rpms/ipython
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Add upstream patch to fix XSS vulnerability (bug #1259405)

Browse Source
This commit is contained in:
Orion Poplawski 2015-09-02 10:01:09 -06:00
parent ac6accd32a
commit d75e4d68f1
2 changed files with 51 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
3ab41641cf6fce3860c73d5cf4645aa12e1e5892.patch Normal file
View File

@ -0,0 +1,43 @@
From 3ab41641cf6fce3860c73d5cf4645aa12e1e5892 Mon Sep 17 00:00:00 2001
From: Matthias Bussonnier <bussonniermatthias@gmail.com>
Date: Tue, 1 Sep 2015 16:29:25 +0200
Subject: [PATCH] Fix XSS reported on Security list
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
No CVE-ID yet
August 18, 2015
-----
Reported to Quantopian by Juan Broullón <thebrowfc@gmail.com>...
If you create a new folder in the iPython file browser and set
Javascript code as its name the code injected will be executed. So, if I
create a folder called "><img src=x onerror=alert(document.cookie)> and
then I access to it, the cookies will be prompted.
The XSS code is also executed if you access a link pointing directly at
the folder.
jik
------
---
IPython/html/notebookapp.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/IPython/html/notebookapp.py b/IPython/html/notebookapp.py
index 0464144..094812b 100644
--- a/IPython/html/notebookapp.py
+++ b/IPython/html/notebookapp.py
@@ -158,7 +158,9 @@ def init_settings(self, ipython_app, kernel_manager, contents_manager,
_template_path = (_template_path,)
template_path = [os.path.expanduser(path) for path in _template_path]
- jenv_opt = jinja_env_options if jinja_env_options else {}
+ jenv_opt = {"autoescape": True}
+ jenv_opt.update(jinja_env_options if jinja_env_options else {})
+
env = Environment(loader=FileSystemLoader(template_path), **jenv_opt)
sys_info = get_sys_info()

22
ipython.spec
View File

@ -14,7 +14,7 @@
Name: ipython
Version: 3.2.1
Release: 1%{?dist}
Release: 2%{?dist}
Summary: An enhanced interactive Python shell
# See bug #603178 for a quick overview for the choice of licenses
@ -25,6 +25,9 @@ URL: http://ipython.org/
Source0: https://pypi.python.org/packages/source/i/ipython/ipython-%{version}.tar.gz
# Add _jsdir to default search path
Patch0: ipython-2.1.0-_jsdir-search-path.patch
# Fix XSS vulnerability in notebook HTML template handling
# https://bugzilla.redhat.com/show_bug.cgi?id=1259405
Patch1: https://github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892.patch
BuildArch: noarch
BuildRequires: python-devel
@ -391,6 +394,7 @@ This package contains the gui of %{name}, which requires PyQt.
# Patches go here
%patch0 -p1 -b .jsdir
%patch1 -p1 -b .xss
sed -i "s;_jsdir;%{_jsdir};g" \
IPython/html/notebookapp.py
@ -585,10 +589,6 @@ popd
%{python2_sitelib}/IPython/config/
%{python2_sitelib}/IPython/core/
%{python2_sitelib}/IPython/extensions/
#%dir %{python2_sitelib}/IPython/frontend/
#%{python2_sitelib}/IPython/frontend/terminal/
#%{python2_sitelib}/IPython/frontend/__init__.py*
#%{python2_sitelib}/IPython/frontend/consoleapp.py*
%{python2_sitelib}/IPython/lib/
%{python2_sitelib}/IPython/nbformat/
%{python2_sitelib}/IPython/nbconvert/
@ -642,10 +642,6 @@ popd
%{_bindir}/ipcluster3
%{_bindir}/ipcontroller3
%{_bindir}/ipengine3
# no man pages (yet?)
#%{_mandir}/man*/ipython3.*
#%{_mandir}/man*/ipengine3*
#%{_mandir}/man*/ipc*3*
%dir %{python3_sitelib}/IPython
%{python3_sitelib}/IPython/external
@ -672,11 +668,6 @@ popd
%{python3_sitelib}/IPython/config/
%{python3_sitelib}/IPython/core/
%{python3_sitelib}/IPython/extensions/
#%dir %{python3_sitelib}/IPython/frontend/
#%{python3_sitelib}/IPython/frontend/terminal/
#%{python3_sitelib}/IPython/frontend/__pycache__/
#%{python3_sitelib}/IPython/frontend/__init__.py*
#%{python3_sitelib}/IPython/frontend/consoleapp.py*
%{python3_sitelib}/IPython/lib/
%{python3_sitelib}/IPython/nbformat/
%{python3_sitelib}/IPython/nbconvert/
@ -722,6 +713,9 @@ popd
%endif # with_python3
%changelog
* Wed Sep 2 2015 Orion Poplawski <orion@cora.nwra.com> - 3.2.1-2
- Add upstream patch to fix XSS vulnerability (bug #1259405)
* Mon Jul 13 2015 Orion Poplawski <orion@cora.nwra.com> - 3.2.1-1
- Update to 3.2.1