Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[8208] branches/1.0/package/fossil
|
From: <abe...@us...> - 2017-03-05 14:33:24
|
Revision: 8208
http://sourceforge.net/p/astlinux/code/8208
Author: abelbeck
Date: 2017-03-05 14:33:22 +0000 (Sun, 05 Mar 2017)
Log Message:
-----------
fossil, version bump to 2.0, adds a hardened SHA1 implementation and understands SHA3-256 hashes
Modified Paths:
--------------
branches/1.0/package/fossil/fossil-0001-proxy-base.patch
branches/1.0/package/fossil/fossil-0002-tmp-file.patch
branches/1.0/package/fossil/fossil.mk
Removed Paths:
-------------
branches/1.0/package/fossil/fossil-0100-upstream-fix-change-password-segfault.patch
Modified: branches/1.0/package/fossil/fossil-0001-proxy-base.patch
===================================================================
--- branches/1.0/package/fossil/fossil-0001-proxy-base.patch 2017-03-02 18:36:14 UTC (rev 8207)
+++ branches/1.0/package/fossil/fossil-0001-proxy-base.patch 2017-03-05 14:33:22 UTC (rev 8208)
@@ -15,7 +15,7 @@
for(i=0; zToken[i] && zToken[i]!='?'; i++){}
--- fossil-1.33/src/main.c.orig 2015-08-17 10:47:53.000000000 -0500
+++ fossil-1.33/src/main.c 2015-08-17 11:19:43.000000000 -0500
-@@ -1098,8 +1098,8 @@
+@@ -1123,8 +1123,8 @@
zCur = PD("SCRIPT_NAME","/");
i = strlen(zCur);
while( i>0 && zCur[i-1]=='/' ) i--;
@@ -28,7 +28,7 @@
}else{
--- fossil-1.33/src/login.c.orig 2015-08-17 23:35:08.000000000 -0500
+++ fossil-1.33/src/login.c 2015-08-17 23:47:02.000000000 -0500
-@@ -1277,9 +1277,9 @@
+@@ -1287,9 +1287,9 @@
Blob redir;
blob_init(&redir, 0, 0);
if( login_wants_https_redirect() ){
Modified: branches/1.0/package/fossil/fossil-0002-tmp-file.patch
===================================================================
--- branches/1.0/package/fossil/fossil-0002-tmp-file.patch 2017-03-02 18:36:14 UTC (rev 8207)
+++ branches/1.0/package/fossil/fossil-0002-tmp-file.patch 2017-03-05 14:33:22 UTC (rev 8208)
@@ -1,6 +1,6 @@
--- fossil-1.33/src/sqlite3.c.orig 2015-08-17 12:26:08.000000000 -0500
+++ fossil-1.33/src/sqlite3.c 2015-08-17 12:34:29.000000000 -0500
-@@ -35091,8 +35091,8 @@
+@@ -35195,8 +35195,8 @@
static const char *azDirs[] = {
0,
0,
Deleted: branches/1.0/package/fossil/fossil-0100-upstream-fix-change-password-segfault.patch
===================================================================
--- branches/1.0/package/fossil/fossil-0100-upstream-fix-change-password-segfault.patch 2017-03-02 18:36:14 UTC (rev 8207)
+++ branches/1.0/package/fossil/fossil-0100-upstream-fix-change-password-segfault.patch 2017-03-05 14:33:22 UTC (rev 8208)
@@ -1,118 +0,0 @@
---- a/src/login.c
-+++ b/src/login.c
-@@ -526,53 +526,63 @@
-
- /* Deal with password-change requests */
- if( g.perm.Password && zPasswd
- && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0
- ){
-- /* The user requests a password change */
-- zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0);
-- if( db_int(1, "SELECT 0 FROM user"
-- " WHERE uid=%d"
-- " AND (constant_time_cmp(pw,%Q)=0"
-- " OR constant_time_cmp(pw,%Q)=0)",
-- g.userUid, zSha1Pw, zPasswd) ){
-- sleep(1);
-+ /* If there is not a "real" login, we cannot change any password. */
-+ if( g.zLogin ){
-+ /* The user requests a password change */
-+ zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0);
-+ if( db_int(1, "SELECT 0 FROM user"
-+ " WHERE uid=%d"
-+ " AND (constant_time_cmp(pw,%Q)=0"
-+ " OR constant_time_cmp(pw,%Q)=0)",
-+ g.userUid, zSha1Pw, zPasswd) ){
-+ sleep(1);
-+ zErrMsg =
-+ @ <p><span class="loginError">
-+ @ You entered an incorrect old password while attempting to change
-+ @ your password. Your password is unchanged.
