[Pkg-sql-ledger-commit] r143 - in trunk/debian: . patches
pkg-sql-ledger-commit-owner at lists.alioth.debian.org
pkg-sql-ledger-commit-owner at lists.alioth.debian.org
Mon Nov 27 08:33:57 CET 2006
Author: hertzog
Date: 2006-11-27 08:33:57 +0100 (Mon, 27 Nov 2006)
New Revision: 143
Added:
trunk/debian/patches/05improve-sec-check.dpatch
Modified:
trunk/debian/changelog
trunk/debian/patches/00list
Log:
New release with enhanced security check.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-11-26 10:56:55 UTC (rev 142)
+++ trunk/debian/changelog 2006-11-27 07:33:57 UTC (rev 143)
@@ -1,3 +1,9 @@
+sql-ledger (2.6.21-2) unstable; urgency=high
+
+ * Further improve the security check introduced in 2.6.21.
+
+ -- Raphael Hertzog <hertzog at debian.org> Mon, 27 Nov 2006 08:30:51 +0100
+
sql-ledger (2.6.21-1) unstable; urgency=high
* New upstream release.
Modified: trunk/debian/patches/00list
===================================================================
--- trunk/debian/patches/00list 2006-11-26 10:56:55 UTC (rev 142)
+++ trunk/debian/patches/00list 2006-11-27 07:33:57 UTC (rev 143)
@@ -1,5 +1,6 @@
#
# List of patches to apply.
#
+05improve-sec-check
10makefiles
45crosslink
Added: trunk/debian/patches/05improve-sec-check.dpatch
===================================================================
--- trunk/debian/patches/05improve-sec-check.dpatch 2006-11-26 10:56:55 UTC (rev 142)
+++ trunk/debian/patches/05improve-sec-check.dpatch 2006-11-27 07:33:57 UTC (rev 143)
@@ -0,0 +1,33 @@
+#! /bin/sh -e
+## All lines beginning with `## DP:' are a description of the patch.
+##
+## DP: Improve security check (temporary patch, already merged upstream)
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+case "$1" in
+ -patch) ( patch $patch_opts -p0 ) < $0 ;;
+ -unpatch) ( patch $patch_opts -p0 -R ) < $0 ;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+
+exit 0
+ at DPATCH@
+--- login.pl 2006-11-24 23:11:23.000000000 +0100
++++ login.pl.new 2006-11-27 08:27:20.000000000 +0100
+@@ -71,7 +71,7 @@
+
+ @scripts = qw(login.pl admin.pl custom_login.pl custom_admin.pl);
+
+-if (grep !/$form{script}/, @scripts) {
++if (grep !/^\Q$form{script}\E/, @scripts) {
+ print "Content-Type: text/html\n\n" if $ENV{HTTP_USER_AGENT};
+ print "\nAccess denied!\n";
+ exit;
Property changes on: trunk/debian/patches/05improve-sec-check.dpatch
___________________________________________________________________
Name: svn:executable
+ *
More information about the Pkg-sql-ledger-commit
mailing list