diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-12 10:49:24 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-12 10:52:16 +0000 |
| commit | 0c51a8b4a7652addee690688eb5a341d1815b095 (patch) | |
| tree | 5dc5629a6e6d4984f212cc7df936f2f091c05e13 | |
| parent | acc5b8b4bbda55488dd0f2a52c08adc0a48847f3 (diff) | |
| download | aports-0c51a8b4a7652addee690688eb5a341d1815b095.tar.bz2 aports-0c51a8b4a7652addee690688eb5a341d1815b095.tar.xz | |
main/smokeping: yet another XSS fix
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659899#155
| -rw-r--r-- | main/smokeping/APKBUILD | 8 | ||||
| -rw-r--r-- | main/smokeping/xss-fix-from-Steven-Chamberlain.patch | 28 |
2 files changed, 33 insertions, 3 deletions
diff --git a/main/smokeping/APKBUILD b/main/smokeping/APKBUILD index d9bad8f7d..b96f2bb87 100644 --- a/main/smokeping/APKBUILD +++ b/main/smokeping/APKBUILD @@ -2,14 +2,15 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=smokeping pkgver=2.6.9 -pkgrel=0 +pkgrel=1 pkgdesc="Smokeping network latency monitoring" pkgusers="smokeping" pkggroups="smokeping" install="$pkgname.pre-install" url="http://oss.oetiker.ch/smokeping/" source="http://oss.oetiker.ch/smokeping/pub/smokeping-$pkgver.tar.gz - smokeping.initd" + smokeping.initd + xss-fix-from-Steven-Chamberlain.patch" depends="perl fping rrdtool perl-rrd perl-uri perl-digest-hmac @@ -125,4 +126,5 @@ package() { } md5sums="0c2361b734866dd37facf2af3f8f7144 smokeping-2.6.9.tar.gz -a63b42b8165f9c728706ac112658548b smokeping.initd" +a63b42b8165f9c728706ac112658548b smokeping.initd +cee64c8fe5d813534dfb29c2cd3a1324 xss-fix-from-Steven-Chamberlain.patch" diff --git a/main/smokeping/xss-fix-from-Steven-Chamberlain.patch b/main/smokeping/xss-fix-from-Steven-Chamberlain.patch new file mode 100644 index 000000000..ba1e25f46 --- /dev/null +++ b/main/smokeping/xss-fix-from-Steven-Chamberlain.patch @@ -0,0 +1,28 @@ +From bad9f9c28f0939b269f90072aa4cf41f20f15563 Mon Sep 17 00:00:00 2001 +From: Tobias Oetiker <tobi@oetiker.ch> +Date: Sun, 17 Mar 2013 13:11:10 +0100 +Subject: [PATCH] xss fix from Steven Chamberlain + +--- + lib/Smokeping.pm | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm +index cec130a..080b538 100644 +--- a/lib/Smokeping.pm ++++ b/lib/Smokeping.pm +@@ -1028,8 +1028,9 @@ sub smokecol ($) { + + sub parse_datetime($){ + my $in = shift; +- for ($in){ +- /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value}; ++ for ($in){ ++ $in =~ s/$xssBadRx/_/g; ++ /^(\d+)$/ && do { my $value = $1; $value = time if $value > 2**32; return $value}; + /^\s*(\d{4})-(\d{1,2})-(\d{1,2})(?:\s+(\d{1,2}):(\d{2})(?::(\d{2}))?)?\s*$/ && + return POSIX::mktime($6||0,$5||0,$4||0,$3,$2-1,$1-1900,0,0,-1); + /^now$/ && return time; +-- +1.8.1.5 + |