From: Brock W. <ob...@sh...> - 2002-02-13 23:15:20
|
Ok, it's another newbie question. I have never used diff or patch. So I read the man pages for patch and diff, but I get error messages on applying the patch. Based on the notice to apply the upgrade to my 2.0.0 slash site http://slashcode.com/article.pl?sid=02/02/07/1624221&mode=flat&tid=4 I saved the patch to a file "css.patch" diff -U3 -r1.10 Utility.pm --- Slash/Utility/Utility.pm 2001/05/07 17:59:57 1.10 +++ Slash/Utility/Utility.pm 2002/02/07 15:39:15 @@ -2531,6 +2531,7 @@ # special few my %special = ( sid => sub { $_[0] =~ s|[^A-Za-z0-9/._]||g }, + formkey => sub { $_[0] =~ s|[^A-Za-z0-9]||g }, ); # qid is same as sid $special{qid} = $special{sid}; Next I went to where Utility.pm was stored, in my case cd /usr/lib/perl5/site-perl/5.6.0/i386-linux/Slash Then I used the command: patch Utility.pm css.patch I get the following message: Patching file Utility.pm 1 out of 1 hunk FAILED -- saving rejects to Utility.pm.rej same result using: patch < css.patch So what I have I missed ? Is the patch header incorrect for my installation ? ie. is: Slash/Utility/Utility.pm should be: Slash/Utility.pm Thanks in advance for the help. Brock |
From: alex <al...@ya...> - 2002-02-22 10:35:07
|
At 23:18 13/02/2002, Brock Wolfe wrote: > > Based on the notice to apply the upgrade to my 2.0.0 slash site > > http://slashcode.com/article.pl?sid=02/02/07/1624221&mode=flat&tid=4 I can't see anyone posting a reply to this but yes - you seem to be right. The patch is not applicable. I suggest that you just edit Utility.pm manually and add in the line > formkey => sub { $_[0] =~ s|[^A-Za-z0-9]||g }, in the appropriate place. (Don't include the plus sign). If you are really keen you should remove line > Slash/Utility/Utility.pm 2001/05/07 17:59:57 1.10 and replace it with > Slash/Utility/Utility.pm 2002/02/07 15:39:15 That is all that patch would do anyway. Hopefully you have figured this out already. I must say the wording of the original article was very poor - I thought for ages that this security problem did *not* apply to version 2.0.0 > diff -U3 -r1.10 Utility.pm > --- Slash/Utility/Utility.pm 2001/05/07 17:59:57 1.10 > +++ Slash/Utility/Utility.pm 2002/02/07 15:39:15 > @@ -2531,6 +2531,7 @@ > # special few > my %special = ( > sid => sub { $_[0] =~ s|[^A-Za-z0-9/._]||g }, > + formkey => sub { $_[0] =~ s|[^A-Za-z0-9]||g }, > ); > # qid is same as sid > $special{qid} = $special{sid}; Alex |