diff options
author | Justin Bronder <jsbronder@gentoo.org> | 2013-12-23 16:54:37 +0000 |
---|---|---|
committer | Justin Bronder <jsbronder@gentoo.org> | 2013-12-23 16:54:37 +0000 |
commit | 22928d11c1d0649cae1d77dd504992af742d9a22 (patch) | |
tree | 4de1243f4c3f03ec15f3965529f3bd2832d38453 /sys-cluster/ganglia-web | |
parent | amd64 stable, bug #488914 (diff) | |
download | gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.tar.gz gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.tar.bz2 gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.zip |
Add patch to fix CVE-2013-6395 (#492580).
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9)
Diffstat (limited to 'sys-cluster/ganglia-web')
-rw-r--r-- | sys-cluster/ganglia-web/ChangeLog | 12 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch | 27 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild | 61 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild (renamed from sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild) | 6 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild (renamed from sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild) | 6 |
5 files changed, 109 insertions, 3 deletions
diff --git a/sys-cluster/ganglia-web/ChangeLog b/sys-cluster/ganglia-web/ChangeLog index 1aa618071410..eb6094ce179a 100644 --- a/sys-cluster/ganglia-web/ChangeLog +++ b/sys-cluster/ganglia-web/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for sys-cluster/ganglia-web # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ChangeLog,v 1.12 2013/07/11 23:13:35 jsbronder Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ChangeLog,v 1.13 2013/12/23 16:54:37 jsbronder Exp $ + +*ganglia-web-3.5.10-r1 (23 Dec 2013) +*ganglia-web-3.5.8-r1 (23 Dec 2013) +*ganglia-web-3.5.6-r1 (23 Dec 2013) + + 23 Dec 2013; Justin Bronder <jsbronder@gentoo.org> + +ganglia-web-3.5.6-r1.ebuild, -ganglia-web-3.5.8.ebuild, + +ganglia-web-3.5.8-r1.ebuild, -ganglia-web-3.5.10.ebuild, + +ganglia-web-3.5.10-r1.ebuild, +files/CVE-2013-6395-fix-xss.patch: + Add patch to fix CVE-2013-6395 (#492580). *ganglia-web-3.5.10 (11 Jul 2013) diff --git a/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch new file mode 100644 index 000000000000..6f49bbedb7c0 --- /dev/null +++ b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch @@ -0,0 +1,27 @@ +From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001 +From: Justin Bronder <jsbronder@gmail.com> +Date: Mon, 23 Dec 2013 11:39:03 -0500 +Subject: [PATCH] CVE-2013-6395 fix xss + +https://bugs.gentoo.org/show_bug.cgi?id=492580 +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395 +--- + header.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/header.php b/header.php +index d0a30c2..e1cb0e8 100755 +--- a/header.php ++++ b/header.php +@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time); + ///////////////////////////////////////////////////////////////////////// + if ( $context == "cluster" ) { + if ( isset($user['host_regex']) && $user['host_regex'] != "" ) +- $set_host_regex_value="value='" . $user['host_regex'] . "'"; ++ $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'"; + else + $set_host_regex_value=""; + +-- +1.8.3.2 + diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild new file mode 100644 index 000000000000..2cfbf43136f8 --- /dev/null +++ b/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $ + +EAPI=4 +WEBAPP_MANUAL_SLOT="yes" +inherit webapp eutils + +DESCRIPTION="Web frontend for sys-cluster/ganglia" +HOMEPAGE="http://ganglia.sourceforge.net" +SRC_URI="mirror://sourceforge/ganglia/${PN}/${PV}/${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="vhosts" + +DEPEND="net-misc/rsync" +RDEPEND=" + ${DEPEND} + ${WEBAPP_DEPEND} + >=sys-cluster/ganglia-3.3.7[-minimal] + dev-lang/php[gd,xml,ctype,cgi] + media-fonts/dejavu" + +src_configure() { + return 0 +} + +src_compile() { + return 0 +} + +src_prepare() { + epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch +} + +src_install() { + webapp_src_preinst + cd "${S}" + emake \ + GDESTDIR="${MY_HTDOCSDIR}" \ + DESTDIR="${D}" \ + APACHE_USER=nobody \ + install || die + webapp_configfile "${MY_HTDOCSDIR}"/conf_default.php + webapp_src_install + + fowners -R nobody:nobody /var/lib/ganglia-web/dwoo + fperms -R 777 /var/lib/ganglia-web/dwoo + + dodoc AUTHORS README TODO || die +} + +pkg_postinst() { + webapp_pkg_postinst + + # upgrade from < 3.5.6 + if [ -d "${ROOT}"/var/lib/ganglia/dwoo ]; then + rm -rf "${ROOT}"/var/lib/ganglia/dwoo || die + fi +} diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild index 7d1719a7268c..9b267454b9c1 100644 --- a/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild +++ b/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild,v 1.1 2013/07/11 23:13:35 jsbronder Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $ EAPI=4 WEBAPP_MANUAL_SLOT="yes" @@ -30,6 +30,10 @@ src_compile() { return 0 } +src_prepare() { + epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch +} + src_install() { webapp_src_preinst cd "${S}" diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild index 70ed2bbb2bca..f212b195447d 100644 --- a/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild +++ b/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild,v 1.1 2013/06/22 00:02:26 jsbronder Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $ EAPI=4 WEBAPP_MANUAL_SLOT="yes" @@ -30,6 +30,10 @@ src_compile() { return 0 } +src_prepare() { + epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch +} + src_install() { webapp_src_preinst cd "${S}" |