diff options
author | Renat Lumpau <rl03@gentoo.org> | 2006-06-18 00:44:42 +0000 |
---|---|---|
committer | Renat Lumpau <rl03@gentoo.org> | 2006-06-18 00:44:42 +0000 |
commit | 275f6e759a27e20b82122261613aa7557765963f (patch) | |
tree | 4393f0e48f87315e6c4084759c73e66863dbb3a2 /www-apps/twiki | |
parent | Version bump, security bug #130584. (diff) | |
download | gentoo-2-275f6e759a27e20b82122261613aa7557765963f.tar.gz gentoo-2-275f6e759a27e20b82122261613aa7557765963f.tar.bz2 gentoo-2-275f6e759a27e20b82122261613aa7557765963f.zip |
Apply hotfix for CVE-2006-2942.
(Portage version: 2.1)
Diffstat (limited to 'www-apps/twiki')
-rw-r--r-- | www-apps/twiki/ChangeLog | 9 | ||||
-rw-r--r-- | www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff | 74 | ||||
-rw-r--r-- | www-apps/twiki/files/digest-twiki-4.0.2-r1 | 3 | ||||
-rw-r--r-- | www-apps/twiki/twiki-4.0.2-r1.ebuild | 83 |
4 files changed, 168 insertions, 1 deletions
diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog index 6b7f5774b4dd..946b1c4dd52d 100644 --- a/www-apps/twiki/ChangeLog +++ b/www-apps/twiki/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for www-apps/twiki # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.29 2006/06/09 22:32:32 rl03 Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.30 2006/06/18 00:44:42 rl03 Exp $ + +*twiki-4.0.2-r1 (18 Jun 2006) + + 18 Jun 2006; Renat Lumpau <rl03@gentoo.org> + +files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff, -twiki-4.0.2.ebuild, + +twiki-4.0.2-r1.ebuild: + Apply hotfix for CVE-2006-2942. 09 Jun 2006; Renat Lumpau <rl03@gentoo.org> files/postinstall-en.txt: Add info on ExecCGI ( bug #134132 ). diff --git a/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff b/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff new file mode 100644 index 000000000000..fd06de7446df --- /dev/null +++ b/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff @@ -0,0 +1,74 @@ +Index: Register.pm +=================================================================== +--- lib/TWiki/UI/Register.pm (revision 10544) ++++ lib/TWiki/UI/Register.pm (working copy) +@@ -418,7 +418,7 @@ + $data->{WikiName}.'.'.TWiki::User::randomPassword(); + _putRegDetailsByCode( $data, $tmpDir ); + +- $session->writeLog( 'regstart', $data->{webName}.'.'.$data->{WikiName}, ++ $session->writeLog( 'regstart', $TWiki::cfg{UsersWebName}.'.'.$data->{WikiName}, + $data->{Email}, $data->{WikiName} ); + + my $err = _sendEmail( $session, 'registerconfirm', $data ); +@@ -788,13 +788,13 @@ + + # write log entry + if ($TWiki::cfg{Log}{register}) { +- $session->writeLog( 'register', $data->{webName}.'.'.$data->{WikiName}, ++ $session->writeLog( 'register', $TWiki::cfg{UsersWebName}.'.'.$data->{WikiName}, + $data->{Email}, $data->{WikiName} ); + } + + # and finally display thank you page + throw TWiki::OopsException( 'attention', +- web => $data->{webName}, ++ web => $TWiki::cfg{UsersWebName}, + topic => $data->{WikiName}, + def => 'thanks', + params => $data->{Email} ); +@@ -809,7 +809,7 @@ + sub _newUserFromTemplate { + my ($session, $template, $row) = @_; + my ( $meta, $text ) = TWiki::UI::readTemplateTopic($session, $template); +- my $log = $b.' Writing topic '.$row->{webName}.'.'.$row->{WikiName}."\n". ++ my $log = $b.' Writing topic '.$TWiki::cfg{UsersWebName}.'.'.$row->{WikiName}."\n". + $b2.' RegistrationHandler: '; + my $regLog = $text; + _purgeKeys( $row ); +@@ -859,7 +859,7 @@ + my $agent = $session->{users}->findUser( $twikiRegistrationAgent, + $twikiRegistrationAgent); + +- $session->{store}->saveTopic($agent, $data->{webName}, ++ $session->{store}->saveTopic($agent, $TWiki::cfg{UsersWebName}, + $data->{WikiName}, $text, $meta ); + return $log; + } +@@ -993,7 +993,7 @@ + } + $templateText = $before.$after; + $templateText = $session->handleCommonTags +- ( $templateText, $data->{webName}, $data->{WikiName} ); ++ ( $templateText, $TWiki::cfg{UsersWebName}, $data->{WikiName} ); + $templateText =~ s/( ?) *<\/?(nop|noautolink)\/?>\n?/$1/gois; + # remove <nop> and <noautolink> tags + +@@ -1014,7 +1014,7 @@ + params => '' ); + } + +- if($session->{store}->topicExists( $data->{webName}, $data->{WikiName} )) { ++ if($session->{store}->topicExists( $TWiki::cfg{UsersWebName}, $data->{WikiName} )) { + throw TWiki::OopsException( 'attention', + web => $data->{webName}, + topic => $topic, +@@ -1127,7 +1127,7 @@ + $text =~ s/%INTRODUCTION%/$p->{Introduction}/go; + $text =~ s/%VERIFICATIONCODE%/$p->{VerificationCode}/go; + $text =~ s/%PASSWORD%/$p->{PasswordA}/go; +- $text = $session->handleCommonTags( $text, $p->{webName}, $p->{WikiName} ); ++ $text = $session->handleCommonTags( $text, $TWiki::cfg{UsersWebName}, $p->{WikiName} ); + return $session->{net}->sendEmail($text); + } + diff --git a/www-apps/twiki/files/digest-twiki-4.0.2-r1 b/www-apps/twiki/files/digest-twiki-4.0.2-r1 new file mode 100644 index 000000000000..4485135441bb --- /dev/null +++ b/www-apps/twiki/files/digest-twiki-4.0.2-r1 @@ -0,0 +1,3 @@ +MD5 434fd3dd09138c283bc3f1884e84faa5 TWiki-4.0.2.tgz 4014446 +RMD160 41a3e678fa27ad2d9bdf0e94871df2ca2daa58e0 TWiki-4.0.2.tgz 4014446 +SHA256 22c5c2e3fe703ae29ca3a6ec08950c95460ef28aea73ef3708bf59d0185872ed TWiki-4.0.2.tgz 4014446 diff --git a/www-apps/twiki/twiki-4.0.2-r1.ebuild b/www-apps/twiki/twiki-4.0.2-r1.ebuild new file mode 100644 index 000000000000..dc1575f69589 --- /dev/null +++ b/www-apps/twiki/twiki-4.0.2-r1.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.2-r1.ebuild,v 1.1 2006/06/18 00:44:42 rl03 Exp $ + +inherit webapp eutils + +MY_PN="TWiki" + +DESCRIPTION="A Web Based Collaboration Platform" +HOMEPAGE="http://twiki.org/" +SRC_URI="http://twiki.org/p/pub/Codev/Release/${MY_PN}-${PV}.tgz" + +LICENSE="GPL-2" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="apache2" + +S=${WORKDIR} + +RDEPEND=">=dev-lang/perl-5.8 + >=app-text/rcs-5.7 + sys-apps/diffutils + dev-perl/Algorithm-Diff + >=virtual/perl-CGI-3.20 + perl-core/File-Spec + dev-perl/Text-Diff + perl-core/Time-Local + dev-perl/CGI-Session + perl-core/digest-base + dev-perl/Digest-SHA1 + dev-perl/locale-maketext-lexicon + virtual/perl-libnet + dev-perl/URI + virtual/cron + apache2? ( >=net-www/apache-2.0.54 ) + !apache2? ( =net-www/apache-1* )" + +src_unpack() { + unpack ${A} + cd ${S} + + epatch ${FILESDIR}/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff + + mv ${S}/bin/LocalLib.cfg.txt ${S}/bin/LocalLib.cfg + mv ${S}/lib/LocalSite.cfg.txt ${S}/lib/LocalSite.cfg + # change web user to apache + cd ${S}/lib/TWiki + find . -name '*,v' -exec sed -i 's|nobody:|apache:|g' '{}' ';' +} + +src_install() { + webapp_src_preinst + + cp -r . ${D}/${MY_HTDOCSDIR} + + dodoc readme.txt + dohtml T*.html + + for file in $(find data pub) lib/LocalSite.cfg; do + webapp_serverowned "${MY_HTDOCSDIR}/${file}" + done + + for a in bin/setlib.cfg bin/LocalLib.cfg lib/TWiki.cfg lib/LocalSite.cfg; do + webapp_configfile ${MY_HTDOCSDIR}/${a} + done + webapp_hook_script ${FILESDIR}/reconfig + webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt + webapp_postupgrade_txt en ${FILESDIR}/postupgrade-en.txt + + webapp_src_install +} + +pkg_postinst() { + ewarn + ewarn "If you are upgrading from an older version of TWiki, back up your" + ewarn "data/ and pub/ directories and any local changes before upgrading!" + ewarn + ewarn "You are _strongly_ encouraged to to read the upgrade guide:" + ewarn "http://twiki.org/cgi-bin/view/TWiki/TWikiDocumentation" + ewarn + einfo "webapp-config will not be run automatically" + einfo + # webapp_pkg_postinst +} |