summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRenat Lumpau <rl03@gentoo.org>2006-06-18 00:44:42 +0000
committerRenat Lumpau <rl03@gentoo.org>2006-06-18 00:44:42 +0000
commit275f6e759a27e20b82122261613aa7557765963f (patch)
tree4393f0e48f87315e6c4084759c73e66863dbb3a2 /www-apps/twiki
parentVersion bump, security bug #130584. (diff)
downloadgentoo-2-275f6e759a27e20b82122261613aa7557765963f.tar.gz
gentoo-2-275f6e759a27e20b82122261613aa7557765963f.tar.bz2
gentoo-2-275f6e759a27e20b82122261613aa7557765963f.zip
Apply hotfix for CVE-2006-2942.
(Portage version: 2.1)
Diffstat (limited to 'www-apps/twiki')
-rw-r--r--www-apps/twiki/ChangeLog9
-rw-r--r--www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff74
-rw-r--r--www-apps/twiki/files/digest-twiki-4.0.2-r13
-rw-r--r--www-apps/twiki/twiki-4.0.2-r1.ebuild83
4 files changed, 168 insertions, 1 deletions
diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog
index 6b7f5774b4dd..946b1c4dd52d 100644
--- a/www-apps/twiki/ChangeLog
+++ b/www-apps/twiki/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for www-apps/twiki
# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.29 2006/06/09 22:32:32 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.30 2006/06/18 00:44:42 rl03 Exp $
+
+*twiki-4.0.2-r1 (18 Jun 2006)
+
+ 18 Jun 2006; Renat Lumpau <rl03@gentoo.org>
+ +files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff, -twiki-4.0.2.ebuild,
+ +twiki-4.0.2-r1.ebuild:
+ Apply hotfix for CVE-2006-2942.
09 Jun 2006; Renat Lumpau <rl03@gentoo.org> files/postinstall-en.txt:
Add info on ExecCGI ( bug #134132 ).
diff --git a/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff b/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff
new file mode 100644
index 000000000000..fd06de7446df
--- /dev/null
+++ b/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff
@@ -0,0 +1,74 @@
+Index: Register.pm
+===================================================================
+--- lib/TWiki/UI/Register.pm (revision 10544)
++++ lib/TWiki/UI/Register.pm (working copy)
+@@ -418,7 +418,7 @@
+ $data->{WikiName}.'.'.TWiki::User::randomPassword();
+ _putRegDetailsByCode( $data, $tmpDir );
+
+- $session->writeLog( 'regstart', $data->{webName}.'.'.$data->{WikiName},
++ $session->writeLog( 'regstart', $TWiki::cfg{UsersWebName}.'.'.$data->{WikiName},
+ $data->{Email}, $data->{WikiName} );
+
+ my $err = _sendEmail( $session, 'registerconfirm', $data );
+@@ -788,13 +788,13 @@
+
+ # write log entry
+ if ($TWiki::cfg{Log}{register}) {
+- $session->writeLog( 'register', $data->{webName}.'.'.$data->{WikiName},
++ $session->writeLog( 'register', $TWiki::cfg{UsersWebName}.'.'.$data->{WikiName},
+ $data->{Email}, $data->{WikiName} );
+ }
+
+ # and finally display thank you page
+ throw TWiki::OopsException( 'attention',
+- web => $data->{webName},
++ web => $TWiki::cfg{UsersWebName},
+ topic => $data->{WikiName},
+ def => 'thanks',
+ params => $data->{Email} );
+@@ -809,7 +809,7 @@
+ sub _newUserFromTemplate {
+ my ($session, $template, $row) = @_;
+ my ( $meta, $text ) = TWiki::UI::readTemplateTopic($session, $template);
+- my $log = $b.' Writing topic '.$row->{webName}.'.'.$row->{WikiName}."\n".
++ my $log = $b.' Writing topic '.$TWiki::cfg{UsersWebName}.'.'.$row->{WikiName}."\n".
