rpms/moin/F-11 001_CVE-2008-0781_attach_file_XSS.patch, NONE, 1.1 002_CVE-2008-0781_attach_file_XSS.patch, NONE, 1.1 moin.spec, 1.25, 1.26

Ville-Pekka Vainio vpv at fedoraproject.org
Wed Apr 22 17:53:52 UTC 2009 

Author: vpv

Update of /cvs/pkgs/rpms/moin/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24712

Modified Files:
	moin.spec 
Added Files:
	001_CVE-2008-0781_attach_file_XSS.patch 
	002_CVE-2008-0781_attach_file_XSS.patch 
Log Message:
* Wed Apr 22 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.2-2
- Fix CVE-2008-0781 with two patches from upstream


001_CVE-2008-0781_attach_file_XSS.patch:

--- NEW FILE 001_CVE-2008-0781_attach_file_XSS.patch ---

# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1240073905 -7200
# Node ID 5f51246a4df1ff3a9d2b821cc95cd9e01b6adcc5
# Parent  903831e9eb77383ccc8e388f9f7fd2dc0fca5842
AttachFile XSS fixes: move escaping to error_msg / upload_form

--- a/MoinMoin/action/AttachFile.py	Mon Apr 13 14:09:57 2009 +0200
+++ b/MoinMoin/action/AttachFile.py	Sat Apr 18 18:58:25 2009 +0200
@@ -387,6 +387,7 @@
 
 
 def error_msg(pagename, request, msg):
+    msg = wikiutil.escape(msg)
     request.theme.add_msg(msg, "error")
     Page(request, pagename).send_page()
 
@@ -512,7 +513,7 @@
     if handler:
         msg = handler(pagename, request)
     else:
-        msg = _('Unsupported AttachFile sub-action: %s') % (wikiutil.escape(do[0]), )
+        msg = _('Unsupported AttachFile sub-action: %s') % do[0]
     if msg:
         error_msg(pagename, request, msg)
 
@@ -522,6 +523,8 @@
 
 
 def upload_form(pagename, request, msg=''):
+    if msg:
+        msg = wikiutil.escape(msg)
     _ = request.getText
 
     request.emit_http_headers()
@@ -838,13 +841,13 @@
 
     if package.isPackage():
         if package.installPackage():
-            msg = _("Attachment '%(filename)s' installed.") % {'filename': wikiutil.escape(target)}
+            msg = _("Attachment '%(filename)s' installed.") % {'filename': target}
         else:
-            msg = _("Installation of '%(filename)s' failed.") % {'filename': wikiutil.escape(target)}
+            msg = _("Installation of '%(filename)s' failed.") % {'filename': target}
         if package.msg:
-            msg += "<br><pre>%s</pre>" % wikiutil.escape(package.msg)
+            msg += " " + package.msg
     else:
-        msg = _('The file %s is not a MoinMoin package file.') % wikiutil.escape(target)
+        msg = _('The file %s is not a MoinMoin package file.') % target
 
     upload_form(pagename, request, msg=msg)
 
@@ -948,7 +951,7 @@
         logging.exception("An exception within zip file attachment handling occurred:")
         msg = _("A severe error occurred:") + ' ' + str(err)
 
-    upload_form(pagename, request, msg=wikiutil.escape(msg))
+    upload_form(pagename, request, msg=msg)
 
 
 def send_viewfile(pagename, request):


002_CVE-2008-0781_attach_file_XSS.patch:

--- NEW FILE 002_CVE-2008-0781_attach_file_XSS.patch ---

# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1240074556 -7200
# Node ID 269a1fbc3ed797b5563a3dd6f204660cd3d12f08
# Parent  5f51246a4df1ff3a9d2b821cc95cd9e01b6adcc5
AttachFile move: add more escaping (maybe not XSS exploitable though)

--- a/MoinMoin/action/AttachFile.py	Sat Apr 18 18:58:25 2009 +0200
+++ b/MoinMoin/action/AttachFile.py	Sat Apr 18 19:09:16 2009 +0200
@@ -749,9 +749,9 @@
          'baseurl': request.getScriptname(),
          'do': 'attachment_move',
          'ticket': wikiutil.createTicket(request),
-         'pagename': pagename,
+         'pagename': wikiutil.escape(pagename, 1),
          'pagename_quoted': wikiutil.quoteWikinameURL(pagename),
-         'attachment_name': filename,
+         'attachment_name': wikiutil.escape(filename, 1),
          'move': _('Move'),
          'cancel': _('Cancel'),
          'newname_label': _("New page name"),



Index: moin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/moin/F-11/moin.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- moin.spec	14 Apr 2009 20:37:45 -0000	1.25
+++ moin.spec	22 Apr 2009 17:53:50 -0000	1.26
@@ -3,12 +3,14 @@
 Summary: MoinMoin is a WikiEngine to collaborate on easily editable web pages
 Name: moin
 Version: 1.8.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: Applications/Internet
 URL: http://moinmo.in/
 Source0: http://static.moinmo.in/files/moin-%{version}.tar.gz
 Source1: README-rpm
+Patch0: 001_CVE-2008-0781_attach_file_XSS.patch
+Patch1: 002_CVE-2008-0781_attach_file_XSS.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel
 BuildArch: noarch
@@ -21,6 +23,8 @@
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
 
 
 %build
@@ -51,6 +55,9 @@
 
 
 %changelog
+* Wed Apr 22 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.2-2
+- Fix CVE-2008-0781 with two patches from upstream
+
 * Tue Apr 14 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.2-1
 - Update to 1.8.2
 - Update README-rpm to include mod_wsgi instructions

More information about the fedora-extras-commits mailing list