diff options
| -rw-r--r-- | owncloud-9.0.2-core-23066-infinite-loop-share-link.patch | 79 | ||||
| -rw-r--r-- | owncloud.spec | 15 |
2 files changed, 90 insertions, 4 deletions
diff --git a/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch b/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch new file mode 100644 index 0000000..28b39e9 --- /dev/null +++ b/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch @@ -0,0 +1,79 @@ +diff --git a/apps/dav/lib/connector/publicauth.php b/apps/dav/lib/connector/publicauth.php +index f069a21..36da649 100644 +--- a/apps/dav/lib/connector/publicauth.php ++++ b/apps/dav/lib/connector/publicauth.php +@@ -89,7 +89,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { + } + return true; + } else if (\OC::$server->getSession()->exists('public_link_authenticated') +- && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) { ++ && \OC::$server->getSession()->get('public_link_authenticated') === (string)$linkItem['id']) { + return true; + } else { + return false; +diff --git a/apps/files_sharing/lib/helper.php b/apps/files_sharing/lib/helper.php +index e857974..3dfbf8f 100644 +--- a/apps/files_sharing/lib/helper.php ++++ b/apps/files_sharing/lib/helper.php +@@ -131,7 +131,7 @@ class Helper { + $newHash = ''; + if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) { + // Save item id in session for future requests +- \OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']); ++ \OC::$server->getSession()->set('public_link_authenticated', (string)$linkItem['id']); + + /** + * FIXME: Migrate old hashes to new hash format +@@ -161,7 +161,7 @@ class Helper { + else { + // not authenticated ? + if ( ! \OC::$server->getSession()->exists('public_link_authenticated') +- || \OC::$server->getSession()->get('public_link_authenticated') !== $linkItem['id']) { ++ || \OC::$server->getSession()->get('public_link_authenticated') !== (string)$linkItem['id']) { + return false; + } + } +diff --git a/apps/gallery/middleware/envcheckmiddleware.php b/apps/gallery/middleware/envcheckmiddleware.php +index 8364e52..086da2f 100644 +--- a/apps/gallery/middleware/envcheckmiddleware.php ++++ b/apps/gallery/middleware/envcheckmiddleware.php +@@ -274,7 +274,7 @@ class EnvCheckMiddleware extends CheckMiddleware { + $newHash = ''; + if ($this->hasher->verify($password, $linkItem['share_with'], $newHash)) { + // Save item id in session for future requests +- $this->session->set('public_link_authenticated', $linkItem['id']); ++ $this->session->set('public_link_authenticated', (string)$linkItem['id']); + // @codeCoverageIgnoreStart + if (!empty($newHash)) { + // For future use +@@ -296,7 +296,7 @@ class EnvCheckMiddleware extends CheckMiddleware { + private function checkSession($linkItem) { + // Not authenticated ? + if (!$this->session->exists('public_link_authenticated') +- || $this->session->get('public_link_authenticated') !== $linkItem['id'] ++ || $this->session->get('public_link_authenticated') !== (string)$linkItem['id'] + ) { + throw new CheckException("Missing password", Http::STATUS_UNAUTHORIZED); + } +diff --git a/lib/private/share/share.php b/lib/private/share/share.php +index 3dcfa14..fcd013c 100644 +--- a/lib/private/share/share.php ++++ b/lib/private/share/share.php +@@ -2477,7 +2477,7 @@ class Share extends Constants { + } + + if ( \OC::$server->getSession()->exists('public_link_authenticated') +- && \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) { ++ && \OC::$server->getSession()->get('public_link_authenticated') === (string)$linkItem['id'] ) { + return true; + } + +@@ -2767,7 +2767,7 @@ class Share extends Constants { + + /** + * @param IConfig $config +- * @return bool ++ * @return bool + */ + public static function enforcePassword(IConfig $config) { + $enforcePassword = $config->getAppValue('core', 'shareapi_enforce_links_password', 'no'); diff --git a/owncloud.spec b/owncloud.spec index 82631c7..ec22dca 100644 --- a/owncloud.spec +++ b/owncloud.spec @@ -9,7 +9,7 @@ # Name: owncloud Version: 9.0.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Private file sync and share server Group: Applications/Internet @@ -64,11 +64,14 @@ Patch7: %{name}-9.0.2-no_need_for_broken_updater_repair.patch # Disable the integrity checking whilst a better way to deal with it is found Patch8: %{name}-9.0.2-default_integrity_check_disabled.patch +# Backport patch from future 9.0.3 to handle broken shared link issue bz#1346233 +Patch9: %{name}-9.0.2-core-23066-infinite-loop-share-link.patch + # Need to work around an NSS issue in el7.2, due to be fix el7.3 bz#1241172 -Patch9: %{name}-8.1.6-work-arround-nss-issue.patch +Patch10: %{name}-8.1.6-work-arround-nss-issue.patch # RH provide support for php54 so don't tell users it's EOL -Patch10: %{name}-8.2.3-dont_warn_php54_eol.patch +Patch11: %{name}-8.2.3-dont_warn_php54_eol.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch @@ -428,9 +431,10 @@ work with an SQLite 3 database stored on the local system. %patch6 -p1 %patch7 -p1 %patch8 -p1 -%if 0%{?rhel} %patch9 -p1 +%if 0%{?rhel} %patch10 -p1 +%patch11 -p1 %endif # patch backup files and .git stuff @@ -742,6 +746,9 @@ rm -rf %{buildroot} %changelog +* Tue Jun 14 2016 James Hogarth <james.hogarth@gmail.com> - 9.0.2-4 +- Fix an infinite loop on a shared link with password and postgres bz#1346233 + * Wed Jun 01 2016 James Hogarth <james.hogarth@gmail.com> - 9.0.2-3 - Place composer.json files in %%doc rather than remove them entirely |