Hello community,
here is the log from the commit of package horde
checked in at Sun Aug 6 22:27:16 CEST 2006.
--------
--- horde/horde.changes 2006-04-05 14:10:23.000000000 +0200
+++ horde/horde.changes 2006-08-03 14:52:46.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Aug 3 14:42:07 CEST 2006 - mmarek@suse.cz
+
+- updated to version 3.0.11
+ * includes latest security fixes (CVE-2006-1491, CVE-2006-1260,
+ CVE-2006-2195, CVE-2006-3548, CVE-2006-3549)
+
+-------------------------------------------------------------------
Old:
----
horde-3.0.9-CVE-2006-1260.patch
horde-3.0.9-eval.patch
horde-3.0.9-log.patch
horde-3.0.9.tar.bz2
New:
----
horde-3.0.11-log.patch
horde-3.0.11.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ horde.spec ++++++
--- /var/tmp/diff_new_pack.oaFIqh/_old 2006-08-06 22:26:39.000000000 +0200
+++ /var/tmp/diff_new_pack.oaFIqh/_new 2006-08-06 22:26:39.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package horde (Version 3.0.9)
+# spec file for package horde (Version 3.0.11)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -16,13 +16,11 @@
Group: Productivity/Networking/Web/Utilities
Autoreqprov: on
Requires: mod_php_any php-gettext php-mcrypt php-imap php-pear php-pear-log php-session php-dom php php5-pear-auth_sasl php5-pear-date php5-pear-db php5-pear-file php5-pear-mail php5-pear-mail_mime
-Version: 3.0.9
-Release: 12
+Version: 3.0.11
+Release: 1
Source0: %{name}-%{version}.tar.bz2
Source2: README.SuSE
Patch1: %{name}-%{version}-log.patch
-Patch2: %{name}-%{version}-eval.patch
-Patch3: %{name}-%{version}-CVE-2006-1260.patch
URL: http://www.horde.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@@ -46,8 +44,6 @@
%prep
%setup -q
%patch1
-%patch2
-%patch3
grep -ErZl '/usr/(local/)?bin/php' . | \
xargs -0 sed -ri 's@/usr/(local/)?bin/php@/usr/bin/php5@'
cp -a %{S:2} .
@@ -91,6 +87,10 @@
/usr/share/php5/Horde*
%changelog -n horde
+* Thu Aug 03 2006 - mmarek@suse.cz
+- updated to version 3.0.11
+ * includes latest security fixes (CVE-2006-1491, CVE-2006-1260,
+ CVE-2006-2195, CVE-2006-3548, CVE-2006-3549)
* Wed Apr 05 2006 - mmarek@suse.cz
- fix displaying arbitrary files in services/go.php
[#163681] (CVE-2006-1260.patch)
++++++ horde-3.0.9-log.patch -> horde-3.0.11-log.patch ++++++
--- horde/horde-3.0.9-log.patch 2006-01-16 15:40:36.000000000 +0100
+++ horde/horde-3.0.11-log.patch 2006-08-03 14:50:00.000000000 +0200
@@ -1,6 +1,6 @@
--- config/conf.xml
+++ config/conf.xml
-@@ -585,7 +585,7 @@
+@@ -575,7 +575,7 @@
<case name="file" desc="File">
E_ALL & ~E_NOTICE</configphp>
writeln($c->red(_("failed")));
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/horde-3.0.9/services/go.php new/horde-3.0.11/services/go.php
--- old/horde-3.0.9/services/go.php 2005-05-05 16:11:25.000000000 +0200
+++ new/horde-3.0.11/services/go.php 2006-06-22 04:28:40.000000000 +0200
@@ -4,16 +4,12 @@
* referrer data being passed to the remote server and potentially exposing
* any session IDs.
*
- * If an "untrusted" parameter is set, it passes the content of the given URL
- * through to the browser if it doesn't belong to the local site. This can be
- * used to avoid calling local URLs for example by image src attributes.
