[Pkg-drupal-commits] r2093 - in /branches/lenny-security/debian: changelog patches/00list patches/17_SA-CORE-2009-008.dpatch
luigi at users.alioth.debian.org
luigi at users.alioth.debian.org
Fri Nov 6 01:32:45 UTC 2009
Author: luigi
Date: Fri Nov 6 01:32:45 2009
New Revision: 2093
URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=2093
Log:
Fix XSS, OpenID impersonation and Session Fixation issues (Closes: #547140) (Ref: SA-CORE-2009-008, CVE-TBD)
Added:
branches/lenny-security/debian/patches/17_SA-CORE-2009-008.dpatch (with props)
Modified:
branches/lenny-security/debian/changelog
branches/lenny-security/debian/patches/00list
Modified: branches/lenny-security/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/changelog?rev=2093&op=diff
==============================================================================
--- branches/lenny-security/debian/changelog (original)
+++ branches/lenny-security/debian/changelog Fri Nov 6 01:32:45 2009
@@ -5,6 +5,10 @@
* debian/patches/16_SA-CORE-2009-007
- Fix cross-site scripting (XSS) issues (Closes: #535435, #535476)
(Ref: SA-CORE-2009-007, CVE-2009-2372, CVE-2009-2373, CVE-2009-2374)
+
+ * debian/patches/17_SA-CORE-2009-008
+ - Fix XSS, OpenID impersonation and Session Fixation issues (Closes: #547140)
+ (Ref: SA-CORE-2009-008, CVE-TBD)
-- Luigi Gangitano <luigi at debian.org> Fri, 06 Nov 2009 00:16:01 +0100
Modified: branches/lenny-security/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/patches/00list?rev=2093&op=diff
==============================================================================
--- branches/lenny-security/debian/patches/00list (original)
+++ branches/lenny-security/debian/patches/00list Fri Nov 6 01:32:45 2009
@@ -4,3 +4,4 @@
14_SA-CORE-2009-005
15_SA-CORE-2009-006
16_SA-CORE-2009-007
+17_SA-CORE-2009-008
Added: branches/lenny-security/debian/patches/17_SA-CORE-2009-008.dpatch
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/patches/17_SA-CORE-2009-008.dpatch?rev=2093&op=file
==============================================================================
--- branches/lenny-security/debian/patches/17_SA-CORE-2009-008.dpatch (added)
+++ branches/lenny-security/debian/patches/17_SA-CORE-2009-008.dpatch Fri Nov 6 01:32:45 2009
@@ -1,0 +1,79 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 17_SA-CORE-2009-008.dpatch by Luigi Gangitano <luigi at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad lenny~/includes/file.inc lenny/includes/file.inc
+--- lenny~/includes/file.inc 2009-08-05 02:50:57.000000000 +0200
++++ lenny/includes/file.inc 2009-11-06 00:33:34.000000000 +0100
+@@ -529,13 +529,6 @@
+ $file->filepath = $_FILES['files']['tmp_name'][$source];
+ $file->filemime = file_get_mimetype($file->filename);
+
+- // Rename potentially executable files, to help prevent exploits.
+- if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
+- $file->filemime = 'text/plain';
+- $file->filepath .= '.txt';
+- $file->filename .= '.txt';
+- }
+-
+ // If the destination is not provided, or is not writable, then use the
+ // temporary directory.
+ if (empty($dest) || file_check_path($dest) === FALSE) {
+@@ -553,6 +546,18 @@
+ $errors = array_merge($errors, call_user_func_array($function, $args));
+ }
+
++ // Rename potentially executable files, to help prevent exploits.
++ if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
++ $file->filemime = 'text/plain';
++ $file->filepath .= '.txt';
++ $file->filename .= '.txt';
++ // As the file may be named example.php.txt, we need to munge again to
++ // convert to example.php_.txt, then create the correct destination.
++ $file->filename = file_munge_filename($file->filename, $extensions);
++ $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), $replace);
++ }
++
++
+ // Check for validation errors.
+ if (!empty($errors)) {
+ $message = t('The selected file %name could not be uploaded.', array('%name' => $file->filename));
+diff -urNad lenny~/modules/openid/openid.module lenny/modules/openid/openid.module
+--- lenny~/modules/openid/openid.module 2009-08-05 02:51:31.000000000 +0200
++++ lenny/modules/openid/openid.module 2009-11-06 00:33:34.000000000 +0100
+@@ -193,8 +193,8 @@
+ }
+
+ if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 .'/server', $services[0]['types'])) {
+- $identity = 'http://specs.openid.net/auth/2.0/identifier_select';
+- }
++ $claimed_id = $identity = 'http://specs.openid.net/auth/2.0/identifier_select';
++ }
+ $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']);
+
+ if ($services[0]['version'] == 2) {
+diff -urNad lenny~/modules/openid/openid.pages.inc lenny/modules/openid/openid.pages.inc
+--- lenny~/modules/openid/openid.pages.inc 2009-08-05 02:51:31.000000000 +0200
++++ lenny/modules/openid/openid.pages.inc 2009-11-06 00:33:34.000000000 +0100
+@@ -73,12 +73,14 @@
+ if (db_result(db_query("SELECT authname FROM {authmap} WHERE authname='%s'", $claimed_id))) {
+ form_set_error('openid_identifier', t('That OpenID is already in use on this site.'));
+ }
+- else {
+- $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE));
+- openid_begin($form_state['values']['openid_identifier'], $return_to);
+- }
+ }
+
++function openid_user_add_submit($form, &$form_state) {
++ $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE));
++ openid_begin($form_state['values']['openid_identifier'], $return_to);
++}
++
++
+ /**
+ * Present a confirmation form to delete the specified OpenID identity from the system.
+ *
Propchange: branches/lenny-security/debian/patches/17_SA-CORE-2009-008.dpatch
------------------------------------------------------------------------------
svn:executable = *
More information about the Pkg-drupal-commits
mailing list