[Rt-commit] rt branch, 3.8-trunk, updated. rt-3.8.16-19-g91d83d3
Thomas Sibley
trs at bestpractical.com
Wed May 22 15:45:53 EDT 2013
The branch, 3.8-trunk has been updated
via 91d83d3713e4903c470f585542ed259b9d9bb928 (commit)
via 201cc3405e2c133c09a26ec8e1f9a6ef74fe866c (commit)
via c1b9a4a0cfbb6db78ed8b6f255dc41bd226995b7 (commit)
via 31440edc5b59dfee96e903ce9400ee354299894d (commit)
via 82c59453776390a1e70162a0b31386af27fdeea7 (commit)
via 0c37bfdf2146d07253564bfad3b9238478a97783 (commit)
via 7b6583c6546f297c5d34127f5cde7eb9cbb8eff0 (commit)
via 23a1e4d4481f0a742a7774e811c28a21879aa45f (commit)
via b7d7ba365f99a72528ac763dddb96a142131c4b7 (commit)
via f1e5e67a7299c850584c814ebef9807aeeec932e (commit)
via 3a23d71a9e5a9da856d463c19997bc37f18dc4bc (commit)
via e393f3cc94ca5b0346fc0243d848666bc9af2751 (commit)
via 4a1b62b3300832deb18a415c4aff941c1e16a037 (commit)
via 2aa59699290cd2329b264527679b7dd7b681d58e (commit)
via e0b31eae8789d280948293aa4057d200402b4325 (commit)
via 3a452018a8bd4693a8a65df4507ad31257716e28 (commit)
via d3b1c44629a7a0cf04d0b7e5135cbb748fa6899e (commit)
via 0af8930f21828c59f1c15007d0a2fd2ff564b08f (commit)
from 8072ea3dc7ebd66426b88694f14b5bcdf2a3ace1 (commit)
Summary of changes:
bin/rt.in | 16 ++++++++++------
etc/upgrade/3.8.17/schema.Oracle | 1 +
etc/upgrade/3.8.17/schema.Pg | 1 +
etc/upgrade/3.8.17/schema.mysql | 1 +
lib/RT/Interface/Web.pm | 7 ++++---
lib/RT/Ticket_Overlay.pm | 9 +++++++++
.../Tools/Shredder/Elements/Object/RT--Attachment | 2 +-
share/html/Download/CustomFieldValue/dhandler | 2 +-
share/html/Download/Tabular/dhandler | 2 +-
share/html/Elements/ColumnMap | 6 ++++--
share/html/Elements/EditCustomFieldBinary | 2 +-
share/html/Elements/MakeClicky | 19 ++++++++++---------
share/html/Elements/ShowCustomFieldBinary | 2 +-
share/html/Elements/ShowCustomFieldImage | 2 +-
share/html/Ticket/Attachment/dhandler | 2 +-
share/html/Ticket/Elements/ShowAttachments | 2 +-
share/html/Ticket/Elements/ShowTransactionAttachments | 5 +++--
17 files changed, 51 insertions(+), 30 deletions(-)
create mode 100644 etc/upgrade/3.8.17/schema.Oracle
create mode 100644 etc/upgrade/3.8.17/schema.Pg
create mode 100644 etc/upgrade/3.8.17/schema.mysql
- Log -----------------------------------------------------------------
commit 0af8930f21828c59f1c15007d0a2fd2ff564b08f
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Wed Apr 17 20:25:22 2013 -0400
Ensure that filenames in inline image attributes are HTML-escaped
diff --git a/share/html/Ticket/Elements/ShowTransactionAttachments b/share/html/Ticket/Elements/ShowTransactionAttachments
index d33ed7f..d47b54f 100644
--- a/share/html/Ticket/Elements/ShowTransactionAttachments
+++ b/share/html/Ticket/Elements/ShowTransactionAttachments
@@ -231,12 +231,13 @@ my $render_attachment = sub {
}
my $filename = $message->Filename || loc('(untitled)');
+ my $efilename = $m->interp->apply_escapes( $filename, 'h' );
$m->out('<img'
. ' alt="'
- . $filename
+ . $efilename
. '"'
. ' title="'
- . $filename
+ . $efilename
. '"'
. ' src="'
. $AttachPath . '/'
commit d3b1c44629a7a0cf04d0b7e5135cbb748fa6899e
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Apr 18 16:20:43 2013 -0400
Deny direct access to callbacks
Callbacks are meant to be called from the context of an core Mason
component, and do not expect to receive arbitrary input from query
parameters. As such, deny access to them from the top-level request.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 3095943..27f150a 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -497,6 +497,7 @@ sub MaybeRejectPrivateComponentRequest {
/ # leading slash
( Elements |
_elements | # mobile UI
+ Callbacks |
Widgets |
autohandler | # requesting this directly is suspicious
l (_unsafe)? ) # loc component
commit 3a452018a8bd4693a8a65df4507ad31257716e28
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Apr 18 19:30:25 2013 -0400
Protect calls to $m->comp with user input in ColumnMap
$Class may leak in from the user, which would allow calling arbitrary
components. Protect it by using ComponentPathIsSafe, extended to ensure
that the path cannot be truncated early by way of embedded nulls.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 3095943..1c2c3e2 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -831,15 +831,15 @@ sub StaticFileHeaders {
Takes C<PATH> and returns a boolean indicating that the user-specified partial
component path is safe.