- *
- * Copyright 2003-2005 Marko Djukic
+ * Copyright 2003-2006 Marko Djukic
*
* See the enclosed file COPYING for license information (LGPL). If you did
* not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
*
- * $Horde: horde/services/go.php,v 1.6.2.3 2005/05/05 14:11:25 jan Exp $
+ * $Horde: horde/services/go.php,v 1.6.2.3.2.6 2006/06/22 02:28:40 chuck Exp $
*
* @author Marko Djukic
*/
@@ -22,25 +18,46 @@
exit;
}
-$_GET['url'] = trim($_GET['url']);
+$url = trim($_GET['url']);
+if (preg_match('/;\s*url\s*=/i', $url)) {
+ /* IE will process the last ;URL= string, not the first, allowing
+ * protocols that shouldn't be let through. */
+ exit;
+}
if (get_magic_quotes_gpc()) {
- $url = @parse_url(trim(stripslashes($_GET['url'])));
+ $parsed_url = @parse_url(stripslashes($url));
} else {
- $url = @parse_url(trim($_GET['url']));
+ $parsed_url = @parse_url($url);
}
-if (empty($url) || empty($url['host'])) {
+if (empty($parsed_url) || empty($parsed_url['host'])) {
exit;
}
+if (empty($parsed_url['path'])) {
+ $parsed_url['path'] = false;
+}
// Do a little due diligence on the target URL. If it's on the same server
// that we're already on, display an intermediate page asking people if
// they're sure they want to click through.
-if ((!empty($_SERVER['SERVER_NAME']) &&
- $_SERVER['SERVER_NAME'] == $url['host']) ||
- (!empty($_SERVER['HTTP_HOST']) &&
- $_SERVER['HTTP_HOST'] == $url['host'])) {
+if (substr(php_sapi_name(), 0, 3) == 'cgi') {
+ // When using CGI PHP, SCRIPT_NAME may contain the path to the PHP binary
+ // instead of the script being run; use PHP_SELF instead.
+ $myurl = $_SERVER['PHP_SELF'];
+} else {
+ $myurl = isset($_SERVER['SCRIPT_NAME']) ?
+ $_SERVER['SCRIPT_NAME'] :
+ $_SERVER['PHP_SELF'];
+}
+$webroot = substr($myurl, 0, -16);
+
+if ((empty($webroot) || strpos($parsed_url['path'], $webroot) === 0) &&
+ !empty($parsed_url['query']) &&
+ ((!empty($_SERVER['SERVER_NAME']) &&
+ $_SERVER['SERVER_NAME'] == $parsed_url['host']) ||
+ (!empty($_SERVER['HTTP_HOST']) &&
+ $_SERVER['HTTP_HOST'] == $parsed_url['host']))) {
?>
<html>
<head>
@@ -51,8 +68,8 @@
<p>
A referring site, an email you were reading, or some other
- untrusted source has attempted to send you to <?php echo
- htmlspecialchars($_GET['url']) ?>. This may be an attempt to
+ potentially untrusted source has attempted to send you to <?php echo
+ htmlspecialchars($url) ?>. This may be an attempt to
delete data or change settings without your knowledge. If
you have any concerns about this URL, please contact your
System Administrator. If you are confident that it is safe,
@@ -60,7 +77,7 @@
</p>
<p>
- <a href="<?php echo htmlspecialchars($_GET['url']) ?>"><?php echo htmlspecialchars($_GET['url']) ?></a>
+ <a href="<?php echo htmlspecialchars($url) ?>"><?php echo htmlspecialchars($url) ?></a>
</p>
</body>
@@ -69,11 +86,4 @@
exit;
}
-// Pass through image content if requested.
-if (!empty($_GET['untrusted'])) {
- readfile($_GET['url']);
- exit;
-}
-
-// Otherwise we're issuing a refresh.
