Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=a1378c66ce817382d55b096fac5ea12169101dfb
commit a1378c66ce817382d55b096fac5ea12169101dfb Author: kikadf <[email protected]> Date: Wed Aug 20 10:49:10 2014 +0200 drupal7-7.22-2arcturus4-x86_64 * Fix CVE-2014-5265, CVE-2014-5266, CVE-2014-5267 diff --git a/source/network-extra/drupal7/FrugalBuild b/source/network-extra/drupal7/FrugalBuild index 2644115..645fae1 100644 --- a/source/network-extra/drupal7/FrugalBuild +++ b/source/network-extra/drupal7/FrugalBuild @@ -1,10 +1,9 @@ # Compiling Time: 0 SBU -# Contributor: kikadf <[email protected]> # Maintainer: CSÉCSY László <[email protected]> pkgname=drupal7 pkgver=7.22 -pkgrel=2arcturus3 +pkgrel=2arcturus4 pkgdesc="An open source content management platform" url="http://drupal.org"; rodepends=('apache' 'php') @@ -21,11 +20,13 @@ options=('stick') # FSA fix *** source=(${source[@]} SA-CORE-2013-003.patch SA-CORE-2014-001.patch - SA-CORE-2014-002.patch SA-CORE-2014-003.patch) + SA-CORE-2014-002.patch SA-CORE-2014-003.patch + SA-CORE-2014-004.patch) sha1sums=(${sha1sums[@]} '55f891eb3f4bebe75473073aad11cb843f19fcfe' \ '239b0251eac1a8dc8fb3a2368423d492df31cdea' \ 'a05c385dd251408ccef5cb7b2df115b1251473b9' \ - '69ae289e73bdc43b8ac926fa7b33e1e99dcf5814') + '69ae289e73bdc43b8ac926fa7b33e1e99dcf5814' \ + 'ebda3d193d0d44741197c618db68109e7e4da694') _F_cd_path="${pkgname//7/}-$pkgver" # *********** diff --git a/source/network-extra/drupal7/SA-CORE-2014-004.patch b/source/network-extra/drupal7/SA-CORE-2014-004.patch new file mode 100644 index 0000000..c5cb936 --- /dev/null +++ b/source/network-extra/drupal7/SA-CORE-2014-004.patch @@ -0,0 +1,86 @@ +Reviewed-by: Gunnar Wolf <[email protected]> +Author: David Rothstein <[email protected]> +Origin: http://git.drupal.org/project/drupal.git Commit: 90e884a +Description: Fixed security issues (denial of service). See http://drupal.org/SA-CORE-2014-004 +Last-Update: 2014-08-06 +Applied-Upstream: Yes + +Index: drupal7/includes/xmlrpc.inc +=================================================================== +--- drupal7.orig/includes/xmlrpc.inc ++++ drupal7/includes/xmlrpc.inc +@@ -178,7 +178,41 @@ function xmlrpc_message_parse($xmlrpc_me + xml_set_element_handler($xmlrpc_message->_parser, 'xmlrpc_message_tag_open', 'xmlrpc_message_tag_close'); + xml_set_character_data_handler($xmlrpc_message->_parser, 'xmlrpc_message_cdata'); + xmlrpc_message_set($xmlrpc_message); +- if (!xml_parse($xmlrpc_message->_parser, $xmlrpc_message->message)) { ++ ++ // Strip XML declaration. ++ $header = preg_replace('/<\?xml.*?\?'.'>/s', '', substr($xmlrpc_message->message, 0, 100), 1); ++ $xml = trim(substr_replace($xmlrpc_message->message, $header, 0, 100)); ++ if ($xml == '') { ++ return FALSE; ++ } ++ // Strip DTD. ++ $header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1); ++ $xml = trim(substr_replace($xml, $header, 0, 200)); ++ if ($xml == '') { ++ return FALSE; ++ } ++ // Confirm the XML now starts with a valid root tag. A root tag can end in [> \t\r\n] ++ $root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n")); ++ // Reject a second DTD. ++ if (strtoupper($root_tag) == '<!DOCTYPE') { ++ return FALSE; ++ } ++ if (!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault'))) { ++ return FALSE; ++ } ++ // Skip parsing if there is an unreasonably large number of tags. ++ try { ++ $dom = new DOMDocument(); ++ @$dom->loadXML($xml); ++ if ($dom->getElementsByTagName('*')->length > variable_get('xmlrpc_message_maximum_tag_count', 30000)) { ++ return FALSE; ++ } ++ } ++ catch (Exception $e) { ++ return FALSE; ++ } ++ ++ if (!xml_parse($xmlrpc_message->_parser, $xml)) { + return FALSE; + } + xml_parser_free($xmlrpc_message->_parser); +Index: drupal7/modules/openid/openid.inc +=================================================================== +--- drupal7.orig/modules/openid/openid.inc ++++ drupal7/modules/openid/openid.inc +@@ -158,6 +158,11 @@ function _openid_xrds_parse($raw_xml) { + return array(); + } + ++ // Also stop parsing if there is an unreasonably large number of tags. ++ if ($dom->getElementsByTagName('*')->length > variable_get('openid_xrds_maximum_tag_count', 30000)) { ++ return array(); ++ } ++ + // Parse the DOM document for the information we need. + if ($xml = simplexml_import_dom($dom)) { + foreach ($xml->children(OPENID_NS_XRD)->XRD as $xrd) { +Index: drupal7/modules/simpletest/tests/xmlrpc.test +=================================================================== +--- drupal7.orig/modules/simpletest/tests/xmlrpc.test ++++ drupal7/modules/simpletest/tests/xmlrpc.test +@@ -211,6 +211,11 @@ class XMLRPCMessagesTestCase extends Dru + * Make sure that XML-RPC can transfer large messages. + */ + function testSizedMessages() { ++ // These tests can produce up to 128 x 160 words in the XML-RPC message ++ // (see xmlrpc_test_message_sized_in_kb()) with 4 tags used to represent ++ // each. Set a large enough tag limit to allow this to be tested. ++ variable_set('xmlrpc_message_maximum_tag_count', 100000); ++ + $xml_url = url(NULL, array('absolute' => TRUE)) . 'xmlrpc.php'; + $sizes = array(8, 80, 160); + foreach ($sizes as $size) {
_______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
