- added sql_injection_template_export.patch. Resolves: CVE-2010-1431

- rel 11

Changed files:
    cacti.spec -> 1.123
    sql_injection_template_export.patch -> 1.1

diff --git a/cacti.spec b/cacti.spec
index eb5f923ce5ff3da0e94d04befbc7da9318a72a76..7bdf99731439157f4fe3a3ed6226a15c97bc5431 100644 (file)
--- a/cacti.spec
+++ b/cacti.spec
@@ -3,7 +3,7 @@ Summary:        Cacti is a PHP frontend for rrdtool
 Summary(pl.UTF-8):     Cacti - frontend w PHP do rrdtoola
 Name:          cacti
 Version:       0.8.7e
-Release:       10
+Release:       11
 License:       GPL
 Group:         Applications/WWW
 Source0:       http://www.cacti.net/downloads/%{name}-%{version}.tar.gz
@@ -19,6 +19,7 @@ Patch101:     http://www.cacti.net/downloads/patches/0.8.7e/snmp_invalid_response.pa
 Patch102:      http://www.cacti.net/downloads/patches/0.8.7e/template_duplication.patch
 Patch103:      http://www.cacti.net/downloads/patches/0.8.7e/fix_icmp_on_windows_iis_servers.patch
 Patch104:      http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
+Patch105:      http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
 # http://cactiusers.org/wiki/PluginArchitectureInstall
 # http://mirror.cactiusers.org/downloads/plugins/cacti-plugin-0.8.7e-PA-v2.6.zip
 Patch0:                %{name}-PA.patch
@@ -123,6 +124,7 @@ Dokumentacja do Cacti w formacie HTML.
 %patch102 -p1
 %patch103 -p1
 %patch104 -p1
+%patch105 -p1
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1

diff --git a/sql_injection_template_export.patch b/sql_injection_template_export.patch
new file mode 100644 (file)
index 0000000..397990c
--- /dev/null
+++ b/sql_injection_template_export.patch
@@ -0,0 +1,13 @@
+--- cacti-0.8.7e/templates_export.php  2009-06-28 12:07:11.000000000 -0400
++++ cacti-fixed/templates_export.php   2010-04-17 14:08:42.000000000 -0400
+@@ -49,6 +49,10 @@
+ function form_save() {
+       global $export_types;
+ 
++    /* ================= input validation ================= */
++    input_validate_input_number(get_request_var_post("export_item_id"));
++    /* ==================================================== */
++
+       if (isset($_POST["save_component_export"])) {
+               $xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
+