-Currently "safe" means that the path does not start with a dot (C<.>) and does
-not contain a slash-dot C</.>.
+Currently "safe" means that the path does not start with a dot (C<.>), does
+not contain a slash-dot C</.>, and does not contain any nulls.
=cut
sub ComponentPathIsSafe {
my $self = shift;
my $path = shift;
- return $path !~ m{(?:^|/)\.};
+ return $path !~ m{(?:^|/)\.} and $path !~ m{\0};
}
=head2 PathIsSafe
diff --git a/share/html/Elements/ColumnMap b/share/html/Elements/ColumnMap
index f87f5ef..d320ba0 100644
--- a/share/html/Elements/ColumnMap
+++ b/share/html/Elements/ColumnMap
@@ -170,8 +170,10 @@ $m->callback( COLUMN_MAP => $COLUMN_MAP, CallbackName => 'Once', CallbackOnce =>
$m->callback( COLUMN_MAP => $COLUMN_MAP );
# first deal with class specific things
-my $class_map = $m->comp("/Elements/$Class/ColumnMap", Attr => $Attr, Name => $Name );
-return $class_map if defined $class_map;
+if (RT::Interface::Web->ComponentPathIsSafe($Class) and $m->comp_exists("/Elements/$Class/ColumnMap")) {
+ my $class_map = $m->comp("/Elements/$Class/ColumnMap", Attr => $Attr, Name => $Name );
+ return $class_map if defined $class_map;
+}
return GetColumnMapEntry( Map => $COLUMN_MAP, Name => $Name, Attribute => $Attr );
</%INIT>
commit e0b31eae8789d280948293aa4057d200402b4325
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Apr 19 23:45:17 2013 -0400
Ensure that subjects cannot contain embedded newlines
The default templates embed the ticket's subject in the outgoing Subject
header -- but have no way to ensure that the subject does not contain
newlines, which could be used to insert additional headers.
Programmatically restricting templates from inserting newlines in the
header section is both difficult and overly limiting, as there are valid
reasons to do so.
Strip all newlines from Subject headers. While this does resolves the
issue for all core RT templates, solving it more generally is
unfortunately not feasable.
