From fad8b74f852feb2d12f1f967c294e3a20560534a Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 12 Apr 2013 10:49:24 +0000
Subject: main/smokeping: yet another XSS fix

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659899#155
---
 main/smokeping/APKBUILD                            | 14 +++++++----
 .../xss-fix-from-Steven-Chamberlain.patch          | 28 ++++++++++++++++++++++
 2 files changed, 37 insertions(+), 5 deletions(-)
 create mode 100644 main/smokeping/xss-fix-from-Steven-Chamberlain.patch

(limited to 'main')

diff --git a/main/smokeping/APKBUILD b/main/smokeping/APKBUILD
index 53fb5bca88..b3c6a62f00 100644
--- a/main/smokeping/APKBUILD
+++ b/main/smokeping/APKBUILD
@@ -2,14 +2,15 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=smokeping
 pkgver=2.6.9
-pkgrel=0
+pkgrel=1
 pkgdesc="Smokeping network latency monitoring"
 pkgusers="smokeping"
 pkggroups="smokeping"
 install="$pkgname.pre-install"
 url="http://oss.oetiker.ch/smokeping/"
 source="http://oss.oetiker.ch/smokeping/pub/smokeping-$pkgver.tar.gz
-	smokeping.initd"
+	smokeping.initd
+	xss-fix-from-Steven-Chamberlain.patch"
 depends="perl fping rrdtool perl-rrd
 	perl-uri
 	perl-digest-hmac
@@ -125,8 +126,11 @@ package() {
 }
 
 md5sums="0c2361b734866dd37facf2af3f8f7144  smokeping-2.6.9.tar.gz
-a63b42b8165f9c728706ac112658548b  smokeping.initd"
+a63b42b8165f9c728706ac112658548b  smokeping.initd
+cee64c8fe5d813534dfb29c2cd3a1324  xss-fix-from-Steven-Chamberlain.patch"
 sha256sums="cd551d4384d8b19879d128ea0566bd680c19bb4ad8664a3c5a304604746f8863  smokeping-2.6.9.tar.gz
-1b83d2e35e922e71bb3c91deee7c247cfbaebe47022451aabde87b790c5a61ca  smokeping.initd"
+1b83d2e35e922e71bb3c91deee7c247cfbaebe47022451aabde87b790c5a61ca  smokeping.initd
+f7750494a81e56dac2d8c7bc996eb63ac590168fff92d237e883807c036f07ac  xss-fix-from-Steven-Chamberlain.patch"
 sha512sums="ab3cec15fd9f90510f902da7ce5bac5915558cac198cc88f0ce193a53a0158c9055e28c8c6671cc6653ac42ab51346e1eb19e537f1ab5c234fd498c6b777499d  smokeping-2.6.9.tar.gz
-b1d6f769b870a14856f4e4f6e699d6a9eb7744d9c447e5cd799cf21dd1eb83807aaa270029e15a49c709e8a9160c395d264bcc1d3281233160e2a907e61473ad  smokeping.initd"
+b1d6f769b870a14856f4e4f6e699d6a9eb7744d9c447e5cd799cf21dd1eb83807aaa270029e15a49c709e8a9160c395d264bcc1d3281233160e2a907e61473ad  smokeping.initd
+ab13cbf69a8b7d9cce7684eaf6a61ff5d827bcd4abc04cec7df47a97ab4d73eac5034addcb8e061ced246a2dcff69d04a9114b89e6c20014e2f3eb6c8fff0c11  xss-fix-from-Steven-Chamberlain.patch"
diff --git a/main/smokeping/xss-fix-from-Steven-Chamberlain.patch b/main/smokeping/xss-fix-from-Steven-Chamberlain.patch
new file mode 100644
index 0000000000..ba1e25f461
--- /dev/null
+++ b/main/smokeping/xss-fix-from-Steven-Chamberlain.patch
@@ -0,0 +1,28 @@
+From bad9f9c28f0939b269f90072aa4cf41f20f15563 Mon Sep 17 00:00:00 2001
+From: Tobias Oetiker <tobi@oetiker.ch>
+Date: Sun, 17 Mar 2013 13:11:10 +0100
+Subject: [PATCH] xss fix from Steven Chamberlain
+
+---
+ lib/Smokeping.pm | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm
+index cec130a..080b538 100644
+--- a/lib/Smokeping.pm
++++ b/lib/Smokeping.pm
+@@ -1028,8 +1028,9 @@ sub smokecol ($) {
+ 
+ sub parse_datetime($){
+     my $in = shift;
+-    for ($in){
+-	/^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value};
++    for ($in){ 
++        $in =~ s/$xssBadRx/_/g;
++        /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value};
+         /^\s*(\d{4})-(\d{1,2})-(\d{1,2})(?:\s+(\d{1,2}):(\d{2})(?::(\d{2}))?)?\s*$/  && 
+             return POSIX::mktime($6||0,$5||0,$4||0,$3,$2-1,$1-1900,0,0,-1);
+         /^now$/ && return time;
+-- 
+1.8.1.5
+
-- 
cgit v1.2.3