[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#599255: unblock: zabbix/1.8.3-2

[ CC'ing Christoph Haas since he's the uploader ]

On 06/10/2010 09:57, Jordi Mallach wrote:
> Package: release.debian.org Severity: normal User: 
> release.debian.org@packages.debian.org Usertags: freeze-exception
> 
> Please unblock package zabbix
> 
> Zabbix 1.8.3 includes a security fix (CVE-2010-2790) plus a series of 
> important packaging fixes.
> 

The diff is quite large. I don't think it's reasonable to unblocking it at
this stage of the freeze.

	 643 files changed, 57774 insertions(+), 93146 deletions(-)

Most of the changes are packaging related. Concerning the security bug, it
seems possible to extract a fix. Looking at the diff (file attached) for
frontends/php/include/classes/class.curl.php, it seems pretty easy to
provide a simple fix. Why didn't you try to do that instead of introducing
this new upstream release?

Regards,

-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/

diff -Nru zabbix-1.8.2/frontends/php/include/classes/class.curl.php zabbix-1.8.3/frontends/php/include/classes/class.curl.php
--- zabbix-1.8.2/frontends/php/include/classes/class.curl.php   2010-03-29 17:22:45.000000000 +0000
+++ zabbix-1.8.3/frontends/php/include/classes/class.curl.php   2010-08-16 08:19:32.000000000 +0000
@@ -49,7 +49,7 @@
                $this->arguments =      array();
 
                if(empty($url)){
-                       $this->formatArguments();
+                       $this->formatGetArguments();
 
                        // $protocol = (zbx_strpos(zbx_strtolower($_SERVER['SERVER_PROTOCOL']), 'shttp') !== false)?'shttp':'http';
                        $protocol = ((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) || ($_SERVER['SERVER_PORT'] == 443)) ? 'https' : 'http';
@@ -57,7 +57,7 @@
                        $this->url = $url = $protocol.'://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$_SERVER['SCRIPT_NAME'].'?'.$this->getQuery();
                }
                else{
-                       $this->url=urldecode($url);
+                       $this->url = $url;
 
                        $tmp_pos = zbx_strpos($this->url,'?');
                        $this->query=($tmp_pos!==false)?(substr($this->url,$tmp_pos+1)):'';
@@ -141,23 +141,28 @@
        }
 
        public function formatQuery(){
-               $query = '';
+               $query = Array();
+
                foreach($this->arguments as $key => $value){
                        if(is_null($value)) continue;
                        if(is_array($value)){
                                foreach($value as $vkey => $vvalue){
-                                       $query.= $key.'['.$vkey.']='.$vvalue.'&';
+                                       if(is_array($vvalue)) continue;
+
+                                       $query[] = $key.'['.$vkey.']='.rawurlencode($vvalue);
                                }
                        }
                        else{
-                               $query.= $key.'='.$value.'&';
+                               $query[] = $key.'='.rawurlencode($value);
                        }
                }
-               $this->query = rtrim($query,'&');
+               $this->query = implode('&', $query);
        }
 
        public function formatGetArguments(){
                $this->arguments = $_GET;
+               if(isset($_COOKIE['zbx_sessionid']))
+                       $this->setArgument('sid', substr($_COOKIE['zbx_sessionid'],16,16));
                $this->formatQuery();
        }
 
@@ -171,23 +176,25 @@
                        foreach($args as $id => $arg){
                                if(empty($arg)) continue;
 
-                               $tmp = explode('=',$arg);
-                               $this->arguments[$tmp[0]] = isset($tmp[1])?$tmp[1]:'';
+                               list($name, $value) = explode('=',$arg);
+                               $this->arguments[$name] = isset($value) ? urldecode($value):'';
                        }
                }
                $this->formatQuery();
        }
 
        public function getUrl(){
-                       $url = $this->protocol ? $this->protocol.'://' : '';
-                       $url .= $this->username ? $this->username : '';
-                       $url .= $this->password ? ':'.$this->password : '';
-                       $url .= $this->host ? $this->host : '';
-                       $url .= $this->port ? ':'.$this->port : '';
-                       $url .= $this->path ? $this->path : '';
-                       $url .= $this->query ? '?'.$this->query : '';
-                       $url .= $this->reference ? '#'.urlencode($this->reference) : '';
-       //SDI($this->getProtocol().' : '.$this->getHost().' : '.$this->getPort().' : '.$this->getPath().' : '.$this->getQuery());
+               $this->formatQuery();
+
+               $url = $this->protocol ? $this->protocol.'://' : '';
+               $url .= $this->username ? $this->username : '';
+               $url .= $this->password ? ':'.$this->password : '';
+               $url .= $this->host ? $this->host : '';
+               $url .= $this->port ? ':'.$this->port : '';
+               $url .= $this->path ? $this->path : '';
+               $url .= $this->query ? '?'.$this->query : '';
+               $url .= $this->reference ? '#'.urlencode($this->reference) : '';
+//SDI($this->getProtocol().' : '.$this->getHost().' : '.$this->getPort().' : '.$this->getPath().' : '.$this->getQuery());
        return $url;
        }
 
@@ -201,7 +208,6 @@
 
        public function setArgument($key,$value=''){
                $this->arguments[$key] = $value;
-               $this->formatQuery();
        }
 
        public function getArgument($key){
@@ -216,6 +222,7 @@
        }
 
        public function getQuery(){
+               $this->formatQuery();
                return $this->query;
        }
Reply to: