rpms/roundcubemail/F-9 roundcubemail-0.2-CVE-2009-0413.patch, NONE, 1.1 roundcubemail.spec, 1.15, 1.16 sources, 1.9, 1.10

Jon Ciesla limb at fedoraproject.org
Wed Feb 4 16:37:16 UTC 2009 

Author: limb

Update of /cvs/pkgs/rpms/roundcubemail/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10470

Modified Files:
	roundcubemail.spec sources 
Added Files:
	roundcubemail-0.2-CVE-2009-0413.patch 
Log Message:
Patch for CVE-2009-0413, BZ 484052


roundcubemail-0.2-CVE-2009-0413.patch:

--- NEW FILE roundcubemail-0.2-CVE-2009-0413.patch ---
--- CHANGELOG~	2009-02-04 09:58:46.000000000 -0600
+++ CHANGELOG	2009-02-04 09:58:46.000000000 -0600
@@ -3,0 +4,4 @@
+2009/01/20 (thomasb)
+----------
+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
+
--- program/lib/washtml.php~	2009-02-04 10:01:02.000000000 -0600
+++ program/lib/washtml.php	2009-02-04 10:01:02.000000000 -0600
@@ -83 +83 @@
-  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir', 'background');  
+  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir');  
@@ -163 +163 @@
-         ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.*/i', $value)))
+         ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.+/i', $value)))
@@ -167 +167 @@
-      else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway
+      else if($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
@@ -171 +171 @@
-        else if(preg_match('/^(http|https|ftp):.*/i', $value)) {
+        else if(preg_match('/^(http|https|ftp):.+/i', $value)) {
@@ -177 +177 @@
-              $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
+              $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';


Index: roundcubemail.spec
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/F-9/roundcubemail.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- roundcubemail.spec	17 Dec 2008 21:02:49 -0000	1.15
+++ roundcubemail.spec	4 Feb 2009 16:36:46 -0000	1.16
@@ -1,21 +1,22 @@
 %define roundcubedir %{_datadir}/roundcubemail
 Name: roundcubemail
 Version:  0.2
-Release:  5.beta%{?dist}
+Release:  7.stable%{?dist}
 Summary: Round Cube Webmail is a browser-based multilingual IMAP client
 
 Group: Applications/System         
 License: GPLv2
 URL: http://www.roundcube.net
-Source0: roundcubemail-%{version}-beta-dep.tar.gz
+Source0: roundcubemail-%{version}-stable-dep.tar.gz
 Source1: roundcubemail.conf
 Source2: roundcubemail.logrotate
 Source4: roundcubemail-README.fedora
 Patch0: roundcubemail-0.2-beta-confpath.patch
 # From upstream, not in a release yet, BZ 476223.
-Patch1: roundcubemail-0.2-beta-html2text.patch
+#Patch1: roundcubemail-0.2-beta-html2text.patch
 # From upstream, not in a release yet, BZ 476830.
-Patch2: roundcubemail-0.2-beta-CVE-2008-5620.patch
+#Patch2: roundcubemail-0.2-beta-CVE-2008-5620.patch
+Patch3: roundcubemail-0.2-CVE-2009-0413.patch
 
 BuildArch: noarch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n)
@@ -43,11 +44,12 @@
 interface is fully skinnable using XHTML and CSS 2.
 
 %prep
-%setup -q -n roundcubemail-0.2-beta-dep
+%setup -q -n roundcubemail-0.2-stable-dep
 
 %patch0 -p0
-%patch1 -p0
-%patch2 -p0
+#%patch1 -p0
+#%patch2 -p0
+%patch3 -p0
 
 # fix permissions and remove any .htaccess files
 find . -type f -print | xargs chmod a-x
@@ -135,6 +137,13 @@
 %config(noreplace) %{_sysconfdir}/logrotate.d/roundcubemail
 
 %changelog
+* Wed Feb 04 2009 Jon Ciesla <limb at jcomserv.net> = 0.2-7.stable
+- Patch for CVE-2009-0413, BZ 484052.
+
+* Mon Jan 05 2009 Jon Ciesla <limb at jcomserv.net> = 0.2-6.stable
+- New upstream.
+- Dropped two most recent patches, applied upstream.
+
 * Wed Dec 17 2008 Jon Ciesla <limb at jcomserv.net> = 0.2-5.beta
 - Security fix, BZ 476830.
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/F-9/sources,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- sources	12 Dec 2008 16:34:17 -0000	1.9
+++ sources	4 Feb 2009 16:36:46 -0000	1.10
@@ -1 +1 @@
-496f5c5645c9bc77c733622182d2fabe  roundcubemail-0.2-beta-dep.tar.gz
+dac7776b063bf2314f7d7730af2b1b0f  roundcubemail-0.2-stable-dep.tar.gz

More information about the fedora-extras-commits mailing list