release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Search | Go
Wiki > System > PatchItem12285Contrib

PatchItem12285Contrib

Patch a critical vulnerability in Locale::Maketext

Usage

This extensions applies a "hotfix" for Item12285 to your Foswiki 1.1.0 thru 1.1.6 system. Foswiki 1.0.x versions need to be manually patched.

ALERT! NOTICE: This patch addresses a critical Foswiki vulnerability and should be installed as soon as possible.

When this extension is installed, it uses the Post-installation exit to apply any patch files found in the manifest. This extension ships with a hotfix for the following items:

Original Issue Patch File Description Applies to
Item12285 Item12285-001 Addresses a vulnerability in Locale::Maketext. Foswiki 1.1.0 - Foswiki 1.1.2
Item12285 Item12285-002 Addresses a vulnerability in Locale::Maketext. Foswiki 1.1.3 - Foswiki 1.1.6

Before any file is patched, a backup is copied to working/configure/backup/<Item12285-001-date-time>. Each file that is a candidate to be patched is backed up. If the extensions is installed multple times, a new backup is made for each run, regardless of whether or not the patch will be applied. For this patch, the following files are copied:
  • lib/Foswiki/Macros/MAKETEXT.pm

Patches are only applied if the target file is an exact match to the original file. There is no attempt to do "fuzzy" patching. Note however that a patch can be built to cover multiple versions of the file.

There is no "dependency order" established between patches. Patches are installed in order of their patch file name.

Patches will be mapped from the default Foswiki filename to the directory location used on the target system.

Note: This extension was re-released with a slightly different patch. It is strongly recommmended that prior versions of the patch be reverted and the final version be applied.

Installation

You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.

Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".

If you have any problems, or if the extension isn't available in configure, then you can still install manually from the command-line. See http://foswiki.org/Support/ManuallyInstallingExtensions for more help.

Info

Author: GeorgeClark?
Copyright ©: Foswiki Contributors
License: GPL (GNU General Public License)
Dependencies:
NameVersionDescription
Foswiki::Contrib::PatchFoswikiContrib >=1.3Required for old Foswiki versions.
Version: 16191 (2012-12-11)
Change History:  
1.4 (12 Dec 2012) Split patch file so it can be used with patch utility as well.
1.3 (10 Dec 2012) Re-issue with more updates.
1.2 (10 Dec 2012) Reissue with different fix.
1.1 (10 Dec 2012) Minor changes
1.0 (10 Dec 2012) Initial version
Home: http://foswiki.org/Extensions/PatchItem12285Contrib
Support: http://foswiki.org/Support/PatchItem12285Contrib

r1 - 12 Dec 2012 - 16:44:48 - UnknownUser
This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding Wiki? Send feedback