diff --git a/etc/upgrade/3.8.17/schema.Oracle b/etc/upgrade/3.8.17/schema.Oracle
new file mode 100644
index 0000000..fad9db0
--- /dev/null
+++ b/etc/upgrade/3.8.17/schema.Oracle
@@ -0,0 +1 @@
+UPDATE Tickets SET Subject = REPLACE(Subject,CHR(10),'');
diff --git a/etc/upgrade/3.8.17/schema.Pg b/etc/upgrade/3.8.17/schema.Pg
new file mode 100644
index 0000000..d748315
--- /dev/null
+++ b/etc/upgrade/3.8.17/schema.Pg
@@ -0,0 +1 @@
+UPDATE Tickets SET Subject = REPLACE(Subject,E'\n','');
diff --git a/etc/upgrade/3.8.17/schema.mysql b/etc/upgrade/3.8.17/schema.mysql
new file mode 100644
index 0000000..f6d59e1
--- /dev/null
+++ b/etc/upgrade/3.8.17/schema.mysql
@@ -0,0 +1 @@
+UPDATE Tickets SET Subject = REPLACE(Subject,'\n','');
diff --git a/lib/RT/Ticket_Overlay.pm b/lib/RT/Ticket_Overlay.pm
index eb482b8..5d51b03 100755
--- a/lib/RT/Ticket_Overlay.pm
+++ b/lib/RT/Ticket_Overlay.pm
@@ -450,6 +450,8 @@ sub Create {
}
}
+ $args{'Subject'} =~ s/\n//g;
+
$RT::Handle->BeginTransaction();
my %params = (
@@ -1772,6 +1774,13 @@ sub QueueObj {
return ($queue_obj);
}
+sub SetSubject {
+ my $self = shift;
+ my $value = shift;
+ $value =~ s/\n//g;
+ return $self->_Set( Field => 'Subject', Value => $value );
+}
+
# }}}
# }}}
commit 2aa59699290cd2329b264527679b7dd7b681d58e
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Apr 19 16:08:36 2013 -0400
Remove filename= suggesions from Content-Disposition lines
No supported standard exists for escaping of the "filename" attribute of
Content-Disposition. This opens the possibility of various injection
attacks through carefully-crafted filenames if AlwaysDownloadAttachments
is enabled.
As the download endpoint is a dhandler, and most locations already
supply the filename after the final /, browsers will assume the correct
filename even if none is supplied to Content-Disposition. Hence, remove
the filename= parameter entirely.
diff --git a/share/html/Download/CustomFieldValue/dhandler b/share/html/Download/CustomFieldValue/dhandler
index ced11fb..a919049 100644
--- a/share/html/Download/CustomFieldValue/dhandler
+++ b/share/html/Download/CustomFieldValue/dhandler
@@ -64,7 +64,7 @@ unless ($OCFV->id) {
my $content_type = $OCFV->ContentType || 'text/plain';
if (RT->Config->Get('AlwaysDownloadAttachments')) {
- $r->headers_out->{'Content-Disposition'} = "attachment; filename=" . $OCFV->Content;
+ $r->headers_out->{'Content-Disposition'} = "attachment";
}
elsif (!RT->Config->Get('TrustHTMLAttachments')) {
$content_type = 'text/plain' if ($content_type =~ /^text\/html/i);
diff --git a/share/html/Download/Tabular/dhandler b/share/html/Download/Tabular/dhandler
index 3ca26f8..2b9bd96 100644
--- a/share/html/Download/Tabular/dhandler
+++ b/share/html/Download/Tabular/dhandler
@@ -61,7 +61,7 @@ my @cols = $class->BasicColumns or return;
#$r->content_type( 'application/octet-stream' );
$r->content_type( 'text/plain' );
-$r->headers_out->{'Content-Disposition'} = "attachment; filename=$filename";
+$r->headers_out->{'Content-Disposition'} = "attachment";
$m->clear_buffer();
$m->out(join("\t", "Id", map $_->[1], @cols), "\n");
foreach my $id (@ids) {
diff --git a/share/html/Ticket/Attachment/dhandler b/share/html/Ticket/Attachment/dhandler
index d68d8bf..8dcaccc 100755
--- a/share/html/Ticket/Attachment/dhandler
+++ b/share/html/Ticket/Attachment/dhandler
@@ -70,7 +70,7 @@
my $content_type = $AttachmentObj->ContentType || 'text/plain';
if (RT->Config->Get('AlwaysDownloadAttachments')) {
- $r->headers_out->{'Content-Disposition'} = "attachment; filename=" . $AttachmentObj->Filename;
+ $r->headers_out->{'Content-Disposition'} = "attachment";
}
elsif (!RT->Config->Get('TrustHTMLAttachments')) {
$content_type = 'text/plain' if ($content_type =~ /^text\/html/i);
commit 4a1b62b3300832deb18a415c4aff941c1e16a037
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Apr 19 16:48:49 2013 -0400
Ensure consistent escaping of filenames in attachment URIs
<% $value |u %> still applies HTML escaping before URI escaping, which
is incorrect, as it leads to files named «a"test".txt» being linked with
URIs like «a%26%2334%3Btest%26%2334%3B.txt» -- the URI-escaped version
of «a"test".txt».
