diff options
author | Justin Bronder <jsbronder@gentoo.org> | 2013-12-23 16:54:41 +0000 |
---|---|---|
committer | Justin Bronder <jsbronder@gentoo.org> | 2013-12-23 16:54:41 +0000 |
commit | 29d755856885f024a0207cf4fe7b180eeaa2ae6f (patch) | |
tree | 9d7982ae0740fd750df60c3ac2930317645d01a3 /sys-cluster/ganglia-web | |
parent | amd64 stable, bug #488914 (diff) | |
download | historical-29d755856885f024a0207cf4fe7b180eeaa2ae6f.tar.gz historical-29d755856885f024a0207cf4fe7b180eeaa2ae6f.tar.bz2 historical-29d755856885f024a0207cf4fe7b180eeaa2ae6f.zip |
Add patch to fix CVE-2013-6395 (#492580).
Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0x4D7043C9
Diffstat (limited to 'sys-cluster/ganglia-web')
-rw-r--r-- | sys-cluster/ganglia-web/ChangeLog | 12 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/Manifest | 16 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch | 27 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild | 61 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild (renamed from sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild) | 6 | ||||
-rw-r--r-- | sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild (renamed from sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild) | 6 |
6 files changed, 118 insertions, 10 deletions
diff --git a/sys-cluster/ganglia-web/ChangeLog b/sys-cluster/ganglia-web/ChangeLog index 1aa618071410..eb6094ce179a 100644 --- a/sys-cluster/ganglia-web/ChangeLog +++ b/sys-cluster/ganglia-web/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for sys-cluster/ganglia-web # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ChangeLog,v 1.12 2013/07/11 23:13:35 jsbronder Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ChangeLog,v 1.13 2013/12/23 16:54:37 jsbronder Exp $ + +*ganglia-web-3.5.10-r1 (23 Dec 2013) +*ganglia-web-3.5.8-r1 (23 Dec 2013) +*ganglia-web-3.5.6-r1 (23 Dec 2013) + + 23 Dec 2013; Justin Bronder <jsbronder@gentoo.org> + +ganglia-web-3.5.6-r1.ebuild, -ganglia-web-3.5.8.ebuild, + +ganglia-web-3.5.8-r1.ebuild, -ganglia-web-3.5.10.ebuild, + +ganglia-web-3.5.10-r1.ebuild, +files/CVE-2013-6395-fix-xss.patch: + Add patch to fix CVE-2013-6395 (#492580). *ganglia-web-3.5.10 (11 Jul 2013) diff --git a/sys-cluster/ganglia-web/Manifest b/sys-cluster/ganglia-web/Manifest index 927c7c428ac6..f194cdf2308c 100644 --- a/sys-cluster/ganglia-web/Manifest +++ b/sys-cluster/ganglia-web/Manifest @@ -1,18 +1,20 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 +AUX CVE-2013-6395-fix-xss.patch 922 SHA256 42cb7108991ef3061f9a34710b29fda75bc4635bcc6f824fb1115fd4f0277159 SHA512 6ea9694203f5402eb84bf412db6f8c687872a6ab0bea1a0645d92e7852b4a8542f48420442e451042c032d43056ba07d23fd09344d45533017ebdebf111ec556 WHIRLPOOL 785701d303c8649a1d7ac830272f703e7a26f10b0a5d840898f8a36a6d4d1075d1f442f4455d266d978574bc81424ef772e529bc7f5c0a8232f59fcf676f6b05 DIST ganglia-web-3.5.10.tar.gz 1431977 SHA256 cd6948d4a08a65c3f4f042fa22f04948e089b2b1f970ba1f9f3d91c31bc0ca02 SHA512 9f035c27e7afe944d854a701fc70869940c9cacef5b58b92493241a817f4f5b80103191ab6e9c062ade4c92288fdd25097c95f6d57f409d4840cab2c5ee66efd WHIRLPOOL 6a9dad89961f1cb6c7e63a20f8b79eff2c5758795fe4eac89c9c6ea02f3aef0ade7b4b1851c78c0a0f901825883c0bc08419379b81977f532aa56db04a2564c9 DIST ganglia-web-3.5.6.tar.gz 1331581 SHA256 1f6cabd08424e942aa8cc95bac6bd2cec59a58c343780146cffabea923da1566 SHA512 568470db338d62d56fff3427f686356b2e0f9444bca23d34471a27565047538977f2239c951285c13ea1518547c8e6d6c0a62b03df03af37e45481df93bf0fe8 WHIRLPOOL ef6761041268828c907209088c19145552b33016b2242faa7bc7bef12a88eee6713e7870d9fe88b08e11cb16560f93855fc9db7a4f980398c7f1bab745a25d69 DIST ganglia-web-3.5.8.tar.gz 1431184 SHA256 c1728c6a073a9d4dd66e10a77b0ab34ccf5d7f3ce0d553888390734bc0b79e4c SHA512 1ba5df64801b28a3e412acd6c63301c7911b24d21dc261c9d970bdabeb3c47102ab47e5de89fd5fdcaa6b79a2e9c3421e7abaf0641e25d1f5821c54a232b0933 