 9 14:48:59 UTC 2008
Author: thias
Update of /cvs/extras/rpms/moin/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9764/EL-5
Modified Files:
moin.spec
Added Files:
moin-1.5.8-cookieidfix.patch
Log Message:
Security fix for bug #432017.
moin-1.5.8-cookieidfix.patch:
--- NEW FILE moin-1.5.8-cookieidfix.patch ---
# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1200868068 -3600
# Node ID e69a16b6e63020ac615e74b3184d6e89597352e0
# Parent 2f952fa361c7bc6ed127ec0618038272385186cd
Security fix: only accept valid user IDs from the cookie
--- a/MoinMoin/user.py Sun Jan 20 17:36:42 2008 +0100
+++ b/MoinMoin/user.py Sun Jan 20 23:27:48 2008 +0100
@@ -6,7 +6,7 @@
@license: GNU GPL, see COPYING for details.
"""
-import os, time, sha, codecs
+import os, time, sha, codecs, re
try:
import cPickle as pickle
@@ -19,6 +19,7 @@ from MoinMoin import config, caching, wi
from MoinMoin import config, caching, wikiutil
from MoinMoin.util import filesys, timefuncs
+USERID_re = re.compile(r'^\d+\.\d+(\.\d+)?$')
def getUserList(request):
""" Get a list of all (numerical) user IDs.
@@ -27,10 +28,9 @@ def getUserList(request):
@rtype: list
@return: all user IDs
"""
- import re, dircache
- user_re = re.compile(r'^\d+\.\d+(\.\d+)?$')
+ import dircache
files = dircache.listdir(request.cfg.user_dir)
- userlist = [f for f in files if user_re.match(f)]
+ userlist = [f for f in files if USERID_re.match(f)]
return userlist
@@ -210,7 +210,7 @@ class User:
self._cfg = request.cfg
self.valid = 0
self.trusted = 0
- self.id = id
+ self.id = self.id_sanitycheck(id)
self.auth_username = auth_username
self.auth_method = kw.get('auth_method', 'internal')
self.auth_attribs = kw.get('auth_attribs', ())
@@ -298,6 +298,15 @@ class User:
# use it reliably in edit locking
from random import randint
return "%s.%d" % (str(time.time()), randint(0,65535))
+
+ def id_sanitycheck(self, id):
+ """ only return valid user IDs, avoid someone faking his cookie to
+ contain '../../../somefile', breaking out of the data/user/ directory!
+ """
+ if id and USERID_re.match(id):
+ return id
+ else:
+ return None
def create_or_update(self, changed=False):
""" Create or update a user profile
Index: moin.spec
===================================================================
RCS file: /cvs/extras/rpms/moin/EL-5/moin.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- moin.spec 30 May 2007 14:12:17 -0000 1.16
+++ moin.spec 9 Feb 2008 14:48:26 -0000 1.17
@@ -3,8 +3,8 @@
Summary: MoinMoin is a Python clone of WikiWiki
Name: moin
Version: 1.5.8
-Release: 1%{?dist}
-License: GPL
+Release: 3%{?dist}
+License: GPLv2+
Group: Applications/Internet
URL: http://moinmoin.wikiwikiweb.de/
Source0: http://dl.sf.net/moin/moin-%{version}.tar.gz
@@ -12,6 +12,7 @@
Patch0: moin-1.5.2-config.patch
Patch1: moin-1.3.5-xml_newline.patch
Patch10: 10010_CVE-2007-0857.patch
+Patch11: moin-1.5.8-cookieidfix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: python-devel
BuildArch: noarch
@@ -28,6 +29,7 @@
%patch0 -p1 -b .config
%patch1 -p1 -b .xml_newline
%patch10 -p1 -b .CVE-2007-0857
+%patch11 -p1 -b .cookieidfix
%build
@@ -54,6 +56,12 @@
%changelog
+* Fri Feb 8 2008 Matthias Saou <http://freshrpms.net/> 1.5.8-3
+- Include e69a16b6e630 1.5 changeset as cookieidfix (#432017).
+
+* Sun Aug 5 2007 Matthias Saou <http://freshrpms.net/> 1.5.8-2
+- Update License field.
+
* Wed May 16 2007 Matthias Saou <http://freshrpms.net/> 1.5.8-1
- Update to 1.5.8, which includes most previous security fixes.
- Remove the (apparently) no longer needed dos2unix conversion for patch.
More information about the fedora-extras-commits
mailing list