Author: zawadaa Date: Fri Apr 30 19:37:54 2010 GMT Module: packages Tag: HEAD ---- Log message: - up to 1.1.5 security fix: - XSS attack - ci forgotten http config file
---- Files affected: packages/viewvc: viewvc.spec (1.19 -> 1.20) , viewvc-httpd.conf (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/viewvc/viewvc.spec diff -u packages/viewvc/viewvc.spec:1.19 packages/viewvc/viewvc.spec:1.20 --- packages/viewvc/viewvc.spec:1.19 Fri Mar 19 00:17:10 2010 +++ packages/viewvc/viewvc.spec Fri Apr 30 21:37:48 2010 @@ -2,12 +2,12 @@ Summary: Browser interface for CVS and Subversion version control repositories Summary(pl.UTF-8): Interfejs przeglądarki do repozytoriów systemów kontroli wersji CVS i Subversion Name: viewvc -Version: 1.1.4 +Version: 1.1.5 Release: 0.1 License: BSD Group: Applications/WWW Source0: http://www.viewvc.org/%{name}-%{version}.tar.gz -# Source0-md5: af1057d9128b983f4e905615b84486a3 +# Source0-md5: da7bbcf6800383ebb23405a064c6faf8 Source1: %{name}-httpd.conf URL: http://www.viewvc.org/ BuildRequires: python-modules @@ -299,6 +299,10 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.20 2010/04/30 19:37:48 zawadaa +- up to 1.1.5 security fix: - XSS attack +- ci forgotten http config file + Revision 1.19 2010/03/18 23:17:10 zawadaa - up to 1.1.4 - security fix: escape user-provided query form input to avoid XSS attack. ================================================================ Index: packages/viewvc/viewvc-httpd.conf diff -u /dev/null packages/viewvc/viewvc-httpd.conf:1.1 --- /dev/null Fri Apr 30 21:37:54 2010 +++ packages/viewvc/viewvc-httpd.conf Fri Apr 30 21:37:49 2010 @@ -0,0 +1,34 @@ +<Directory /usr/share/viewvc> + AllowOverride None + Options +FollowSymlinks + Allow from all +</Directory> + +# Version1 (default): under /cgi-bin/viewvc.cgi address +ScriptAlias /cgi-bin/viewvc.cgi /usr/share/viewvc/bin/cgi/viewvc.cgi +ScriptAlias /cgi-bin/viewvc-query.cgi /usr/share/viewvc/bin/cgi/query.cgi + +# if using apache2 mod_python: +# Alias /viewvc /usr/share/viewvc/bin/mod_python +# <Location /viewvc> +# Allow from all +# <IfModule mod_python.c> +# AddHandler mod_python .py +# PythonPath "sys.path+['/usr/share/viewvc/bin/mod_python']" +# PythonHandler handler +# PythonDebug Off +# </IfModule> +# </Location> + +# Version 2: viewvc as handler to whole vhost: +#<VirtualHost *:80> +# ServerName cvs +# +# Alias /viewvc/ /usr/share/viewvc +# DocumentRoot /usr/share/viewvc/bin/cgi/viewvc.cgi +# <Location /> +# Options ExecCGI +# Allow from all +# </Location> +#</VirtualHost> + ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/viewvc/viewvc.spec?r1=1.19&r2=1.20&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