-+ @ </span></p>
-+ ;
-+ }else if( fossil_strcmp(zNew1,zNew2)!=0 ){
-+ zErrMsg =
-+ @ <p><span class="loginError">
-+ @ The two copies of your new passwords do not match.
-+ @ Your password is unchanged.
-+ @ </span></p>
-+ ;
-+ }else{
-+ char *zNewPw = sha1_shared_secret(zNew1, g.zLogin, 0);
-+ char *zChngPw;
-+ char *zErr;
-+ db_multi_exec(
-+ "UPDATE user SET pw=%Q WHERE uid=%d", zNewPw, g.userUid
-+ );
-+ fossil_free(zNewPw);
-+ zChngPw = mprintf(
-+ "UPDATE user"
-+ " SET pw=shared_secret(%Q,%Q,"
-+ " (SELECT value FROM config WHERE name='project-code'))"
-+ " WHERE login=%Q",
-+ zNew1, g.zLogin, g.zLogin
-+ );
-+ if( login_group_sql(zChngPw, "<p>", "</p>\n", &zErr) ){
-+ zErrMsg = mprintf("<span class=\"loginError\">%s</span>", zErr);
-+ fossil_free(zErr);
-+ }else{
-+ redirect_to_g();
-+ return;
-+ }
-+ }
-+ }else{
- zErrMsg =
- @ <p><span class="loginError">
-- @ You entered an incorrect old password while attempting to change
-- @ your password. Your password is unchanged.
-- @ </span></p>
-- ;
-- }else if( fossil_strcmp(zNew1,zNew2)!=0 ){
-- zErrMsg =
-- @ <p><span class="loginError">
-- @ The two copies of your new passwords do not match.
-- @ Your password is unchanged.
-+ @ The password cannot be changed for this type of login.
-+ @ The password is unchanged.
- @ </span></p>
- ;
-- }else{
-- char *zNewPw = sha1_shared_secret(zNew1, g.zLogin, 0);
-- char *zChngPw;
-- char *zErr;
-- db_multi_exec(
-- "UPDATE user SET pw=%Q WHERE uid=%d", zNewPw, g.userUid
-- );
-- fossil_free(zNewPw);
-- zChngPw = mprintf(
-- "UPDATE user"
-- " SET pw=shared_secret(%Q,%Q,"
-- " (SELECT value FROM config WHERE name='project-code'))"
-- " WHERE login=%Q",
-- zNew1, g.zLogin, g.zLogin
-- );
-- if( login_group_sql(zChngPw, "<p>", "</p>\n", &zErr) ){
-- zErrMsg = mprintf("<span class=\"loginError\">%s</span>", zErr);
-- fossil_free(zErr);
-- }else{
-- redirect_to_g();
-- return;
-- }
- }
- }
- zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */
- zReferer = P("HTTP_REFERER");
- uid = login_is_valid_anonymous(zUsername, zPasswd, P("cs"));
-@@ -699,11 +709,11 @@
- }
- @ </div>
- free(zCaptcha);
- }
- @ </form>
-- if( g.perm.Password ){
-+ if( g.zLogin && g.perm.Password ){
- @ <hr />
- @ <p>Change Password for user <b>%h(g.zLogin)</b>:</p>
- form_begin(0, "%R/login");
- @ <table>
- @ <tr><td class="login_out_label">Old Password:</td>
Modified: branches/1.0/package/fossil/fossil.mk
===================================================================
--- branches/1.0/package/fossil/fossil.mk 2017-03-02 18:36:14 UTC (rev 8207)
+++ branches/1.0/package/fossil/fossil.mk 2017-03-05 14:33:22 UTC (rev 8208)
@@ -4,7 +4,7 @@
#
################################################################################
-FOSSIL_VERSION = 1.37
+FOSSIL_VERSION = 2.0
FOSSIL_SOURCE = fossil-src-$(FOSSIL_VERSION).tar.gz
FOSSIL_SITE = https://www.fossil-scm.org/fossil/uv/download
FOSSIL_DEPENDENCIES = zlib openssl
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
