Skip to content

Commit

Permalink
Item12285: Build a patch contrib
Browse files Browse the repository at this point in the history 
git-svn-id: http://svn.foswiki.org/trunk/PatchItem12285Contrib@16179 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
  • Loading branch information
GeorgeClark authored and GeorgeClark committed Dec 10, 2012
0 parents commit 16fcca2
Show file tree
Hide file tree
Showing 8 changed files with 342 additions and 0 deletions.
Empty file added TIDY
Empty file.
50 changes: 50 additions & 0 deletions data/System/PatchItem12285Contrib.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
<!--
One line description, required for extensions repository catalog.
* Set SHORTDESCRIPTION = Patch a critical vulnerability in Locale::Maketext
-->
---+!! PatchItem12285Contrib

%SHORTDESCRIPTION%

%TOC%

---++ Usage

This extensions applies a "hotfix" for Item12285 to your Foswiki 1.1.0 thru 1.1.6 system. Foswiki 1.0.x versions need to be manually patched.

<blockquote>
<div class="foswikiAlert">%X% *NOTICE:* This patch addresses a critical
Foswiki vulnerability and should be installed as soon as possible. </div>
</blockquote>

When this extension is installed, it uses the Post-installation exit to apply any patch files found in the manifest. This extension ships with a hotfix for the following items:

| *Original Issue* | *Patch File* | *Description* |
| [[http://foswiki.org/Tasks/Item12285][Item12285]] | =Item12285-001= | Addresses a vulnerability in Locale::Maketext. |

Before any file is patched, a backup is copied to =working/configure/backup/&lt;Item12285-001-date-time&gt;=. Each file that is a candidate to be patched is backed up. If the extensions is installed multple times, a new backup is made for each run, regardless of whether or not the patch will be applied. For this patch, the following files are copied:
* =lib/Foswiki/Macros/MAKETEXT.pm=

Patches are only applied if the target file is an _exact_ match to the original file. There is no attempt to do "fuzzy" patching. Note however that a patch can be built to cover multiple versions of the file.

There is no "dependency order" established between patches. Patches are installed in order of their patch file name.

Patches will be mapped from the default Foswiki filename to the directory location used on the target system.


---++ Installation
%$INSTALL_INSTRUCTIONS%

---++ Info

| Author: | GeorgeClark |
| Copyright &copy;: | Foswiki Contributors |
| License: | GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]) |
| Dependencies: | %$DEPENDENCIES% |
| Version: | %$VERSION% |
| Change History: | <!-- versions below in reverse order -->&nbsp; |
| 1.0 (09 Dec 2012) | Initial version |
| Home: | http://foswiki.org/Extensions/%TOPIC% |
| Support: | http://foswiki.org/Support/%TOPIC% |


59 changes: 59 additions & 0 deletions lib/Foswiki/Contrib/PatchItem12285Contrib.pm
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# See bottom of file for default license and copyright information

=begin TML
---+ package Foswiki::Contrib::PatchItem12285Contrib
This is a stub module for a new contrib. Customise this module as
required.
=cut

package Foswiki::Contrib::PatchItem12285Contrib;

# Always use strict to enforce variable scoping
use strict;
use warnings;

# $VERSION is referred to by Foswiki, and is the only global variable that
# *must* exist in this package. This should always be in the format
# $Rev$ so that Foswiki can determine the checked-in status of the
# extension.
our $VERSION = '1.0';

# $RELEASE is used in the "Find More Extensions" automation in configure.
# It is a manually maintained string used to identify functionality steps.
# You can use any of the following formats:
# tuple - a sequence of integers separated by . e.g. 1.2.3. The numbers
# usually refer to major.minor.patch release or similar. You can
# use as many numbers as you like e.g. '1' or '1.2.3.4.5'.
# isodate - a date in ISO8601 format e.g. 2009-08-07
# date - a date in 1 Jun 2009 format. Three letter English month names only.
# Note: it's important that this string is exactly the same in the extension
# topic - if you use %$RELEASE% with BuildContrib this is done automatically.
our $RELEASE = '1.0';

our $SHORTDESCRIPTION = 'Patch a critical vulnerability in Locale::Maketext.';

1;

__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/
Author: GeorgeClark
Copyright (C) 2008-2011 Foswiki Contributors. Foswiki Contributors
are listed in the AUTHORS file in the root of this distribution.
NOTE: Please extend that file, not this notice.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version. For
more details read LICENSE in the root of this distribution.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
As per the GPL, removal of this notice is prohibited.
2 changes: 2 additions & 0 deletions lib/Foswiki/Contrib/PatchItem12285Contrib/DEPENDENCIES
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ONLYIF ( $Foswiki::Plugins::VERSION < 2.3)
Foswiki::Contrib::PatchFoswikiContrib, >=1.3, perl, Required for old Foswiki versions.
4 changes: 4 additions & 0 deletions lib/Foswiki/Contrib/PatchItem12285Contrib/MANIFEST
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
!noci
data/System/PatchItem12285Contrib.txt 0644
lib/Foswiki/Contrib/PatchItem12285Contrib.pm 0444
working/configure/patch/Item12285-001.patch 0644 Patch to improve Store performance.
24 changes: 24 additions & 0 deletions lib/Foswiki/Contrib/PatchItem12285Contrib/POSTINSTALL
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@

my $this = shift;
my $msgs = '';

my $patchFile = Foswiki::Configure::Util::mapTarget( $this->{_root}, 'working/configure/patch/Item12285-001.patch' );

$msgs .= "Processing $patchFile\n";

require Foswiki::Configure::PatchFile;
my %result = Foswiki::Configure::PatchFile::parsePatch($patchFile);

$msgs .= $result{error} if ( $result{error} );
$msgs .= $result{summary} if ( $result{summary} );

unless ( $result{error} ) {
$msgs .=
Foswiki::Configure::PatchFile::backupTargets( $this->{_root},
\%result );
$msgs .=
Foswiki::Configure::PatchFile::applyPatch( $this->{_root}, \%result );
}

return $msgs;

75 changes: 75 additions & 0 deletions lib/Foswiki/Contrib/PatchItem12285Contrib/build.pl
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
#!/usr/bin/perl -w
#
# Example build class. Copy this file to the equivalent place in your
# plugin or contrib and edit.
#
# Read the comments at the top of lib/Foswiki/Contrib/Build.pm for
# details of how the build process works, and what files you
# have to provide and where.
#
# Requires the environment variable FOSWIKI_LIBS (a colon-separated path
# list) to be set to point at the build system and any required dependencies.
# Usage: ./build.pl [-n] [-v] [target]
# where [target] is the optional build target (build, test,
# install, release, uninstall), test is the default.
# Two command-line options are supported:
# -n Don't actually do anything, just print commands
# -v Be verbose
#

# Standard preamble
use strict;
use warnings;

BEGIN { unshift @INC, split( /:/, $ENV{FOSWIKI_LIBS} ); }

use Foswiki::Contrib::Build;

# Create the build object
my $build = new Foswiki::Contrib::Build('PatchItem12285Contrib');

# Build the target on the command line, or the default target
$build->build( $build->{target} );

=begin TML
You can do a lot more with the build system if you want; for example, to add
a new target, you could do this:
<verbatim>
{
package MyModuleBuild;
our @ISA = qw( Foswiki::Contrib::Build );
sub new {
my $class = shift;
return bless( $class->SUPER::new( "MyModule" ), $class );
}
sub target_mytarget {
my $this = shift;
# Do other build stuff here
}
}
# Create the build object
my $build = new MyModuleBuild();
</verbatim>
You can also specify a different default target server for uploads.
This can be any web on any accessible Foswiki installation.
These defaults will be used when expanding tokens in .txt
files, but be warned, they can be overridden at upload time!
<verbatim>
# name of web to upload to
$build->{UPLOADTARGETWEB} = 'Extensions';
# Full URL of pub directory
$build->{UPLOADTARGETPUB} = 'http://foswiki.org/pub';
# Full URL of bin directory
$build->{UPLOADTARGETSCRIPT} = 'http://foswiki.org/bin';
# Script extension
$build->{UPLOADTARGETSUFFIX} = '';
</verbatim>
=cut
128 changes: 128 additions & 0 deletions working/configure/patch/Item12285-001.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
commit b4d14632bd9e00e2edb11e2da358cdf4d1cf47cd
Author: GeorgeClark <GeorgeClark@0b4bb1d4-4e5a-0410-9cc4-b2b747904278>
Date: Mon Dec 10 00:49:20 2012 +0000