WHIRLPOOL 739f7873da4a9a559a2e86d98bc24887cf96b120fb9ae03a59a81cc68aea1c72d9c63a0a62bda85578406454b944f805ced6918d2e7fc68e3491f5178f8b47b6 -EBUILD ganglia-web-3.5.10.ebuild 1244 SHA256 4cba6c79db1012dc06e419c76fab426fdd94a8f40d517639c215172076d7eddb SHA512 4f10632d2d80c37e8b219376678991509a5b2b520671fa5f3f41c1fd562f4f884a83565eca2c3e64bd1af733a1bfca393a3d7b66c77cae40f0170d4036a48de9 WHIRLPOOL a83f452b96539748b098a00dce2edf6321ca787bec9e4210aee3a377756dfee2683d0901bd5d50a30a1f18005eb63fda974dda8c91e4daedbd2c6dd0528ad689 +EBUILD ganglia-web-3.5.10-r1.ebuild 1316 SHA256 0cc19147502dbec9b8ef2e52b88944c55bd440aed2a8c246b95b968ac7f1304a SHA512 8acfeae364ddab4ae0204450f00cb290dd83ff3e66c10f09c3e87dc886749a772f1a711e5b7f5f4fd3d8cad126fc6947760a61a48fd7dd694b675c1cad4eed92 WHIRLPOOL d057d7c2d74fa3cd2018e89baa3ce5b1a1706cf598eb2322ccafed20d48303d5e7789975c617915f0f1571c0ed5c1adbffa3b9a68825d8143d931019bf4e39b7 +EBUILD ganglia-web-3.5.6-r1.ebuild 1315 SHA256 6459ac7314fb871cd921ab58f4b140304caa133adfa2266d6669858be5b5abab SHA512 f134ed1362b3c6cf76f04a2a59b6a3f4d7d6df3b69360e3462d389f5370b8c1ff76f5c84b0b00db1a4e1ce6badfa89f6329b0042c0c1e693709f612955ae18e5 WHIRLPOOL 8dc410e47566ab2899ba7d853d16e708168c57879a6025b06e13b5214894c7ac9293049ec87e40caefdc230c4e68124b33d3a1a1ce8f0b6562e05b0ccdb75a39 EBUILD ganglia-web-3.5.6.ebuild 1240 SHA256 b3a69350c4ef11ca4f07d9c3d00870e74795a4f17de098bab24ce09fdd3c8d4c SHA512 63042fadb0354160b5316ce9527ad26e9e159a32e73430d5692df4699cd97938015046695dc84f91d8f221e34dcab011517bd8197824a10d4979263c85d26c51 WHIRLPOOL c09afcf9f4eaf2a1655887f3e14121e6643cfdfae1e8bbba1e82b316b6bf49529219effc702b76ddc4c2f68d6d388b39abb5d11ee05d0a253ca3d2cfd158b854 -EBUILD ganglia-web-3.5.8.ebuild 1243 SHA256 fd7aa2287835a9f1a955b3a43b29a3ccf6e2eafa8cff2796cb9d671c122811f7 SHA512 ca36f8a055d9eab34c3c90d81c9860d1f44fc9791ced3757a279fafd10e1cf4e62a0fdf653d7503b85a2839791fa39a7a53b39a645c33b58c7dea29b718d78ac WHIRLPOOL 70c2bde2bb94d928bb3abc296876c45e3648b98f01f8fb51c8d961c22e1d60a330cc8283030cef1dd0493b5b09e8aab40a6ba077650d004faf8eabc24f255692 -MISC ChangeLog 1800 SHA256 712459f938240daf39157c0ea724adc3296268a82b365e6213ff4e95d6c23427 SHA512 a21d86eba60876afc99ca910905837616cb17ecf433d7e01829b95860f4bec5e9546448a4c0dca2ac319073d6e66d60ba9cc48925ec3663c11351d7faad4ed4b WHIRLPOOL afeeb9008ffdbcb0b50ec6764d77afc70154598dfcc2359a107b3b2713f43e291c738daee1d19f229fc575e845f30ed89ec211ae5d48bed286b18004a301f7ea +EBUILD ganglia-web-3.5.8-r1.ebuild 1315 SHA256 d581cb437ccb990d722dd37e35763dbb31758f0d7c447f054fb5e42856c993d8 SHA512 58995a27f91d1d86514241a31aae0704ec8b40af4075b87eff5e2eb5e74d19acbfb970715d378644537b09a61fa09badd0cc1d2f241a627fe760960252137e54 WHIRLPOOL 7a7efc1dd88ef6a02fc4291b5ed1c006f7740c4f3f7a282280e84d70427919c78ce8be227e69325a4cfa586c89220175391b8a9f893eb216db68ccc67005f29b +MISC ChangeLog 2196 SHA256 51817ca673ae98acad087eb0c0f03c32ad5429c15e5bb400096db800c7b367d4 SHA512 e9bd63ca4eea04cc19be3e2f41afc1c235bf4d517ae251661c3d638c98b9935bdcab3725b20cc69f7e84c032921200f14586982a1cb355f0de03af9add566a1c WHIRLPOOL d64b21046f25e1ba61a8a94a996d4e0861cee1bf9c2bbae50ea37c3f22b48ef8d633f6e8d7fcf9f86156730fe47b9380966cf5179857ab1469fa9b995ac7a14d MISC metadata.xml 228 SHA256 867e2c9cf08802c1ae7c8a1e84fafa792a531488dc15c7e8efd5596b33465d30 SHA512 ced4d7a8792403fe33b4500e75af897dfda1997dbea848fb4c699555e8d1fcad08f54b7c446ecc35306d025edde55d151d89c5e6ba7dba2244854637d4248d28 WHIRLPOOL d3195ff37ccca6b73e2b576c08e70cb057f222608b072b4ce5852522447cd9659d3b86a94a10b97635e82194b41d0f60715ac81cb336d8f4919b914738b1f3ef -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.19 (GNU/Linux) +Version: GnuPG v2.0.22 (GNU/Linux) -iEYEAREIAAYFAlHfPCIACgkQ4MrvBE1wQ8k3oQCgrCejxSNCSV9BlpqziSPYlmiM -jeMAoIstkfz7LIANT0Sv/FINwETfuqUj -=PXC+ +iEYEAREIAAYFAlK4atEACgkQ4MrvBE1wQ8lE5ACdHIylZN2rNw7dKx2MavKwcem/ +u+wAnR4HemA7Z9J6BhpKa21BHauM4ep4 +=V6vF -----END PGP SIGNATURE----- diff --git a/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch new file mode 100644 index 000000000000..6f49bbedb7c0 --- /dev/null +++ b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch @@ -0,0 +1,27 @@ +From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001 +From: Justin Bronder <jsbronder@gmail.com> +Date: Mon, 23 Dec 2013 11:39:03 -0500 +Subject: [PATCH] CVE-2013-6395 fix xss + +https://bugs.gentoo.org/show_bug.cgi?id=492580 +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395 +--- + header.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/header.php b/header.php +index d0a30c2..e1cb0e8 100755 +--- a/header.php ++++ b/header.php +@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time); + ///////////////////////////////////////////////////////////////////////// + if ( $context == "cluster" ) { + if ( isset($user['host_regex']) && $user['host_regex'] != "" ) +- $set_host_regex_value="value='" . $user['host_regex'] . "'"; ++ $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'"; + else + $set_host_regex_value=""; + +-- +1.8.3.2 + diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild new file mode 100644 index 000000000000..2cfbf43136f8 --- /dev/null +++ b/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.10-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $ + +EAPI=4 +WEBAPP_MANUAL_SLOT="yes" +inherit webapp eutils + +DESCRIPTION="Web frontend for sys-cluster/ganglia" +HOMEPAGE="http://ganglia.sourceforge.net" +SRC_URI="mirror://sourceforge/ganglia/${PN}/${PV}/${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="vhosts" + +DEPEND="net-misc/rsync" +RDEPEND=" + ${DEPEND} + ${WEBAPP_DEPEND} + >=sys-cluster/ganglia-3.3.7[-minimal] + dev-lang/php[gd,xml,ctype,cgi] + media-fonts/dejavu" + +src_configure() { + return 0 +} + +src_compile() { + return 0 +} + +src_prepare() { + epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch +} + +src_install() { + webapp_src_preinst + cd "${S}" + emake \ + GDESTDIR="${MY_HTDOCSDIR}" \ + DESTDIR="${D}" \ + APACHE_USER=nobody \ + install || die + webapp_configfile "${MY_HTDOCSDIR}"/conf_default.php + webapp_src_install + + fowners -R nobody:nobody /var/lib/ganglia-web/dwoo + fperms -R 777 /var/lib/ganglia-web/dwoo + + dodoc AUTHORS README TODO || die +} + +pkg_postinst() { + webapp_pkg_postinst + + # upgrade from < 3.5.6 + if [ -d "${ROOT}"/var/lib/ganglia/dwoo ]; then + rm -rf "${ROOT}"/var/lib/ganglia/dwoo || die + fi +} diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild index 7d1719a7268c..9b267454b9c1 100644 --- a/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild +++ b/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.10.ebuild,v 1.1 2013/07/11 23:13:35 jsbronder Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.6-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $ EAPI=4 WEBAPP_MANUAL_SLOT="yes" @@ -30,6 +30,10 @@ src_compile() { return 0 } +src_prepare() { + epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch +} + src_install() { webapp_src_preinst cd "${S}" diff --git a/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild b/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild index 70ed2bbb2bca..f212b195447d 100644 --- a/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild +++ b/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.8.ebuild,v 1.1 2013/06/22 00:02:26 jsbronder Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/ganglia-web/ganglia-web-3.5.8-r1.ebuild,v 1.1 2013/12/23 16:54:37 jsbronder Exp $ EAPI=4 WEBAPP_MANUAL_SLOT="yes" @@ -30,6 +30,10 @@ src_compile() { return 0 } +src_prepare() { + epatch "${FILESDIR}"/CVE-2013-6395-fix-xss.patch +} + src_install() { webapp_src_preinst cd "${S}" |