From 9b85c6ec4e403b9445f353c0198af9e2eb80a1fb Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 17 Dec 2012 13:21:57 -0500
Subject: [PATCH] CVE-2012-5642: Escape the content of <matches> since its
 value could contain arbitrary symbols (Closes: #696184)

---
 debian/changelog                              |  7 +++
 debian/patches/series                         |  1 +
 .../up_escape-the-content-of-matches.patch    | 47 +++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 debian/patches/up_escape-the-content-of-matches.patch

diff --git a/debian/changelog b/debian/changelog
index a8e868dd..c26ee5fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+fail2ban (0.8.6-3wheezy1) unstable; urgency=high
+
+  * CVE-2012-5642: Escape the content of <matches> since its value could
+    contain arbitrary symbols (Closes: #696184)
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 17 Dec 2012 13:19:32 -0500
+
 fail2ban (0.8.6-3) unstable; urgency=low
 
   * Added dovecot section to Debian's jail.conf.  Thanks to Laurent
diff --git a/debian/patches/series b/debian/patches/series
index b7728eee..60cb5deb 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
+up_escape-the-content-of-matches.patch
 deb_manpages_reportbug
diff --git a/debian/patches/up_escape-the-content-of-matches.patch b/debian/patches/up_escape-the-content-of-matches.patch
new file mode 100644
index 00000000..faa93888
--- /dev/null
+++ b/debian/patches/up_escape-the-content-of-matches.patch
@@ -0,0 +1,47 @@
+From: Yaroslav Halchenko <debian@onerussian.com>
+Date: Mon, 8 Oct 2012 22:14:51 -0400
+Subject: [PATCH] BF: escape the content of <matches> since its value could contain arbitrary symbols
+
+  Contains two commits 83109bce144f443a48ef31165a5389b7b83f4e0e and 09355663f7a3c0409e08efdebf98b1bbf47d1d9c
+
+Bug-Debian: http://bugs.debian.org/696184
+Origin: upstream
+
+---
+ server/action.py | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+--- a/server/action.py
++++ b/server/action.py
+@@ -230,7 +230,14 @@ class Action:
+ 	def execActionStop(self):
+ 		stopCmd = Action.replaceTag(self.__actionStop, self.__cInfo)
+ 		return Action.executeCmd(stopCmd)
+-	
++
++	def escapeTag(tag):
++		for c in '\\#&;`|*?~<>^()[]{}$\n':
++			if c in tag:
++				tag = tag.replace(c, '\\' + c)
++		return tag
++	escapeTag = staticmethod(escapeTag)
++
+ 	##
+ 	# Replaces tags in query with property values in aInfo.
+ 	#
+@@ -243,8 +250,13 @@ class Action:
+ 		""" Replace tags in query
+ 		"""
+ 		string = query
+-		for tag in aInfo:
+-			string = string.replace('<' + tag + '>', str(aInfo[tag]))
++		for tag, value in aInfo.iteritems():
++			value = str(value)			  # assure string
++			if tag == 'matches':
++				# That one needs to be escaped since its content is
++				# out of our control
++				value = Action.escapeTag(value)
++			string = string.replace('<' + tag + '>', value)
+ 		# New line
+ 		string = string.replace("<br>", '\n')
+ 		return string