Ensure that these URIs are only URI-escaped (yilding «a%22test%22.txt»
in this example), such that browsers correctly parse the intended
filename from the URI.
diff --git a/share/html/Admin/Tools/Shredder/Elements/Object/RT--Attachment b/share/html/Admin/Tools/Shredder/Elements/Object/RT--Attachment
index 052d848..e8a42c5 100644
--- a/share/html/Admin/Tools/Shredder/Elements/Object/RT--Attachment
+++ b/share/html/Admin/Tools/Shredder/Elements/Object/RT--Attachment
@@ -48,6 +48,6 @@
<%ARGS>
$Object => undef
</%ARGS>
-<a href="<% RT->Config->Get('WebURL') %>/Ticket/Attachment/<% $Object->TransactionId %>/<% $Object->id %>/">
+<a href="<% RT->Config->Get('WebURL') %>/Ticket/Attachment/<% $Object->TransactionId %>/<% $Object->id %>/<% $Object->Filename |un %>">
<% loc('Attachment') %>(<% loc('id') %>:<% $Object->id %>, <% loc('FileName') %>: <% $Object->Filename || loc('(no value)') %>)
</a>
diff --git a/share/html/Elements/EditCustomFieldBinary b/share/html/Elements/EditCustomFieldBinary
index 4700b5d..c74bfd0 100644
--- a/share/html/Elements/EditCustomFieldBinary
+++ b/share/html/Elements/EditCustomFieldBinary
@@ -47,7 +47,7 @@
%# END BPS TAGGED BLOCK }}}
% while ( $Values and my $value = $Values->Next ) {
%# XXX - let user download the file(s) here?
-<input type="checkbox" class="checkbox" name="<%$NamePrefix%><%$CustomField->Id%>-DeleteValueIds" class="CF-<%$CustomField->id%>-Edit" value="<% $value->Id %>" /><a href="<%RT->Config->Get('WebPath')%>/Download/CustomFieldValue/<% $value->Id %>/<% $value->Content %>"><% $value->Content %></a><br />
+<input type="checkbox" class="checkbox" name="<%$NamePrefix%><%$CustomField->Id%>-DeleteValueIds" class="CF-<%$CustomField->id%>-Edit" value="<% $value->Id %>" /><a href="<%RT->Config->Get('WebPath')%>/Download/CustomFieldValue/<% $value->Id %>/<% $value->Content |un %>"><% $value->Content %></a><br />
% }
% if (!$MaxValues || !$Values || $Values->Count < $MaxValues) {
<input type="file" name="<% $NamePrefix %><% $CustomField->Id %>-Upload" class="CF-<%$CustomField->id%>-Edit" />
diff --git a/share/html/Elements/ShowCustomFieldBinary b/share/html/Elements/ShowCustomFieldBinary
index f2fb031..306f463 100644
--- a/share/html/Elements/ShowCustomFieldBinary
+++ b/share/html/Elements/ShowCustomFieldBinary
@@ -45,7 +45,7 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-<a href="<%RT->Config->Get('WebPath')%>/Download/CustomFieldValue/<% $Object->Id %>/<% $Object->Content %>"><% $Object->Content %></a>
+<a href="<%RT->Config->Get('WebPath')%>/Download/CustomFieldValue/<% $Object->Id %>/<% $Object->Content |un %>"><% $Object->Content %></a>
<%ARGS>
$Object => undef
</%ARGS>
diff --git a/share/html/Elements/ShowCustomFieldImage b/share/html/Elements/ShowCustomFieldImage
index 0136e84..0779696 100644
--- a/share/html/Elements/ShowCustomFieldImage
+++ b/share/html/Elements/ShowCustomFieldImage
@@ -45,7 +45,7 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-% my $url = RT->Config->Get('WebPath') . "/Download/CustomFieldValue/".$Object->Id.'/'.$Object->Content;
+% my $url = RT->Config->Get('WebPath') . "/Download/CustomFieldValue/".$Object->Id.'/'.$m->interp->apply_escapes($Object->Content, 'u');
<a href="<% $url %>"><% $Object->Content %></a>
<img type="<% $Object->ContentType %>" height="64" src="<% $url %>" align="middle" />
<%ARGS>
diff --git a/share/html/Ticket/Elements/ShowAttachments b/share/html/Ticket/Elements/ShowAttachments
