Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/www-apps/phpgroupware/files
diff options
context:
space:
mode:
authorAlex Legler <a3li@gentoo.org>2009-08-12 11:10:49 +0000
committerAlex Legler <a3li@gentoo.org>2009-08-12 11:10:49 +0000
commited3431be96e56c7adf0eb975607450b8e613774d (patch)
treea170a9f51a459bae60aa2bbe55e5da50e316302b /www-apps/phpgroupware/files
parentFix rubica changelog. Touched by accident by koffice bump toolie. (diff)
downloadgentoo-2-ed3431be96e56c7adf0eb975607450b8e613774d.tar.gz
gentoo-2-ed3431be96e56c7adf0eb975607450b8e613774d.tar.bz2
gentoo-2-ed3431be96e56c7adf0eb975607450b8e613774d.zip
Non-maintainer commit: Version bump for security bug 278864.
(Portage version: 2.2_rc33/cvs/Linux x86_64)
Diffstat (limited to 'www-apps/phpgroupware/files')
-rw-r--r--www-apps/phpgroupware/files/phpgroupware-SA35519.patch145
1 files changed, 145 insertions, 0 deletions
diff --git a/www-apps/phpgroupware/files/phpgroupware-SA35519.patch b/www-apps/phpgroupware/files/phpgroupware-SA35519.patch
new file mode 100644
index 000000000000..f4cfdda81217
--- /dev/null
+++ b/www-apps/phpgroupware/files/phpgroupware-SA35519.patch
@@ -0,0 +1,145 @@
+Fix security issues described in Secunia Advisory SA35519. Bug 278864.
+svn diff directly from upstream SVN.
+
+Index: phpgwapi/doc/CHANGELOG
+===================================================================
+--- phpgwapi/doc/CHANGELOG (revision 19116)
++++ phpgwapi/doc/CHANGELOG (revision 19117)
+@@ -1,3 +1,22 @@
++[0.9.16.014]
++ Security Release with bug fixes
++ * Remote File Disclosure in /addressbook/csv_import.php
++ * SQL injection in /login.php
++ * XSS in /login.php
++ * Local file inclusion and Remote file execution in
++ /addressbook/inc/class.uiXport.inc.php
++ All via Secunia - see SA35519
++
++ 0.9.14 -> 0.916 upgrade fixes
++
++ Addressbook usability fixes
++
++[0.9.16.013]
++ No release (stupid superstitious reasons)
++
++[0.9.16.012]
++ Upgrade phpsysinfo
++
+ [0.9.16.011]
+ Security Release with bug fixes
+ - Fix for Vulnerability in Calendar
+Index: phpgwapi/inc/class.auth_sql.inc.php
+===================================================================
+--- phpgwapi/inc/class.auth_sql.inc.php (revision 19116)
++++ phpgwapi/inc/class.auth_sql.inc.php (revision 19117)
+@@ -40,11 +40,15 @@
+
+ if ($passwd_type == 'md5')
+ {
++ if(!preg_match('/^[0-9a-f]*$/', $passwd))
++ {
++ return False;
++ }
+ $_passwd = $passwd;
+ }
+
+ $db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND "
+- . "account_pwd='" . $_passwd . "' AND account_status ='A'",__LINE__,__FILE__);
++ . "account_pwd='$_passwd' AND account_status ='A'",__LINE__,__FILE__);
+ $db->next_record();
+
+ if ($db->f('account_lid'))
+Index: login.php
+===================================================================
+--- login.php (revision 19116)
++++ login.php (revision 19117)
+@@ -329,7 +329,7 @@
+ {
+ if (ereg('phpgw_',$name))
+ {
+- $extra_vars .= '&' . $name . '=' . urlencode($value);
++ $extra_vars .= '&' . urlencode($name) . '=' . urlencode($value);
+ }
+ }
+
+Index: addressbook/inc/class.uiXport.inc.php
+===================================================================
+--- addressbook/inc/class.uiXport.inc.php (revision 19116)
++++ addressbook/inc/class.uiXport.inc.php (revision 19117)
+@@ -73,7 +73,8 @@
+
+ function import()
+ {
+- if ($_REQUEST['convert']) //&& ($_FILES['tsvfile']['error'] == UPLOAD_ERR_OK))
++ $conv_type_a = $GLOBALS['phpgw']->session->appsession('conv_type_values_i', 'addressbook');
++ if ($_REQUEST['convert'] && is_array($conv_type_a) && in_array($_REQUEST['conv_type'], $conv_type_a)) //&& ($_FILES['tsvfile']['error'] == UPLOAD_ERR_OK))
