rpms/viewvc/devel viewvc-1.1.2-validate_regex.patch, NONE, 1.1 viewvc.spec, 1.24, 1.25

bojan bojan at fedoraproject.org
Wed Sep 23 00:38:05 UTC 2009 

Author: bojan

Update of /cvs/pkgs/rpms/viewvc/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4002

Modified Files:
	viewvc.spec 
Added Files:
	viewvc-1.1.2-validate_regex.patch 
Log Message:
Patch upstream issue #427.

viewvc-1.1.2-validate_regex.patch:
 viewvc.py |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- NEW FILE viewvc-1.1.2-validate_regex.patch ---
Index: lib/viewvc.py
===================================================================
--- lib/viewvc.py	(revision 2264)
+++ lib/viewvc.py	(working copy)
@@ -633,13 +633,16 @@
     '400 Bad Request')
 
 def _validate_regex(value):
-  # hmm. there isn't anything that we can do here.
-
   ### we need to watch the flow of these parameters through the system
   ### to ensure they don't hit the page unescaped. otherwise, these
   ### parameters could constitute a CSS attack.
-  pass
 
+  try:
+    re.compile(value)
+    return True
+  except:
+    return None
+
 def _validate_view(value):
   # Return true iff VALUE is one of our allowed views.
   return _views.has_key(value)


Index: viewvc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/viewvc/devel/viewvc.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -p -r1.24 -r1.25
--- viewvc.spec	13 Aug 2009 04:00:56 -0000	1.24
+++ viewvc.spec	23 Sep 2009 00:38:04 -0000	1.25
@@ -2,7 +2,7 @@
 
 Name:           viewvc
 Version:        1.1.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Browser interface for CVS and SVN version control repositories
 
 Group:          Development/Tools
@@ -11,7 +11,8 @@ URL:            http://www.viewvc.org/
 Source0:        http://www.viewvc.org/%{name}-%{version}.tar.gz
 Source1:        viewvc.conf
 Source2:        README.httpd
-Source3:        viewvc-lexer-mimetypes.py 
+Source3:        viewvc-lexer-mimetypes.py
+Patch1:         viewvc-1.1.2-validate_regex.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Obsoletes:      %{name}-selinux < 1.0.3-13
@@ -43,6 +44,7 @@ with decent performance when run under A
 
 %prep
 %setup -q
+%patch1 -p0 -b .validate_regex
 
 %build
 
@@ -118,6 +120,9 @@ with decent performance when run under A
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/viewvc.conf
 
 %changelog
+* Wed Sep 23 2009 Bojan Smojver <bojan at rexursive.com> - 1.1.2-5
+- patch upstream issue #427
+
 * Thu Aug 13 2009 Bojan Smojver <bojan at rexursive.com> - 1.1.2-4
 - try one more time

More information about the fedora-extras-commits mailing list