index 078a149..c6962b0 100755
--- a/share/html/Ticket/Elements/ShowAttachments
+++ b/share/html/Ticket/Elements/ShowAttachments
@@ -82,7 +82,7 @@ if ($size) {
</%PERL>
<li><font size="-2">
-<a href="<%RT->Config->Get('WebPath')%>/Ticket/Attachment/<%$rev->TransactionId%>/<%$rev->Id%>/<%$rev->Filename | u%>">
+<a href="<%RT->Config->Get('WebPath')%>/Ticket/Attachment/<%$rev->TransactionId%>/<%$rev->Id%>/<%$rev->Filename | un %>">
% my $desc = loc("[_1] ([_2]) by [_3]", $rev->CreatedAsString, $size, $m->scomp('/Elements/ShowUser', User => $rev->CreatorObj));
<% $desc |n%>
</a>
commit e393f3cc94ca5b0346fc0243d848666bc9af2751
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Wed Apr 17 20:04:14 2013 -0400
Ensure that URLs placed in HTML attributes are escaped correctly, to prevent XSS injection
diff --git a/share/html/Elements/MakeClicky b/share/html/Elements/MakeClicky
index da202ac..f95fd58 100644
--- a/share/html/Elements/MakeClicky
+++ b/share/html/Elements/MakeClicky
@@ -48,6 +48,12 @@
<%ONCE>
use Regexp::Common qw(URI);
+my $escaper = sub {
+ my $content = shift;
+ RT::Interface::Web::EscapeUTF8( \$content );
+ return $content;
+};
+
my %actions = (
default => sub {
my %args = @_;
@@ -55,15 +61,16 @@ my %actions = (
},
url => sub {
my %args = @_;
+ $args{value} = $escaper->($args{value});
my $result = qq{[<a target="new" href="$args{value}">}. loc('Open URL') .qq{</a>]};
return $args{value} . qq{ <span class="clickylink">$result</span>};
},
url_overwrite => sub {
my %args = @_;
- my $result = qq{<a target="new" href="$args{'value'}">};
+ my $result = qq{<a target="new" href="} . $escaper->($args{'value'}) . q{">};
#XXX: use spaces here. <wbr> are not well supported :(
$args{'value'} =~ s/(\S{30})/$1 /g;
- $result .= qq{$args{'value'}</a>};
+ $result .= $escaper->($args{value}).qq{</a>};
return qq{<span class="clickylink">$result</span>};
},
);
@@ -91,12 +98,6 @@ my $handle = sub {
}
};
-my $escaper = sub {
- my $content = shift;
- RT::Interface::Web::EscapeUTF8( \$content );
- return $content;
-};
-
# Hook to add more Clicky types
# XXX Have to have Page argument, as Mason gets caller wrong in Callback?
# This happens as we are in <%ONCE> block
commit 3a23d71a9e5a9da856d463c19997bc37f18dc4bc
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Wed Apr 24 23:51:59 2013 -0400
Ensure that the default replacement does not pass through unescaped content
This is only relevant in the case of a MakeClicky misconfiguration.
diff --git a/share/html/Elements/MakeClicky b/share/html/Elements/MakeClicky
index f95fd58..583e70f 100644
--- a/share/html/Elements/MakeClicky
+++ b/share/html/Elements/MakeClicky
@@ -57,7 +57,7 @@ my $escaper = sub {
my %actions = (
default => sub {
my %args = @_;
- return $args{value};
+ return $escaper->($args{value});
},
url => sub {
my %args = @_;
commit f1e5e67a7299c850584c814ebef9807aeeec932e
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Apr 18 17:59:09 2013 -0400
Use File::Temp for non-predictable temporary filenames
Previously, RT wrote to /tmp/rt.form.$$, which is a semi-predictable
filename. A malicious user could symlink a file of their choosing into
that location, which a privileged user running bin/rt would then
overwrite. While this race condition would be difficult to exploit, as
it leaves the attacker with no control over the contents of the file,
and relies on beating the race condition, it is still potentially
dangerous.
