Hi, Attached is a debdiff of the changes I made for 0.0.20090214b-3.1 0-day NMU.
Cheers, Giuseppe
diff -u dokuwiki-0.0.20090214b/debian/changelog
dokuwiki-0.0.20090214b/debian/changelog
--- dokuwiki-0.0.20090214b/debian/changelog
+++ dokuwiki-0.0.20090214b/debian/changelog
@@ -1,3 +1,11 @@
+dokuwiki (0.0.20090214b-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Check against cross-site request forgeries (CSRF)
+ * Fixed multiple vulnerabilities in ACL plugin (Closes: #565406)
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Sun, 17 Jan 2010 14:47:41 +0100
+
dokuwiki (0.0.20090214b-3) unstable; urgency=low
* Fix bashism in debian/postinst. (Closes: #515612)
diff -u dokuwiki-0.0.20090214b/debian/patches/series
dokuwiki-0.0.20090214b/debian/patches/series
--- dokuwiki-0.0.20090214b/debian/patches/series
+++ dokuwiki-0.0.20090214b/debian/patches/series
@@ -6,0 +7 @@
+security.diff
only in patch2:
unchanged:
--- dokuwiki-0.0.20090214b.orig/debian/patches/security.diff
+++ dokuwiki-0.0.20090214b/debian/patches/security.diff
@@ -0,0 +1,78 @@
+SA38183, SA38205
+--- a/lib/plugins/acl/ajax.php
++++ b/lib/plugins/acl/ajax.php
+@@ -19,6 +19,9 @@ require_once(DOKU_INC.'inc/auth.php');
+ //close sesseion
+ session_write_close();
+
++if(!auth_isadmin()) die('forbidden');
++if(!checkSecurityToken()) die('CRSF Attack');
++
+ $ID = getID();
+
+ if(!auth_isadmin) die('for admins only');
+@@ -42,6 +45,7 @@ if($ajax == 'info'){
+ if($ns == '*'){
+ $ns ='';
+ }
++ $ns = cleanID($ns);
+ $lvl = count(explode(':',$ns));
+ $ns = utf8_encodeFN(str_replace(':','/',$ns));
+
+--- a/lib/plugins/acl/admin.php
++++ b/lib/plugins/acl/admin.php
+@@ -88,7 +88,7 @@ class admin_plugin_acl extends DokuWiki_
+ }
+
+ // handle modifications
+- if(isset($_REQUEST['cmd'])){
++ if(isset($_REQUEST['cmd']) && checkSecurityToken()){
+ // scope for modifications
+ if($this->ns){
+ if($this->ns == '*'){
+@@ -269,7 +269,8 @@ class admin_plugin_acl extends DokuWiki_
+ echo '<input type="hidden" name="ns" value="'.hsc($this->ns).'"
/>'.NL;
+ echo '<input type="hidden" name="id" value="'.hsc($ID).'" />'.NL;
+ echo '<input type="hidden" name="do" value="admin" />'.NL;
+- echo '<input type="hidden" name="page" value="acl" />'.NL;
++ echo '<input type="hidden" name="page" value="acl" />'.NL;
++ echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'"
/>'.NL;
+ echo '</div></form>'.NL;
+ }
+
+@@ -440,11 +441,11 @@ class admin_plugin_acl extends DokuWiki_
+ $alt = '+';
+ }
+ $ret .= '<img src="'.$img.'" alt="'.$alt.'" />';
+- $ret .= '<a
href="'.wl('',$this->_get_opts(array('ns'=>$item['id']))).'"
class="idx_dir'.$cl.'">';
++ $ret .= '<a
href="'.wl('',$this->_get_opts(array('ns'=>$item['id'],'sectok'=>getSecurityToken()))).'"
class="idx_dir'.$cl.'">';
+ $ret .= $base;
+ $ret .= '</a>';
+ }else{
+- $ret .= '<a
href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>''))).'"
class="wikilink1'.$cl.'">';
++ $ret .= '<a
href="'.wl('',$this->_get_opts(array('id'=>$item['id'],'ns'=>'','sectok'=>getSecurityToken()))).'"
class="wikilink1'.$cl.'">';
+ $ret .= noNS($item['id']);
+ $ret .= '</a>';
+ }
+@@ -521,7 +522,8 @@ class admin_plugin_acl extends DokuWiki_
+ }
+ echo '<input type="hidden" name="acl_w" value="'.hsc($this->who).'"
/>'.NL;
+ echo '<input type="hidden" name="do" value="admin" />'.NL;
+- echo '<input type="hidden" name="page" value="acl" />'.NL;
++ echo '<input type="hidden" name="page" value="acl" />'.NL;
++ echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'"
/>'.NL;
+ echo '<table class="inline">';
+ echo '<tr>';
+ echo '<th>'.$this->getLang('where').'</th>';
+--- a/lib/plugins/acl/script.js
++++ b/lib/plugins/acl/script.js
+@@ -48,7 +48,8 @@ acl = {
+ data[1] = ajax.encVar('id',frm.elements['id'].value);
+ data[2] = ajax.encVar('acl_t',frm.elements['acl_t'].value);
+ data[3] = ajax.encVar('acl_w',frm.elements['acl_w'].value);
+- data[4] = ajax.encVar('ajax','info');
++ data[4] = ajax.encVar('sectok',frm.elements['sectok'].value);
++ data[5] = ajax.encVar('ajax','info');
+
+ ajax.elementObj = $('acl__info');
+
signature.asc
Description: OpenPGP digital signature