-header('Refresh: 0; URL=' . $_GET['url']);
+header('Refresh: 0; URL=' . $url);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/horde-3.0.9/services/help/index.php new/horde-3.0.11/services/help/index.php
--- old/horde-3.0.9/services/help/index.php 2005-01-03 13:25:45.000000000 +0100
+++ new/horde-3.0.11/services/help/index.php 2006-06-08 18:35:50.000000000 +0200
@@ -1,6 +1,6 @@
<?php
/**
- * $Horde: horde/services/help/index.php,v 2.80.10.1 2005/01/03 12:25:45 jan Exp $
+ * $Horde: horde/services/help/index.php,v 2.80.10.1.2.3 2006/06/08 16:35:50 chuck Exp $
*
* Copyright 1999-2005 Jon Parise <jon@horde.org>
*
@@ -16,7 +16,7 @@
$title = _("Help");
$show = String::lower(Util::getFormData('show', 'index'));
-$module = String::lower(basename(Util::getFormData('module', 'horde')));
+$module = String::lower(preg_replace('/\W/', '', Util::getFormData('module', 'horde')));
$topic = Util::getFormData('topic');
if ($module == 'admin') {
@@ -39,40 +39,45 @@
$menu_url = Util::addParameter($menu_url, array('module' => $module,
'show' => 'menu'));
require HORDE_TEMPLATES . '/help/index.inc';
+ exit;
+}
+
+$bodyClass = 'help';
+require HORDE_TEMPLATES . '/common-header.inc';
+if ($show == 'menu') {
+ /* Set up urls. */
+ $url = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
+ $url = Util::addParameter($url, 'module', $module);
+ $topics_link = Util::addParameter($url, 'show', 'topics');
+ $topics_link = Horde::link($topics_link, _("List Help Topics"), 'header', 'help_main') . _("List Help Topics") . '</a>';
+ $about_link = Util::addParameter($url, 'show', 'about');
+ $about_link = Horde::link($about_link, _("About..."), 'header', 'help_main') . _("About...") . '</a>';
+ require HORDE_TEMPLATES . '/help/menu.inc';
+} elseif ($show == 'about') {
+ $mod_version_constant = String::upper($module) . '_VERSION';
+ if (!defined($mod_version_constant)) {
+ exit;
+ }
+ require $fileroot . '/lib/version.php';
+ $version = String::ucfirst($module) . ' ' . constant($mod_version_constant);
+ $credits = Util::bufferOutput('include', $fileroot . '/docs/CREDITS');
+ $credits = String::convertCharset($credits, 'iso-8859-1', NLS::getCharset());
+ require HORDE_TEMPLATES . '/help/about.inc';
} else {
- $bodyClass = 'help';
- require HORDE_TEMPLATES . '/common-header.inc';
- if ($show == 'menu') {
- /* Set up urls. */
- $url = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
- $url = Util::addParameter($url, 'module', $module);
- $topics_link = Util::addParameter($url, 'show', 'topics');
- $topics_link = Horde::link($topics_link, _("List Help Topics"), 'header', 'help_main') . _("List Help Topics") . '</a>';
- $about_link = Util::addParameter($url, 'show', 'about');
- $about_link = Horde::link($about_link, _("About..."), 'header', 'help_main') . _("About...") . '</a>';
- require HORDE_TEMPLATES . '/help/menu.inc';
- } elseif ($show == 'about') {
- require $fileroot . '/lib/version.php';
- eval('$version = "' . ucfirst($module) . ' " . ' . String::upper($module) . '_VERSION;');
- $credits = Util::bufferOutput('include', $fileroot . '/docs/CREDITS');
- $credits = String::convertCharset($credits, 'iso-8859-1', NLS::getCharset());
- require HORDE_TEMPLATES . '/help/about.inc';
+ $help = &new Help(HELP_SOURCE_FILE, array($help_file, $help_file_fallback));
+ if (($show == 'entry') && !empty($topic)) {
+ $help->lookup($topic);
+ $help->display();
} else {
- $help = &new Help(HELP_SOURCE_FILE, array($help_file, $help_file_fallback));
- if (($show == 'entry') && !empty($topic)) {
- $help->lookup($topic);
- $help->display();
- } else {
- $topics = $help->topics();
- foreach ($topics as $id => $title) {
- $link = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
- $link = Util::addParameter($link, array('show' => 'entry', 'module' => $module, 'topic' => $id));
- echo Horde::link($link);
- echo $title . "</a><br />\n";
- }
+ $topics = $help->topics();
+ foreach ($topics as $id => $title) {
+ $link = Horde::url($registry->get('webroot', 'horde') . '/services/help/');
+ $link = Util::addParameter($link, array('show' => 'entry', 'module' => $module, 'topic' => $id));
+ echo Horde::link($link);
+ echo $title . "</a><br />\n";
}
- $help->cleanup();
}
+ $help->cleanup();
}
require HORDE_TEMPLATES . '/common-footer.inc';
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/horde-3.0.9/templates/prefs/enum.inc new/horde-3.0.11/templates/prefs/enum.inc
--- old/horde-3.0.9/templates/prefs/enum.inc 2005-12-11 19:05:42.000000000 +0100
+++ new/horde-3.0.11/templates/prefs/enum.inc 2005-12-27 18:02:02.000000000 +0100
@@ -1,7 +1,7 @@
<?php echo Horde::label($pref, $_prefs[$pref]['desc']) ?> <?php echo $helplink ?><br />
<select id="<?php echo htmlspecialchars($pref) ?>" name="<?php echo htmlspecialchars($pref) ?>">
-<?php $curval = $prefs->getValue($pref); foreach ($_prefs[$pref]['enum'] as $key => $val): ?>
-