summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2016-06-16 18:03:28 +0200
committerRemi Collet <fedora@famillecollet.com>2016-06-16 18:03:28 +0200
commit080867c4c5625b6eced80d1ba298846f6430cd89 (patch)
tree3f0e6fc01458b266b030e1ee1b4bece342cba5dc
parent1fbfeb1d44059ac7ada36f77d9b741417e20640e (diff)
owncloud: sync with Fedora
-rw-r--r--owncloud-9.0.2-core-23066-infinite-loop-share-link.patch79
-rw-r--r--owncloud.spec15
2 files changed, 90 insertions, 4 deletions
diff --git a/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch b/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch
new file mode 100644
index 0000000..28b39e9
--- /dev/null
+++ b/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch
@@ -0,0 +1,79 @@
+diff --git a/apps/dav/lib/connector/publicauth.php b/apps/dav/lib/connector/publicauth.php
+index f069a21..36da649 100644
+--- a/apps/dav/lib/connector/publicauth.php
++++ b/apps/dav/lib/connector/publicauth.php
+@@ -89,7 +89,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
+ }
+ return true;
+ } else if (\OC::$server->getSession()->exists('public_link_authenticated')
+- && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) {
++ && \OC::$server->getSession()->get('public_link_authenticated') === (string)$linkItem['id']) {
+ return true;
+ } else {
+ return false;
+diff --git a/apps/files_sharing/lib/helper.php b/apps/files_sharing/lib/helper.php
+index e857974..3dfbf8f 100644
+--- a/apps/files_sharing/lib/helper.php
++++ b/apps/files_sharing/lib/helper.php
+@@ -131,7 +131,7 @@ class Helper {
+ $newHash = '';
+ if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
+ // Save item id in session for future requests
+- \OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
++ \OC::$server->getSession()->set('public_link_authenticated', (string)$linkItem['id']);
+
+ /**
+ * FIXME: Migrate old hashes to new hash format
+@@ -161,7 +161,7 @@ class Helper {
+ else {
+ // not authenticated ?
+ if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
+- || \OC::$server->getSession()->get('public_link_authenticated') !== $linkItem['id']) {
++ || \OC::$server->getSession()->get('public_link_authenticated') !== (string)$linkItem['id']) {
+ return false;
+ }
+ }
+diff --git a/apps/gallery/middleware/envcheckmiddleware.php b/apps/gallery/middleware/envcheckmiddleware.php
+index 8364e52..086da2f 100644
+--- a/apps/gallery/middleware/envcheckmiddleware.php
++++ b/apps/gallery/middleware/envcheckmiddleware.php
+@@ -274,7 +274,7 @@ class EnvCheckMiddleware extends CheckMiddleware {
+ $newHash = '';
+ if ($this->hasher->verify($password, $linkItem['share_with'], $newHash)) {
+ // Save item id in session for future requests
+- $this->session->set('public_link_authenticated', $linkItem['id']);
++ $this->session->set('public_link_authenticated', (string)$linkItem['id']);
+ // @codeCoverageIgnoreStart
+ if (!empty($newHash)) {
+ // For future use
+@@ -296,7 +296,7 @@ class EnvCheckMiddleware extends CheckMiddleware {
+ private function checkSession($linkItem) {
+ // Not authenticated ?
+ if (!$this->session->exists('public_link_authenticated')
+- || $this->session->get('public_link_authenticated') !== $linkItem['id']
++ || $this->session->get('public_link_authenticated') !== (string)$linkItem['id']
+ ) {
+ throw new CheckException("Missing password", Http::STATUS_UNAUTHORIZED);
+ }
+diff --git a/lib/private/share/share.php b/lib/private/share/share.php
+index 3dcfa14..fcd013c 100644
+--- a/lib/private/share/share.php
++++ b/lib/private/share/share.php
+@@ -2477,7 +2477,7 @@ class Share extends Constants {
+ }
+
+ if ( \OC::$server->getSession()->exists('public_link_authenticated')
+- && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) {
++ && \OC::$server->getSession()->get('public_link_authenticated') === (string)$linkItem['id'] ) {
+ return true;
+ }
+
+@@ -2767,7 +2767,7 @@ class Share extends Constants {
+
+ /**
+ * @param IConfig $config
+- * @return bool
++ * @return bool
+ */
+ public static function enforcePassword(IConfig $config) {
+ $enforcePassword = $config->getAppValue('core', 'shareapi_enforce_links_password', 'no');
diff --git a/owncloud.spec b/owncloud.spec
index 82631c7..ec22dca 100644
--- a/owncloud.spec
+++ b/owncloud.spec
@@ -9,7 +9,7 @@
#
Name: owncloud
Version: 9.0.2
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Private file sync and share server
Group: Applications/Internet
@@ -64,11 +64,14 @@ Patch7: %{name}-9.0.2-no_need_for_broken_updater_repair.patch
# Disable the integrity checking whilst a better way to deal with it is found
Patch8: %{name}-9.0.2-default_integrity_check_disabled.patch
+# Backport patch from future 9.0.3 to handle broken shared link issue bz#1346233
+Patch9: %{name}-9.0.2-core-23066-infinite-loop-share-link.patch
+
# Need to work around an NSS issue in el7.2, due to be fix el7.3 bz#1241172
-Patch9: %{name}-8.1.6-work-arround-nss-issue.patch
+Patch10: %{name}-8.1.6-work-arround-nss-issue.patch
# RH provide support for php54 so don't tell users it's EOL
-Patch10: %{name}-8.2.3-dont_warn_php54_eol.patch
+Patch11: %{name}-8.2.3-dont_warn_php54_eol.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -428,9 +431,10 @@ work with an SQLite 3 database stored on the local system.
%patch6 -p1
%patch7 -p1
%patch8 -p1
-%if 0%{?rhel}
%patch9 -p1
+%if 0%{?rhel}
%patch10 -p1
+%patch11 -p1
%endif
# patch backup files and .git stuff
@@ -742,6 +746,9 @@ rm -rf %{buildroot}
%changelog
+* Tue Jun 14 2016 James Hogarth <james.hogarth@gmail.com> - 9.0.2-4
+- Fix an infinite loop on a shared link with password and postgres bz#1346233
+
* Wed Jun 01 2016 James Hogarth <james.hogarth@gmail.com> - 9.0.2-3
- Place composer.json files in %%doc rather than remove them entirely