Item12285: Better validations

git-svn-id: http://svn.foswiki.org/trunk@16178 0b4bb1d4-4e5a-0410-9cc4-b2b747904278

~~~PATCH 72c86f0c71519caf6d26efbe174739f6 lib/Foswiki/Macros/MAKETEXT.pm (Foswiki 1.1.0 - 1.1.2)
--- lib/Foswiki/Macros/MAKETEXT.pm.orig 2012-12-09 20:20:07.865197810 -0500
+++ lib/Foswiki/Macros/MAKETEXT.pm 2012-12-09 20:20:22.269033665 -0500
@@ -4,6 +4,10 @@
use strict;
use warnings;

+my $max;
+my $min;
+my $param_error;
+
sub MAKETEXT {
my ( $this, $params ) = @_;

@@ -18,11 +22,16 @@
$str =~ s/~~\[/~[/g;
$str =~ s/~~\]/~]/g;

+ $max = 0;
+ $min = 1;
+ $param_error = 0;
+
# unescape parameters and calculate highest parameter number:
- my $max = 0;
- $str =~ s/~\[(\_(\d+))~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
- $str =~
-s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
+ $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2)/ge;
+ $str =~ s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2)/ge;
+ return $str if ($param_error);
+
+ $str =~ s#\\#\\\\#g;

# get the args to be interpolated.
my $argsStr = $params->{args} || "";
@@ -47,6 +56,22 @@
return $result;
}

+sub _validate {
+ $max = $_[1] if ( $_[1] > $max );
+ $min = $_[1] if ( $_[1] < $min );
+ if ( $_[1] > 100 ) {
+ $param_error = 1;
+ return
+"<span class=\"foswikiAlert\">Excessive parameter number $max, MAKETEXT rejected.</span>";
+ }
+ if ( $_[1] < 1 ) {
+ $param_error = 1;
+ return
+"<span class=\"foswikiAlert\">Invalid parameter <code>\"$_[0]\"</code>, MAKETEXT rejected.</span>";
+ }
+ return "[$_[0]]";
+}
+
1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/


~~~PATCH 160f04fc478c5f9b81d2ef6c9e614074 lib/Foswiki/Macros/MAKETEXT.pm (Foswiki 1.1.3 - 1.1.6)
--- lib/Foswiki/Macros/MAKETEXT.pm.orig 2012-12-09 20:23:52.457636561 -0500
+++ lib/Foswiki/Macros/MAKETEXT.pm 2012-12-09 20:24:15.624372152 -0500
@@ -4,6 +4,10 @@
use strict;
use warnings;

+my $max;
+my $min;
+my $param_error;
+
sub MAKETEXT {
my ( $this, $params ) = @_;

@@ -18,11 +22,16 @@
$str =~ s/~~\[/~[/g;
$str =~ s/~~\]/~]/g;

+ $max = 0;
+ $min = 1;
+ $param_error = 0;
+
# unescape parameters and calculate highest parameter number:
- my $max = 0;
- $str =~ s/~\[(\_(\d+))~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
- $str =~
-s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ $max = $2 if ($2 > $max); "[$1]"/ge;
+ $str =~ s/~\[(\_(\d+))~\]/_validate($1, $2)/ge;
+ $str =~ s/~\[(\*,\_(\d+),[^,]+(,([^,]+))?)~\]/ _validate($1, $2)/ge;
+ return $str if ($param_error);
+
+ $str =~ s#\\#\\\\#g;

# get the args to be interpolated.
my $argsStr = $params->{args} || "";
@@ -47,6 +56,22 @@
return $result;
}

+sub _validate {
+ $max = $_[1] if ( $_[1] > $max );
+ $min = $_[1] if ( $_[1] < $min );
+ if ( $_[1] > 100 ) {
+ $param_error = 1;
+ return
+"<span class=\"foswikiAlert\">Excessive parameter number $max, MAKETEXT rejected.</span>";
+ }
+ if ( $_[1] < 1 ) {
+ $param_error = 1;
+ return
+"<span class=\"foswikiAlert\">Invalid parameter <code>\"$_[0]\"</code>, MAKETEXT rejected.</span>";
+ }
+ return "[$_[0]]";
+}
+
1;
__END__
Foswiki - The Free and Open Source Wiki, http://foswiki.org/


0 comments on commit 16fcca2

Please sign in to comment.