Use File::Temp to atomically generate a non-predictable filename and
open it for writing.
diff --git a/bin/rt.in b/bin/rt.in
index d89f47e..9cf08fe 100755
--- a/bin/rt.in
+++ b/bin/rt.in
@@ -61,6 +61,7 @@ use HTTP::Request::Common;
use HTTP::Headers;
use Term::ReadLine;
use Time::Local; # used in prettyshow
+use File::Temp;
# strong (GSSAPI based) authentication is supported if the server does provide
# it and the perl modules GSSAPI and LWP::Authen::Negotiate are installed
@@ -1473,16 +1474,19 @@ sub read_passwd {
sub vi {
my ($text) = @_;
- my $file = "/tmp/rt.form.$$";
my $editor = $ENV{EDITOR} || $ENV{VISUAL} || "vi";
- local *F;
local $/ = undef;
- open(F, '>', $file) or die "$file: $!\n"; print F $text; close(F);
- system($editor, $file) && die "Couldn't run $editor.\n";
- open(F, '<', $file) or die "$file: $!\n"; $text = <F>; close(F);
- unlink($file);
+ my $handle = File::Temp->new;
+ print $handle $text;
+ close($handle);
+
+ system($editor, $handle->filename) && die "Couldn't run $editor.\n";
+
+ open( $handle, '<', $handle->filename ) or die "$handle: $!\n";
+ $text = <$handle>;
+ close($handle);
return $text;
}
commit b7d7ba365f99a72528ac763dddb96a142131c4b7
Merge: fe41b3d 4a1b62b
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri May 3 10:30:57 2013 -0700
Merge remote-tracking branch 'private/security/3.8/attachment-filename-escaping' into security/3.8.17-releng
commit 23a1e4d4481f0a742a7774e811c28a21879aa45f
Merge: b7d7ba3 d3b1c44
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri May 3 10:31:01 2013 -0700
Merge remote-tracking branch 'private/security/3.8/deny-direct-callback-access' into security/3.8.17-releng
commit 7b6583c6546f297c5d34127f5cde7eb9cbb8eff0
Merge: 23a1e4d 0af8930
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri May 3 10:31:02 2013 -0700
Merge remote-tracking branch 'private/security/3.8/escape-attachment-filename' into security/3.8.17-releng
commit 0c37bfdf2146d07253564bfad3b9238478a97783
Merge: 7b6583c 3a23d71
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri May 3 10:31:04 2013 -0700
Merge remote-tracking branch 'private/security/3.8/escape-makeclicky' into security/3.8.17-releng
commit 82c59453776390a1e70162a0b31386af27fdeea7
Merge: 0c37bfd 3a45201
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri May 3 10:31:05 2013 -0700
Merge remote-tracking branch 'private/security/3.8/protect-columnmap-comp' into security/3.8.17-releng
commit 31440edc5b59dfee96e903ce9400ee354299894d
Merge: 82c5945 f1e5e67
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri May 3 10:31:07 2013 -0700
Merge remote-tracking branch 'private/security/3.8/rt-predictable-tmpfile' into security/3.8.17-releng
commit c1b9a4a0cfbb6db78ed8b6f255dc41bd226995b7
Merge: 31440ed e0b31ea
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri May 3 10:31:08 2013 -0700
Merge remote-tracking branch 'private/security/3.8/subject-newlines' into security/3.8.17-releng
commit 201cc3405e2c133c09a26ec8e1f9a6ef74fe866c
Author: Thomas Sibley <trs at bestpractical.com>
Date: Wed May 22 12:03:04 2013 -0700
Bump version for 3.8.17
diff --git a/configure.ac b/configure.ac
index 5104d44..b6c8453 100755
--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@ AC_REVISION($Revision$)dnl
dnl Setup autoconf
AC_PREREQ([2.53])
-AC_INIT(RT, 3.8.HEAD, [rt-bugs at bestpractical.com])
+AC_INIT(RT, 3.8.17, [rt-bugs at bestpractical.com])
AC_CONFIG_SRCDIR([lib/RT.pm.in])
dnl Extract RT version number components
commit 91d83d3713e4903c470f585542ed259b9d9bb928
Merge: 8072ea3 201cc34
Author: Thomas Sibley <trs at bestpractical.com>
Date: Wed May 22 12:09:09 2013 -0700
Merge branch 'security/3.8.17-releng' into 3.8-trunk
Version in configure.ac reverted back to 3.8.HEAD.
Resolves:
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list