summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJustin Bronder <jsbronder@gentoo.org>2013-12-23 16:54:37 +0000
committerJustin Bronder <jsbronder@gentoo.org>2013-12-23 16:54:37 +0000
commit22928d11c1d0649cae1d77dd504992af742d9a22 (patch)
tree4de1243f4c3f03ec15f3965529f3bd2832d38453 /sys-cluster/ganglia-web
parentamd64 stable, bug #488914 (diff)
downloadgentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.tar.gz
gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.tar.bz2
gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.zip
Add patch to fix CVE-2013-6395 (#492580).
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9)
Diffstat (limited to 'sys-cluster/ganglia-web')
-rw-r--r--sys-cluster/ganglia-web/ChangeLog12
-rw-r--r--sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch27
-rw-r--r--sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild61
-rw-r--r--sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild (renamed from sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild)6
-rw-r--r--sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild (renamed from sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild)6
5 files changed, 109 insertions, 3 deletions
diff --git a/sys-cluster/ganglia-web/ChangeLog b/sys-cluster/ganglia-web/ChangeLog
index 1aa618071410..eb6094ce179a 100644
--- a/sys-cluster/ganglia-web/ChangeLog
+++ b/sys-cluster/ganglia-web/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for sys-cluster/ganglia-web
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ChangeLog,v 1.12 2013/07/11 23:13:35 jsbronder Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ChangeLog,v 1.13 2013/12/23 16:54:37 jsbronder Exp $
+
+*ganglia-web-3.5.10-r1 (23 Dec 2013)
+*ganglia-web-3.5.8-r1 (23 Dec 2013)
+*ganglia-web-3.5.6-r1 (23 Dec 2013)
+
+ 23 Dec 2013; Justin Bronder <jsbronder@gentoo.org>
+ +ganglia-web-3.5.6-r1.ebuild, -ganglia-web-3.5.8.ebuild,
+ +ganglia-web-3.5.8-r1.ebuild, -ganglia-web-3.5.10.ebuild,
+ +ganglia-web-3.5.10-r1.ebuild, +files/CVE-2013-6395-fix-xss.patch:
+ Add patch to fix CVE-2013-6395 (#492580).
*ganglia-web-3.5.10 (11 Jul 2013)
diff --git a/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch
new file mode 100644
index 000000000000..6f49bbedb7c0
--- /dev/null
+++ b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch
@@ -0,0 +1,27 @@
+From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001
+From: Justin Bronder <jsbronder@gmail.com>
+Date: Mon, 23 Dec 2013 11:39:03 -0500
+Subject: [PATCH] CVE-2013-6395 fix xss
+
+https://bugs.gentoo.org/show_bug.cgi?id=492580
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395
+---
+ header.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/header.php b/header.php
+index d0a30c2..e1cb0e8 100755
+--- a/header.php
++++ b/header.php
+@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time);
+ /////////////////////////////////////////////////////////////////////////
+ if ( $context == "cluster" ) {
+ if ( isset($user['host_regex']) && $user['host_regex'] != "" )
+- $set_host_regex_value="value='" . $user['host_regex'] . "'";
++ $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'";
+ else
+ $set_host_regex_value="";
+
+--
+1.8.3.2
+
diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild
new file mode 100644
index 000000000000..2cfbf43136f8
--- /dev/null
+++ b/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $
+
+EAPI=4
+WEBAPP_MANUAL_SLOT="yes"
+inherit webapp eutils
+
+DESCRIPTION="Web frontend for sys-cluster/ganglia"
+HOMEPAGE="http://ganglia.sourceforge.net"
+SRC_URI="mirror://sourceforge/ganglia/${PN}/${PV}/${P}.tar.gz"
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="vhosts"
+
+DEPEND="net-misc/rsync"
+RDEPEND="
+ ${DEPEND}
+ ${WEBAPP_DEPEND}
+ >=sys-cluster/ganglia-3.3.7[-minimal]
+ dev-lang/php[gd,xml,ctype,cgi]
+ media-fonts/dejavu"
+
+src_configure() {
+ return 0
+}
+
+src_compile() {
+ return 0
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch
+}
+
+src_install() {
+ webapp_src_preinst
+ cd "${S}"
+ emake \
+ GDESTDIR="${MY_HTDOCSDIR}" \
+ DESTDIR="${D}" \
+ APACHE_USER=nobody \
+ install || die
+ webapp_configfile "${MY_HTDOCSDIR}"/conf_default.php
+ webapp_src_install
+
+ fowners -R nobody:nobody /var/lib/ganglia-web/dwoo
+ fperms -R 777 /var/lib/ganglia-web/dwoo
+
+ dodoc AUTHORS README TODO || die
+}
+
+pkg_postinst() {
+ webapp_pkg_postinst
+
+ # upgrade from < 3.5.6
+ if [ -d "${ROOT}"/var/lib/ganglia/dwoo ]; then
+ rm -rf "${ROOT}"/var/lib/ganglia/dwoo || die
+ fi
+}
diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild
index 7d1719a7268c..9b267454b9c1 100644
--- a/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild
+++ b/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild,v 1.1 2013/07/11 23:13:35 jsbronder Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $
EAPI=4
WEBAPP_MANUAL_SLOT="yes"
@@ -30,6 +30,10 @@ src_compile() {
return 0
}
+src_prepare() {
+ epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch
+}
+
src_install() {
webapp_src_preinst
cd "${S}"
diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild
index 70ed2bbb2bca..f212b195447d 100644
--- a/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild
+++ b/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild,v 1.1 2013/06/22 00:02:26 jsbronder Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $
EAPI=4
WEBAPP_MANUAL_SLOT="yes"
@@ -30,6 +30,10 @@ src_compile() {
return 0
}
+src_prepare() {
+ epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch
+}
+
src_install() {
webapp_src_preinst
cd "${S}"