Bug#465567: updated patch

2008-02-13 Thread Alessandro Ogier 
if i rightly understand the multiple_vulnerabilities-0.8.7a.patch, it
checks with substr_count() if PHP_SELF is contained some way in
SCRIPT_FILENAME, that is valid for every apache configuration, but
require a vanilla tree of cacti application

in debian we have an addictional site/ directory, so this check will
fail

basename()ing $_SERVER["PHP_SELF"] will produce a still valid check
against filesystem, but relax this check:

substr_count(
$_SERVER["SCRIPT_FILENAME"],
basename($_SERVER["PHP_SELF"])
)

HTH,
-- 
Alessandro Ogier
gpg --keyserver pgp.mit.edu --recv-keys EEBB4D0D
diff -ruBbd cacti-0.8.7a/auth_login.php cacti-0.8.7a-patched/auth_login.php
--- cacti-0.8.7a/auth_login.php	2007-11-17 13:11:51.0 -0500
+++ cacti-0.8.7a-patched/auth_login.php	2008-02-11 20:01:10.0 -0500
@@ -51,6 +51,8 @@
 	}
 }
 
+$username = sanitize_search_string($username);
+
 /* process login */
 $copy_user = false;
 $user_auth = false;
diff -ruBbd cacti-0.8.7a/graph.php cacti-0.8.7a-patched/graph.php
--- cacti-0.8.7a/graph.php	2007-11-17 13:11:51.0 -0500
+++ cacti-0.8.7a-patched/graph.php	2008-02-11 20:01:10.0 -0500
@@ -33,10 +33,15 @@
 include("./include/top_graph_header.php");
 
 /* = input validation = */
-input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
+input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
 input_validate_input_number(get_request_var("local_graph_id"));
+input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
 /*  */
 
+if (!isset($_GET['rra_id'])) {
+	$_GET['rra_id'] = 'all';
+}
+
 if ($_GET["rra_id"] == "all") {
 	$sql_where = " where id is not null";
 }else{
diff -ruBbd cacti-0.8.7a/graph_view.php cacti-0.8.7a-patched/graph_view.php
--- cacti-0.8.7a/graph_view.php	2007-11-17 13:11:51.0 -0500
+++ cacti-0.8.7a-patched/graph_view.php	2008-02-11 20:01:10.0 -0500
@@ -34,6 +34,9 @@
 input_validate_input_number(get_request_var("tree_id"));
 input_validate_input_number(get_request_var("leaf_id"));
 input_validate_input_number(get_request_var("rra_id"));
+input_validate_input_regex(get_request_var_request('graph_list'), "^([\,0-9]+)$");
+input_validate_input_regex(get_request_var_request('graph_add'), "^([\,0-9]+)$");
+input_validate_input_regex(get_request_var_request('graph_remove'), "^([\,0-9]+)$");
 /*  */
 
 if (isset($_GET["hide"])) {
@@ -417,7 +420,7 @@
 	
 	
 		
-			 selected>Any
+			 selected>Any
 			', '`', '\'', '"', '|', ',', '?', '~', '+', '[', ']', '{', '}', '#', ';', '!');
-	static $drop_char_replace = array(' ', ' ', ' ', ' ',  '',   '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ');
+	static $drop_char_match =   array('^', '$', '<', '>', '`', '\'', '"', '|', ',', '?', '~', '+', '[', ']', '{', '}', '#', ';', '!', '=');
+	static $drop_char_replace = array(' ', ' ', ' ', ' ',  '',   '', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ');
 
 	/* Replace line endings by a space */
 	$string = preg_replace('/[\n\r]/is', ' ', $string);
diff -ruBbd cacti-0.8.7a/lib/html_utility.php cacti-0.8.7a-patched/lib/html_utility.php
--- cacti-0.8.7a/lib/html_utility.php	2007-11-17 13:11:52.0 -0500
+++ cacti-0.8.7a-patched/lib/html_utility.php	2008-02-11 20:01:53.0 -0500
@@ -158,13 +158,15 @@
@arg $default - the value to return if the specified name does not exist in the
  $_GET array
@returns - the value of the request variable */
-function get_request_var($name, $default = "")
-{
-	if (isset($_GET[$name]))
-	{
+function get_request_var($name, $default = "") {
+	if (isset($_GET[$name])) {
+		if (isset($_POST[$name])) {
+			unset($_POST[$name]);
+			$_REQUEST[$name] =

Bug#396561: xen-3.0: missing x11proto-core-dev in build dependencies

2006-11-01 Thread alessandro ogier 
Package: xen-3.0
Version: 3.0.3-0-1
Severity: serious
Justification: no longer builds from source

Missing build-dep on x11proto-core-dev in debian/control.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-xen-686
Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#396567: xen-3.0: missing libncurses5-dev in build dependencies

2006-11-01 Thread alessandro ogier 
Package: xen-3.0
Version: 3.0.3-0-1
Severity: serious
Justification: no longer builds from source

Missing build-dep on libncurses5-dev in debian/control.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-xen-686
Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#396557: xen-3.0: missing libz-dev in build dependencies

2006-11-01 Thread alessandro ogier 
Package: xen-3.0
Version: 3.0.3-0-1
Severity: serious
Justification: no longer builds from source

Missing build-dep on libz-dev in debian/control.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-xen-686
Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]