[Pkg-mediawiki-commits] r479 - in mediawiki/branches/squeeze/debian: . patches
Jonathan Wiltshire
jmw at alioth.debian.org
Sun Sep 8 18:55:25 UTC 2013
Author: jmw
Date: 2013-09-08 18:55:24 +0000 (Sun, 08 Sep 2013)
New Revision: 479
Added:
mediawiki/branches/squeeze/debian/patches/CVE-2013-4302.patch
Modified:
mediawiki/branches/squeeze/debian/changelog
mediawiki/branches/squeeze/debian/patches/series
Log:
Apply upstream patch for CVE-2013-4302
Modified: mediawiki/branches/squeeze/debian/changelog
===================================================================
--- mediawiki/branches/squeeze/debian/changelog 2013-09-08 18:42:51 UTC (rev 478)
+++ mediawiki/branches/squeeze/debian/changelog 2013-09-08 18:55:24 UTC (rev 479)
@@ -1,3 +1,10 @@
+mediawiki (1:1.15.5-2squeeze6) stable-security; urgency=low
+
+ * CVE-2013-4302: apply patch from upstream to prevent
+ access to anti-CSRF tokens via JSONP
+
+ -- Jonathan Wiltshire <jmw at debian.org> Sun, 08 Sep 2013 19:53:58 +0100
+
mediawiki (1:1.15.5-2squeeze5) stable; urgency=low
[ Dominik George ]
Added: mediawiki/branches/squeeze/debian/patches/CVE-2013-4302.patch
===================================================================
--- mediawiki/branches/squeeze/debian/patches/CVE-2013-4302.patch (rev 0)
+++ mediawiki/branches/squeeze/debian/patches/CVE-2013-4302.patch 2013-09-08 18:55:24 UTC (rev 479)
@@ -0,0 +1,76 @@
+From f8998c726550b85ab6a4362c364a51f1604ea687 Mon Sep 17 00:00:00 2001
+From: Brad Jorsch <bjorsch at wikimedia.org>
+Date: Tue, 3 Sep 2013 07:59:13 -0700
+Subject: [PATCH] SECURITY: Prevent tokens in jsonp mode
+
+Add checks to token-returning functions to prevent returning tokens in
+jsonp mode. This affects action=login, action=block, action=unblock, and
+action=query&list=deletedrevs.
+
+Bug: 49090
+Change-Id: Ibeaa5c72d8084585092b15935a3f5709104bf7f7
+---
+ includes/api/ApiBlock.php | 4 ++++
+ includes/api/ApiLogin.php | 9 +++++++++
+ includes/api/ApiQueryDeletedrevs.php | 5 +++++
+ includes/api/ApiUnblock.php | 4 ++++
+ 5 files changed, 24 insertions(+), 1 deletion(-)
+
+--- mediawiki-1.15.5.orig/includes/api/ApiBlock.php
++++ mediawiki-1.15.5/includes/api/ApiBlock.php
+@@ -54,6 +54,10 @@
+
+ if($params['gettoken'])
+ {
++ // If we're in JSON callback mode, no tokens can be obtained
++ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
++ $this->dieUsage( 'Cannot get token when using a callback', 'aborted' );
++ }
+ $res['blocktoken'] = $wgUser->editToken();
+ $this->getResult()->addValue(null, $this->getModuleName(), $res);
+ return;
+--- mediawiki-1.15.5.orig/includes/api/ApiLogin.php
++++ mediawiki-1.15.5/includes/api/ApiLogin.php
+@@ -52,6 +52,15 @@
+ * @access public
+ */
+ public function execute() {
++ // If we're in JSON callback mode, no tokens can be obtained
++ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
++ $this->getResult()->addValue( null, 'login', array(
++ 'result' => 'Aborted',
++ 'reason' => 'Cannot log in when using a callback',
++ ) );
++ return;
++ }
++
+ $params = $this->extractRequestParams();
+
+ $result = array ();
+--- mediawiki-1.15.5.orig/includes/api/ApiQueryDeletedrevs.php
++++ mediawiki-1.15.5/includes/api/ApiQueryDeletedrevs.php
+@@ -57,6 +57,11 @@
+ $fld_content = isset($prop['content']);
+ $fld_token = isset($prop['token']);
+
++ // If we're in JSON callback mode, no tokens can be obtained
++ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
++ $fld_token = false;
++ }
++
+ $result = $this->getResult();
+ $pageSet = $this->getPageSet();
+ $titles = $pageSet->getTitles();
+--- mediawiki-1.15.5.orig/includes/api/ApiUnblock.php
++++ mediawiki-1.15.5/includes/api/ApiUnblock.php
+@@ -48,6 +48,10 @@
+
+ if($params['gettoken'])
+ {
++ // If we're in JSON callback mode, no tokens can be obtained
++ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
++ $this->dieUsage( 'Cannot get token when using a callback', 'aborted' );
++ }
+ $res['unblocktoken'] = $wgUser->editToken();
+ $this->getResult()->addValue(null, $this->getModuleName(), $res);
+ return;
Modified: mediawiki/branches/squeeze/debian/patches/series
===================================================================
--- mediawiki/branches/squeeze/debian/patches/series 2013-09-08 18:42:51 UTC (rev 478)
+++ mediawiki/branches/squeeze/debian/patches/series 2013-09-08 18:55:24 UTC (rev 479)
@@ -15,3 +15,4 @@
CVE-2012-0046.patch
CVE-2012-5391.patch
pcre-linker-backtrack.patch
+CVE-2013-4302.patch
More information about the Pkg-mediawiki-commits
mailing list