+ $b2.' RegistrationHandler: ';
+ my $regLog = $text;
+ _purgeKeys( $row );
+@@ -859,7 +859,7 @@
+ my $agent = $session->{users}->findUser( $twikiRegistrationAgent,
+ $twikiRegistrationAgent);
+
+- $session->{store}->saveTopic($agent, $data->{webName},
++ $session->{store}->saveTopic($agent, $TWiki::cfg{UsersWebName},
+ $data->{WikiName}, $text, $meta );
+ return $log;
+ }
+@@ -993,7 +993,7 @@
+ }
+ $templateText = $before.$after;
+ $templateText = $session->handleCommonTags
+- ( $templateText, $data->{webName}, $data->{WikiName} );
++ ( $templateText, $TWiki::cfg{UsersWebName}, $data->{WikiName} );
+ $templateText =~ s/( ?) *<\/?(nop|noautolink)\/?>\n?/$1/gois;
+ # remove <nop> and <noautolink> tags
+
+@@ -1014,7 +1014,7 @@
+ params => '' );
+ }
+
+- if($session->{store}->topicExists( $data->{webName}, $data->{WikiName} )) {
++ if($session->{store}->topicExists( $TWiki::cfg{UsersWebName}, $data->{WikiName} )) {
+ throw TWiki::OopsException( 'attention',
+ web => $data->{webName},
+ topic => $topic,
+@@ -1127,7 +1127,7 @@
+ $text =~ s/%INTRODUCTION%/$p->{Introduction}/go;
+ $text =~ s/%VERIFICATIONCODE%/$p->{VerificationCode}/go;
+ $text =~ s/%PASSWORD%/$p->{PasswordA}/go;
+- $text = $session->handleCommonTags( $text, $p->{webName}, $p->{WikiName} );
++ $text = $session->handleCommonTags( $text, $TWiki::cfg{UsersWebName}, $p->{WikiName} );
+ return $session->{net}->sendEmail($text);
+ }
+
diff --git a/www-apps/twiki/files/digest-twiki-4.0.2-r1 b/www-apps/twiki/files/digest-twiki-4.0.2-r1
new file mode 100644
index 000000000000..4485135441bb
--- /dev/null
+++ b/www-apps/twiki/files/digest-twiki-4.0.2-r1
@@ -0,0 +1,3 @@
+MD5 434fd3dd09138c283bc3f1884e84faa5 TWiki-4.0.2.tgz 4014446
+RMD160 41a3e678fa27ad2d9bdf0e94871df2ca2daa58e0 TWiki-4.0.2.tgz 4014446
+SHA256 22c5c2e3fe703ae29ca3a6ec08950c95460ef28aea73ef3708bf59d0185872ed TWiki-4.0.2.tgz 4014446
diff --git a/www-apps/twiki/twiki-4.0.2-r1.ebuild b/www-apps/twiki/twiki-4.0.2-r1.ebuild
new file mode 100644
index 000000000000..dc1575f69589
--- /dev/null
+++ b/www-apps/twiki/twiki-4.0.2-r1.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.2-r1.ebuild,v 1.1 2006/06/18 00:44:42 rl03 Exp $
+
+inherit webapp eutils
+
+MY_PN="TWiki"
+
+DESCRIPTION="A Web Based Collaboration Platform"
+HOMEPAGE="http://twiki.org/"
+SRC_URI="http://twiki.org/p/pub/Codev/Release/${MY_PN}-${PV}.tgz"
+
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="apache2"
+
+S=${WORKDIR}
+
+RDEPEND=">=dev-lang/perl-5.8
+ >=app-text/rcs-5.7
+ sys-apps/diffutils
+ dev-perl/Algorithm-Diff
+ >=virtual/perl-CGI-3.20
+ perl-core/File-Spec
+ dev-perl/Text-Diff
+ perl-core/Time-Local
+ dev-perl/CGI-Session
+ perl-core/digest-base
+ dev-perl/Digest-SHA1
+ dev-perl/locale-maketext-lexicon
+ virtual/perl-libnet
+ dev-perl/URI
+ virtual/cron
+ apache2? ( >=net-www/apache-2.0.54 )
+ !apache2? ( =net-www/apache-1* )"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+
+ epatch ${FILESDIR}/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff
+
+ mv ${S}/bin/LocalLib.cfg.txt ${S}/bin/LocalLib.cfg
+ mv ${S}/lib/LocalSite.cfg.txt ${S}/lib/LocalSite.cfg
+ # change web user to apache
+ cd ${S}/lib/TWiki
+ find . -name '*,v' -exec sed -i 's|nobody:|apache:|g' '{}' ';'
+}
+
+src_install() {
+ webapp_src_preinst
+
+ cp -r . ${D}/${MY_HTDOCSDIR}
+
+ dodoc readme.txt
+ dohtml T*.html
+
+ for file in $(find data pub) lib/LocalSite.cfg; do
+ webapp_serverowned "${MY_HTDOCSDIR}/${file}"
+ done
+
+ for a in bin/setlib.cfg bin/LocalLib.cfg lib/TWiki.cfg lib/LocalSite.cfg; do
+ webapp_configfile ${MY_HTDOCSDIR}/${a}
+ done
+ webapp_hook_script ${FILESDIR}/reconfig
+ webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt
+ webapp_postupgrade_txt en ${FILESDIR}/postupgrade-en.txt
+
+ webapp_src_install
+}
+
+pkg_postinst() {
+ ewarn
+ ewarn "If you are upgrading from an older version of TWiki, back up your"
+ ewarn "data/ and pub/ directories and any local changes before upgrading!"
+ ewarn
+ ewarn "You are _strongly_ encouraged to to read the upgrade guide:"
+ ewarn "http://twiki.org/cgi-bin/view/TWiki/TWikiDocumentation"
+ ewarn
+ einfo "webapp-config will not be run automatically"
+ einfo
+ # webapp_pkg_postinst
+}