+ {
+ $buffer = $this->bo->import($_FILES['tsvfile']['tmp_name'],$_REQUEST['conv_type'],$_REQUEST['private'],$_REQUEST['fcat_id']);
+
+@@ -130,7 +131,7 @@
+ $fname = ereg_replace('_',' ',$myfilearray[$i]);
+ $conv .= '<OPTION VALUE="' . $myfilearray[$i].'">' . $fname . '</OPTION>';
+ }
+-
++ $GLOBALS['phpgw']->session->appsession('conv_type_values_i', 'addressbook', $myfilearray);
+ $this->template->set_var('lang_cancel',lang('Cancel'));
+ $this->template->set_var('lang_cat',lang('Select Category'));
+ $this->template->set_var('cancel_url',$GLOBALS['phpgw']->link('/index.php','menuaction=addressbook.uiaddressbook.index'));
+@@ -173,7 +174,8 @@
+
+ //$entries = $this->bo->$get_data_function($fields, $this->limit, $this->start, $this->order, $this->sort, '', $criteria);
+
+- if ($_REQUEST['convert'])
++ $conv_type_a = $GLOBALS['phpgw']->session->appsession('conv_type_values_e', 'addressbook');
++ if ($_REQUEST['convert'] && is_array($conv_type_a) && in_array($_REQUEST['conv_type'], $conv_type_a))
+ {
+ if ($_REQUEST['conv_type'] == 'none')
+ {
+@@ -248,6 +250,7 @@
+ $conv .= ' <option value="'.$myfilearray[$i].'">'.$fname.'</option>'."\n";
+ }
+
++ $GLOBALS['phpgw']->session->appsession('conv_type_values_e', 'addressbook', $myfilearray);
+ $this->template->set_var('lang_cancel',lang('Cancel'));
+ $this->template->set_var('lang_cat',lang('Select Category'));
+ $this->template->set_var('cat_link',$this->cat_option($this->cat_id,False,False));
+Index: addressbook/csv_import.php
+===================================================================
+--- addressbook/csv_import.php (revision 19116)
++++ addressbook/csv_import.php (revision 19117)
+@@ -31,12 +31,20 @@
+ $GLOBALS['phpgw']->template->set_block('import','ffooter','ffooterhandle');
+ $GLOBALS['phpgw']->template->set_block('import','imported','importedhandle');
+
+- $csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
++ $csvfile = $_FILES['csvfile']['tmp_name'];
+
+ if($_POST['action'] == 'download' && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
+ {
+ $_POST['action'] = '';
+ }
++ if($_POST['action'] == 'import')
++ {
++ $csvfile = $GLOBALS['phpgw']->session->appsession('import_data', 'addressbook');
++ if(!file_exists($csvfile))
++ {
++ $_POST['action'] = '';
++ }
++ }
+ $GLOBALS['phpgw']->template->set_var('action_url',$GLOBALS['phpgw']->link('/addressbook/csv_import.php'));
+
+ $PSep = '||'; // Pattern-Separator, separats the pattern-replacement-pairs in trans
+@@ -175,9 +183,10 @@
+ $GLOBALS['phpgw']->template->set_var('max',200);
+ $GLOBALS['phpgw']->template->parse('ffooterhandle','ffooter');
+ fclose($fp);
+- $old = $csvfile; $csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.basename($csvfile);
+- rename($old,$csvfile);
+- $hiddenvars .= '<input type="hidden" name="csvfile" value="'.$csvfile.'">';
++ $old = $csvfile; $csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/addrbook_import_'.$GLOBALS['phpgw_info']['user']['account_id'].'_'.basename($csvfile);
++ rename($old,$csvfile);
++ $GLOBALS['phpgw']->session->appsession('import_data', 'addressbook', $csvfile);
++ //$hiddenvars .= '<input type="hidden" name="csvfile" value="'.$csvfile.'">';
+ $mktime_lotus = "${PSep}0?([0-9]+)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*)[ .:-]+0?([0-9]*).*$ASep@mktime(${VPre}4,${VPre}5,${VPre}6,${VPre}2,${VPre}3,${VPre}1)";
+ $help_on_trans = "<a name=\"help\"></a><b>How to use Translation's</b><p>".
+ "Translations enable you to change / adapt the content of each CSV field for your needs. <br />".