[Pkg-sql-ledger-commit] r143 - in trunk/debian: . patches

pkg-sql-ledger-commit-owner at lists.alioth.debian.org pkg-sql-ledger-commit-owner at lists.alioth.debian.org
Mon Nov 27 08:33:57 CET 2006 

Author: hertzog
Date: 2006-11-27 08:33:57 +0100 (Mon, 27 Nov 2006)
New Revision: 143

Added:
   trunk/debian/patches/05improve-sec-check.dpatch
Modified:
   trunk/debian/changelog
   trunk/debian/patches/00list
Log:
New release with enhanced security check.


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2006-11-26 10:56:55 UTC (rev 142)
+++ trunk/debian/changelog	2006-11-27 07:33:57 UTC (rev 143)
@@ -1,3 +1,9 @@
+sql-ledger (2.6.21-2) unstable; urgency=high
+
+  * Further improve the security check introduced in 2.6.21.
+
+ -- Raphael Hertzog <hertzog at debian.org>  Mon, 27 Nov 2006 08:30:51 +0100
+
 sql-ledger (2.6.21-1) unstable; urgency=high
 
   * New upstream release.

Modified: trunk/debian/patches/00list
===================================================================
--- trunk/debian/patches/00list	2006-11-26 10:56:55 UTC (rev 142)
+++ trunk/debian/patches/00list	2006-11-27 07:33:57 UTC (rev 143)
@@ -1,5 +1,6 @@
 #
 # List of patches to apply.
 #
+05improve-sec-check
 10makefiles
 45crosslink

Added: trunk/debian/patches/05improve-sec-check.dpatch
===================================================================
--- trunk/debian/patches/05improve-sec-check.dpatch	2006-11-26 10:56:55 UTC (rev 142)
+++ trunk/debian/patches/05improve-sec-check.dpatch	2006-11-27 07:33:57 UTC (rev 143)
@@ -0,0 +1,33 @@
+#! /bin/sh -e
+## All lines beginning with `## DP:' are a description of the patch.
+##
+## DP: Improve security check (temporary patch, already merged upstream)
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch}"
+
+if [ $# -ne 1 ]; then
+    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+    exit 1
+fi
+case "$1" in
+       -patch)   ( patch $patch_opts -p0 ) < $0 ;;
+       -unpatch) ( patch $patch_opts -p0 -R ) < $0 ;;
+        *)
+                echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+                exit 1;;
+esac
+
+exit 0
+ at DPATCH@
+--- login.pl	2006-11-24 23:11:23.000000000 +0100
++++ login.pl.new	2006-11-27 08:27:20.000000000 +0100
+@@ -71,7 +71,7 @@
+ 
+ @scripts = qw(login.pl admin.pl custom_login.pl custom_admin.pl);
+ 
+-if (grep !/$form{script}/, @scripts) {
++if (grep !/^\Q$form{script}\E/, @scripts) {
+   print "Content-Type: text/html\n\n" if $ENV{HTTP_USER_AGENT};
+   print "\nAccess denied!\n";
+   exit;


Property changes on: trunk/debian/patches/05improve-sec-check.dpatch
___________________________________________________________________
Name: svn:executable
   + *

More information about the Pkg-sql-ledger-commit mailing list