packages/ganglia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!5 Fix CVE-2019-20378 CVE-2019-20379

Browse Source 
From: @houyingchao 
Reviewed-by: @overweight 
Signed-off-by: @overweight
This commit is contained in:
openeuler-ci-bot 2022-03-02 02:18:16 +00:00 committed by Gitee
commit b17cf8e1f6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2019-20378_CVE-2019-20379.patch Normal file
View File

@ -0,0 +1,31 @@
From ab909037aa30bc200d467eecb1c189565604ba6a Mon Sep 17 00:00:00 2001
From: Adam Tygart <adam.tygart@gmail.com>
Date: Fri, 28 Feb 2020 10:17:20 -0600
Subject: [PATCH] Fix XSS from OBB-1005024
---
graph_all_periods.php | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/graph_all_periods.php b/graph_all_periods.php
index 4e90ccba..9185d646 100644
--- a/graph_all_periods.php
+++ b/graph_all_periods.php
@@ -10,12 +10,12 @@
$data->assign("refresh", $conf['default_refresh']);
$data->assign("conf", $conf);
$data->assign("embed",
- isset($_REQUEST['embed']) ? $_REQUEST['embed'] : NULL);
+ isset($_REQUEST['embed']) ? sanitize($_REQUEST['embed']) : NULL);
$data->assign("mobile",
- isset($_REQUEST['mobile']) ? $_REQUEST['mobile'] : NULL);
-$data->assign("h", isset($_GET['h']) ? $_GET['h'] : NULL);
-$data->assign("g", isset($_GET['g']) ? $_GET['g'] : NULL);
-$data->assign("m", isset($_GET['m']) ? $_GET['m'] : NULL);
+ isset($_REQUEST['mobile']) ? sanitize($_REQUEST['mobile']) : NULL);
+$data->assign("h", isset($_GET['h']) ? sanitize($_GET['h']) : NULL);
+$data->assign("g", isset($_GET['g']) ? sanitize($_GET['g']) : NULL);
+$data->assign("m", isset($_GET['m']) ? sanitize($_GET['m']) : NULL);
$data->assign("html_g",
isset($_GET['g']) ? htmlspecialchars($_GET['g']) : NULL);
$data->assign("html_m",

7
ganglia.spec
View File

@ -6,7 +6,7 @@
Summary: Distributed Monitoring System Summary: Distributed Monitoring System
Name: ganglia Name: ganglia
Version: %{gangver} Version: %{gangver}
Release: 1 Release: 2
License: BSD License: BSD
URL: http://ganglia.sourceforge.net/ URL: http://ganglia.sourceforge.net/
Source0: http://downloads.sourceforge.net/sourceforge/ganglia/ganglia-%{version}.tar.gz Source0: http://downloads.sourceforge.net/sourceforge/ganglia/ganglia-%{version}.tar.gz
@ -21,6 +21,7 @@ Patch1: ganglia-3.7.2-apache.patch
Patch2: ganglia-3.7.2-sflow.patch Patch2: ganglia-3.7.2-sflow.patch
Patch3: ganglia-3.7.2-tirpc-hack.patch Patch3: ganglia-3.7.2-tirpc-hack.patch
Patch4: ganglia-web-5ee6b7.patch Patch4: ganglia-web-5ee6b7.patch
Patch5: CVE-2019-20378_CVE-2019-20379.patch
%if 0%{?systemd} %if 0%{?systemd}
BuildRequires: systemd BuildRequires: systemd
%endif %endif
@ -118,6 +119,7 @@ mv ganglia-web-%{webver} web
pushd web pushd web
%patch0 -p1 %patch0 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
popd popd
%build %build
@ -316,5 +318,8 @@ end
%dir %attr(0755,apache,apache) %{_localstatedir}/lib/%{name}-web/dwoo/compiled %dir %attr(0755,apache,apache) %{_localstatedir}/lib/%{name}-web/dwoo/compiled
%changelog %changelog
* Wed Mar 02 2022 houyingchao <houyingchao@huawei.com> - 3.7.2-2
- Fix CVE-2019-20378 CVE-2019-20379
* Wed Apr 14 2021 chengzihan <chengzihan2@huawei.com> - 3.7.2-1 * Wed Apr 14 2021 chengzihan <chengzihan2@huawei.com> - 3.7.2-1
- package init - package init