summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2018-07-03 08:03:42 +0200
committerRemi Collet <remi@remirepo.net>2018-07-03 08:03:42 +0200
commit0704b08c54ba98a2310e239e1f7cdc5099cf60a4 (patch)
tree7b7c9e1ea81de57abb3389cf79335047b1205c83
parentfc96accb1b87c262be71a9cef5201aed4b9db0d1 (diff)
add upstream patch to fix SQL injection CVE-2018-13049v9.1
-rw-r--r--3391f10eacec880aebcd4297bd2658ae13473947.patch22
-rw-r--r--glpi.spec7
2 files changed, 28 insertions, 1 deletions
diff --git a/3391f10eacec880aebcd4297bd2658ae13473947.patch b/3391f10eacec880aebcd4297bd2658ae13473947.patch
new file mode 100644
index 0000000..85ab682
--- /dev/null
+++ b/3391f10eacec880aebcd4297bd2658ae13473947.patch
@@ -0,0 +1,22 @@
+From 3391f10eacec880aebcd4297bd2658ae13473947 Mon Sep 17 00:00:00 2001
+From: Johan Cwiklinski <jcwiklinski@teclib.com>
+Date: Mon, 2 Jul 2018 08:12:32 +0200
+Subject: [PATCH] Cast limits to integer; fixes #4270
+
+---
+ inc/search.class.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/inc/search.class.php b/inc/search.class.php
+index 79c32856bd..b6f684be26 100644
+--- a/inc/search.class.php
++++ b/inc/search.class.php
+@@ -890,7 +890,7 @@ static function constructSQL(array &$data) {
+ $numrows = 0;
+ //No search : count number of items using a simple count(ID) request and LIMIT search
+ if ($data['search']['no_search']) {
+- $LIMIT = " LIMIT ".$data['search']['start'].", ".$data['search']['list_limit'];
++ $LIMIT = " LIMIT ".(int)$data['search']['start'].", ".(int)$data['search']['list_limit'];
+
+ // Force group by for all the type -> need to count only on table ID
+ if (!isset($searchopt[1]['forcegroupby'])) {
diff --git a/glpi.spec b/glpi.spec
index 6cbbc99..95a1d4c 100644
--- a/glpi.spec
+++ b/glpi.spec
@@ -42,7 +42,7 @@
Name: %{gh_project}
Version: 9.1.7.1
%global schema 9.1.3
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Free IT asset management software
Summary(fr): Gestion Libre de Parc Informatique
@@ -60,6 +60,7 @@ Source4: %{name}-nginx.conf
Source5: %{name}-fedora-autoloader.php
Patch0: https://github.com/glpi-project/glpi/commit/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
+Patch1: https://github.com/glpi-project/glpi/commit/3391f10eacec880aebcd4297bd2658ae13473947.patch
BuildArch: noarch
BuildRequires: gettext
@@ -201,6 +202,7 @@ techniciens grâce à une maintenance plus cohérente.
%prep
%setup -q -n %{name}-%{gh_commit}
%patch0 -p1
+%patch1 -p1
grep %{version} config/define.php
@@ -457,6 +459,9 @@ fi
%changelog
+* Tue Jul 3 2018 Remi Collet <remi@remirepo.net> - 9.1.7.1-3
+- add upstream patch to fix SQL injection CVE-2018-13049
+
* Sat Mar 17 2018 Remi Collet <remi@remirepo.net> - 9.1.7.1-2
- escape get keys to prevent possible xss CVE-2018-7563