[Rt-commit] rt branch, 3.6.10-releng, created. rt-3.6.9-7-g8e47722

Kevin Falcone falcone at bestpractical.com
Mon Nov 30 14:49:25 EST 2009


The branch, 3.6.10-releng has been created
        at  8e47722a3b307917f889cb57d43a15080be3000d (commit)

- Log -----------------------------------------------------------------
commit a8f7dccfb53118c950cc8bebff3e64c069c978a7
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Mon Nov 30 13:45:26 2009 -0500

    Apply patch for session fixation vulnerability (CVE-2009-3585)

diff --git a/html/Elements/SetupSessionCookie b/html/Elements/SetupSessionCookie
index 66cb2f0..3225c0d 100755
--- a/html/Elements/SetupSessionCookie
+++ b/html/Elements/SetupSessionCookie
@@ -50,7 +50,7 @@ return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook
 
 my %cookies    = CGI::Cookie->fetch();
 my $cookiename = "RT_SID_" . $RT::rtname . "." . $ENV{'SERVER_PORT'};
-$SessionCookie ||= $cookies{$cookiename} ? $cookies{$cookiename}->value : undef;
+$SessionCookie = $cookies{$cookiename} ? $cookies{$cookiename}->value : undef;
 
 my %backends   = (
     mysql => 'Apache::Session::MySQL',
@@ -97,6 +97,13 @@ if ($@) {
         undef $cookies{$cookiename};
     };
 }
+elsif ( !($session{'CurrentUser'} && $session{'CurrentUser'}->id) ) {
+    eval {
+        undef $cookies{$cookiename};
+        tied(%session)->delete;
+        tie %session, $session_class, undef, $session_properties;
+    }
+}
 
 if ($@) {
     die loc("RT couldn't store your session.") . "\n"

commit 8e47722a3b307917f889cb57d43a15080be3000d
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Mon Nov 30 10:11:16 2009 -0500

    bump version for 3.6.10 release

diff --git a/configure.ac b/configure.ac
index 762eb34..b895cfb 100755
--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@ AC_REVISION($Revision$)dnl
 
 dnl Setup autoconf
 AC_PREREQ(2.53)
-AC_INIT(RT, [3.6.HEAD], [rt-bugs at bestpractical.com])
+AC_INIT(RT, [3.6.10], [rt-bugs at bestpractical.com])
 AC_CONFIG_SRCDIR([lib/RT.pm.in])
 
 dnl Extract RT version number components

-----------------------------------------------------------------------


More information about the Rt-commit mailing list