packages: dokuwiki/dokuwiki.spec, dokuwiki/fixprivilegeescalationbug.diff (...

glen glen at pld-linux.org
Tue Nov 10 15:20:25 CET 2009 

Author: glen                         Date: Tue Nov 10 14:20:25 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- fixprivilegeescalationbug.diff from debian

---- Files affected:
packages/dokuwiki:
   dokuwiki.spec (1.58 -> 1.59) , fixprivilegeescalationbug.diff (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/dokuwiki/dokuwiki.spec
diff -u packages/dokuwiki/dokuwiki.spec:1.58 packages/dokuwiki/dokuwiki.spec:1.59
--- packages/dokuwiki/dokuwiki.spec:1.58	Tue Nov 10 15:09:06 2009
+++ packages/dokuwiki/dokuwiki.spec	Tue Nov 10 15:20:19 2009
@@ -3,7 +3,7 @@
 Summary(pl.UTF-8):	Aplikacja WWW Wiki oparta na PHP
 Name:		dokuwiki
 Version:	20091110
-Release:	0.5
+Release:	0.7
 License:	GPL v2
 Group:		Applications/WWW
 Source0:	http://dev.splitbrain.org/download/snapshots/dokuwiki-latest.tgz
@@ -36,6 +36,7 @@
 Patch15:	simplepie.patch
 Patch18:	install.patch
 Patch19:	pld-branding.patch
+Patch20:	fixprivilegeescalationbug.diff
 URL:		http://wiki.splitbrain.org/wiki:dokuwiki
 BuildRequires:	rpmbuild(macros) >= 1.520
 Requires:	geshi >= 1.0.7.19
@@ -109,13 +110,14 @@
 %patch14 -p1
 %patch15 -p1
 %patch18 -p1
+%patch19 -p1
+%patch20 -p1
 
 %patch66 -p1
 
 find -name _dummy | xargs rm
-rm -f lib/index.html lib/plugins/index.html
+rm lib/index.html lib/plugins/index.html inc/lang/.htaccess
 
-rm -f inc/lang/.htaccess
 # safe file
 mv conf/words.aspell{.dist,}
 
@@ -333,6 +335,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.59  2009/11/10 14:20:19  glen
+- fixprivilegeescalationbug.diff from debian
+
 Revision 1.58  2009/11/10 14:09:06  glen
 - add pld branding patch (idea from debian)
 

================================================================
Index: packages/dokuwiki/fixprivilegeescalationbug.diff
diff -u /dev/null packages/dokuwiki/fixprivilegeescalationbug.diff:1.1
--- /dev/null	Tue Nov 10 15:20:25 2009
+++ packages/dokuwiki/fixprivilegeescalationbug.diff	Tue Nov 10 15:20:20 2009
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fixprivilegeescalationbug.dpatch by Matti Pöllä <mpo at iki.fi>
+##
+## DP: Hotfix for privilege escalation bug.
+
+ at DPATCH@
+Index: dokuwiki-0.0.20090214/inc/actions.php
+===================================================================
+--- dokuwiki-0.0.20090214.orig/inc/actions.php	2009-02-14 13:13:25.000000000 +0100
++++ dokuwiki-0.0.20090214/inc/actions.php	2009-02-14 19:19:32.000000000 +0100
+@@ -141,6 +141,7 @@
+     act_redirect($ID,$preact);
+   }
+ 
++  $ACT = act_permcheck($ACT);
+   //call template FIXME: all needed vars available?
+   $headers[] = 'Content-Type: text/html; charset=utf-8';
+   trigger_event('ACTION_HEADERS_SEND',$headers,'act_sendheaders');
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/dokuwiki/dokuwiki.spec?r1=1.58&r2=1.59&f=u

More information about the pld-cvs-commit mailing list