diff options
-rw-r--r-- | meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch | 36 | ||||
-rw-r--r-- | meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb | 1 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch new file mode 100644 index 0000000000..2eec4bf327 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch @@ -0,0 +1,36 @@ +From 4943334fd9bf7dffd49f9e86251ad40b3efe2135 Mon Sep 17 00:00:00 2001 +From: Wang Mingyu <wangmy@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 17:02:20 +0900 +Subject: [PATCH] Fix bug for CVE-2020-15803 + +Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> +--- + frontends/php/include/classes/html/CIFrame.php | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/frontends/php/include/classes/html/CIFrame.php b/frontends/php/include/classes/html/CIFrame.php +index 32220cd..70f2ab5 100644 +--- a/frontends/php/include/classes/html/CIFrame.php ++++ b/frontends/php/include/classes/html/CIFrame.php +@@ -29,6 +29,7 @@ class CIFrame extends CTag { + $this->setHeight($height); + $this->setScrolling($scrolling); + $this->setId($id); ++ $this->setSandbox(); + } + + public function setSrc($value = null) { +@@ -69,4 +70,10 @@ class CIFrame extends CTag { + $this->setAttribute('scrolling', $value); + return $this; + } ++ ++ private function setSandbox() { ++ if (ZBX_IFRAME_SANDBOX !== false) { ++ $this->setAttribute('sandbox', ZBX_IFRAME_SANDBOX); ++ } ++ } + } +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb index 0e0ddd5779..98a31879c4 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb @@ -26,6 +26,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "http://jaist.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/${PV}/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://CVE-2020-15803.patch \ " SRC_URI[md5sum] = "e666539220be93b1af38e40f5fbb1f79" |