[koha-commits] main Koha release repository branch 3.6.x updated. v3.06.00-54-gab04c8f

Git repo owner gitmaster at git.koha-community.org
Tue Nov 29 02:30:39 CET 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.6.x has been updated
       via  ab04c8f27aab9cd30649e01bc9ba4859c9b07bfd (commit)
       via  9c816a2fd4298f49b322562380215816a8d41671 (commit)
       via  4b22534bd0f2b9ddd079307a9c482a6653de41c4 (commit)
       via  218cc183ea2fdb9396498b05d5145d393c444000 (commit)
       via  c63f4a3684897f5ad7c97a72727cc5c106a088f3 (commit)
       via  da171ec31c6cc805ae8efdcb72cd13ea43766e1b (commit)
      from  16189ed8c37960a76d80899004654e617d98bcde (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ab04c8f27aab9cd30649e01bc9ba4859c9b07bfd
Author: Chris Nighswonger <chris.nighswonger at gmail.com>
Date:   Mon Nov 28 20:20:19 2011 -0500

    Release Notes for 3.06.01.000

commit 9c816a2fd4298f49b322562380215816a8d41671
Author: Chris Nighswonger <chris.nighswonger at gmail.com>
Date:   Mon Nov 28 20:16:18 2011 -0500

    Updating Version Number to 3.06.01.000

commit 4b22534bd0f2b9ddd079307a9c482a6653de41c4
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Sat Nov 26 07:39:51 2011 +1300

    Bug 6628 : Stopping a potential vulnerability
    
    Signed-off-by: Frère Sébastien Marie <semarie-koha at latrappe.fr>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    - verified help pages still work
    - verified /cgi-bin/koha/help.pl?url=koha/../catalogue/advsearch.pl does not
    show the template file (did work on master, not after applying patch)
    - verified cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl does not work (didn't work on master or after applying patch)
    
    Signed-off-by: Paul Poulain <paul.poulain at biblibre.com>
    The potential vulnerability would allow anyone to see the content of any .tt file, and .tt only. Was much less critical than the vulnerability for 6629, but it's worth fixing !
    (cherry picked from commit 8664d195671c1a65af7b205b14099c1581c0500b)
    
    Signed-off-by: Chris Nighswonger <chris.nighswonger at gmail.com>

commit 218cc183ea2fdb9396498b05d5145d393c444000
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Sun Nov 27 21:58:04 2011 +1300

    Bug 6629 : Follow up, sanitising in a couple more places
    
    Signed-off-by: Jared Camins-Esakov <jcamins at cpbibliography.com>
    Signed-off-by: Paul Poulain <paul.poulain at biblibre.com>
    (cherry picked from commit af205cb50af430b743fccd84475be15ce14fc84e)
    
    Signed-off-by: Chris Nighswonger <chris.nighswonger at gmail.com>

commit c63f4a3684897f5ad7c97a72727cc5c106a088f3
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Sun Nov 27 21:18:29 2011 +1300

    Bug 6629 : Follow up to trap vuln in webinstaller and fixing the error
    
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Patch fixes problem occuring in web installer.
    (cherry picked from commit 948f65344eb92aa6940ec02b575d6609d1af83f5)
    
    Signed-off-by: Chris Nighswonger <chris.nighswonger at gmail.com>

commit da171ec31c6cc805ae8efdcb72cd13ea43766e1b
Author: Chris Cormack <chrisc at catalyst.net.nz>
Date:   Fri Nov 25 19:07:28 2011 +1300

    Bug 6629 : Sanitizing input from language cookie
    
    I dont think we can use only 2 digits, some languages is much longer
    zh-hans-TW for example
    
    But the regex should stop it bening able handle nasty chars,
    whitelisting safe ones instead
    
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    I checked the patch doesn't break language switching and language selection.
    
    Signed-off-by: Paul Poulain <paul.poulain at biblibre.com>
    I confirm the bug security issue was not here for master, but this fix improve the behaviour, so pushing it
    (cherry picked from commit 9a4e9e54f26b0c1bf69c5be1f5b0fea93134c06a)
    
    Signed-off-by: Chris Nighswonger <chris.nighswonger at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Templates.pm                            |    6 +-
 help.pl                                    |    4 +-
 installer/InstallAuth.pm                   |   18 ++-
 installer/data/mysql/updatedatabase.pl     |    6 +
 installer/install.pl                       |    2 +
 kohaversion.pl                             |    2 +-
 misc/release_notes/release_notes_3_6_1.txt |  192 ++++++++++++++++++++++++++++
 7 files changed, 216 insertions(+), 14 deletions(-)
 create mode 100644 misc/release_notes/release_notes_3_6_1.txt


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list