Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package phoronix-test-suite for
openSUSE:Factory checked in at 2022-12-08 16:52:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/phoronix-test-suite (Old)
and /work/SRC/openSUSE:Factory/.phoronix-test-suite.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phoronix-test-suite"
Thu Dec 8 16:52:18 2022 rev:15 rq:1041351 version:10.8.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/phoronix-test-suite/phoronix-test-suite.changes
2022-11-30 15:01:18.777825857 +0100
+++
/work/SRC/openSUSE:Factory/.phoronix-test-suite.new.1835/phoronix-test-suite.changes
2022-12-08 16:52:28.279878292 +0100
@@ -1,0 +2,5 @@
+Thu Dec 8 09:35:32 UTC 2022 - Martin Liška <[email protected]>
+
+- Add fix-CVE-2022-40704.patch that fixes boo#1206079.
+
+-------------------------------------------------------------------
New:
----
fix-CVE-2022-40704.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ phoronix-test-suite.spec ++++++
--- /var/tmp/diff_new_pack.GwGN6W/_old 2022-12-08 16:52:28.847881205 +0100
+++ /var/tmp/diff_new_pack.GwGN6W/_new 2022-12-08 16:52:28.851881225 +0100
@@ -28,6 +28,7 @@
Patch1: harden_phoromatic-server.service.patch
Patch2: harden_phoronix-result-server.service.patch
Patch3: fix-shebang.patch
+Patch4: fix-CVE-2022-40704.patch
# https://github.com/phoronix-test-suite/phoronix-test-suite/issues/505
[bsc#1175508]
BuildRequires: fdupes
BuildRequires: hicolor-icon-theme
++++++ fix-CVE-2022-40704.patch ++++++
>From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001
From: Michael Larabel <[email protected]>
Date: Sat, 23 Jul 2022 07:32:43 -0500
Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in
phoromatic_quit_if_invalid_input_found()
Fixes:
https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678
---
pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/pts-core/phoromatic/phoromatic_functions.php
b/pts-core/phoromatic/phoromatic_functions.php
index 74ccc5444c..c2313dcdea 100644
--- a/pts-core/phoromatic/phoromatic_functions.php
+++ b/pts-core/phoromatic/phoromatic_functions.php
@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys
= null)
{
foreach($input_keys as $key)
{
- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key]))
+ if(isset($_GET[$key]) && !empty($_GET[$key]))
{
- foreach(pts_arrays::to_array($_REQUEST[$key])
as $val_to_check)
+ foreach(pts_arrays::to_array($_GET[$key]) as
$val_to_check)
+ {
+ if(stripos($val_to_check,
$invalid_string) !== false)
+ {
+ echo '<strong>Exited due to
invalid input ( ' . $invalid_string . ') attempted:</strong> ' .
htmlspecialchars($val_to_check);
+ exit;
+ }
+ }
+ }
+ if(isset($_POST[$key]) && !empty($_POST[$key]))
+ {
+ foreach(pts_arrays::to_array($_POST[$key]) as
$val_to_check)
{
if(stripos($val_to_check,
$invalid_string) !== false)
{
