From 0704b08c54ba98a2310e239e1f7cdc5099cf60a4 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 3 Jul 2018 08:03:42 +0200 Subject: add upstream patch to fix SQL injection CVE-2018-13049 --- 3391f10eacec880aebcd4297bd2658ae13473947.patch | 22 ++++++++++++++++++++++ glpi.spec | 7 ++++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 3391f10eacec880aebcd4297bd2658ae13473947.patch diff --git a/3391f10eacec880aebcd4297bd2658ae13473947.patch b/3391f10eacec880aebcd4297bd2658ae13473947.patch new file mode 100644 index 0000000..85ab682 --- /dev/null +++ b/3391f10eacec880aebcd4297bd2658ae13473947.patch @@ -0,0 +1,22 @@ +From 3391f10eacec880aebcd4297bd2658ae13473947 Mon Sep 17 00:00:00 2001 +From: Johan Cwiklinski +Date: Mon, 2 Jul 2018 08:12:32 +0200 +Subject: [PATCH] Cast limits to integer; fixes #4270 + +--- + inc/search.class.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/inc/search.class.php b/inc/search.class.php +index 79c32856bd..b6f684be26 100644 +--- a/inc/search.class.php ++++ b/inc/search.class.php +@@ -890,7 +890,7 @@ static function constructSQL(array &$data) { + $numrows = 0; + //No search : count number of items using a simple count(ID) request and LIMIT search + if ($data['search']['no_search']) { +- $LIMIT = " LIMIT ".$data['search']['start'].", ".$data['search']['list_limit']; ++ $LIMIT = " LIMIT ".(int)$data['search']['start'].", ".(int)$data['search']['list_limit']; + + // Force group by for all the type -> need to count only on table ID + if (!isset($searchopt[1]['forcegroupby'])) { diff --git a/glpi.spec b/glpi.spec index 6cbbc99..95a1d4c 100644 --- a/glpi.spec +++ b/glpi.spec @@ -42,7 +42,7 @@ Name: %{gh_project} Version: 9.1.7.1 %global schema 9.1.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Free IT asset management software Summary(fr): Gestion Libre de Parc Informatique @@ -60,6 +60,7 @@ Source4: %{name}-nginx.conf Source5: %{name}-fedora-autoloader.php Patch0: https://github.com/glpi-project/glpi/commit/3421ff97909c794839a731e68eb8910a8dea7cc2.patch +Patch1: https://github.com/glpi-project/glpi/commit/3391f10eacec880aebcd4297bd2658ae13473947.patch BuildArch: noarch BuildRequires: gettext @@ -201,6 +202,7 @@ techniciens grâce à une maintenance plus cohérente. %prep %setup -q -n %{name}-%{gh_commit} %patch0 -p1 +%patch1 -p1 grep %{version} config/define.php @@ -457,6 +459,9 @@ fi %changelog +* Tue Jul 3 2018 Remi Collet - 9.1.7.1-3 +- add upstream patch to fix SQL injection CVE-2018-13049 + * Sat Mar 17 2018 Remi Collet - 9.1.7.1-2 - escape get keys to prevent possible xss CVE-2018-7563 -- cgit