diff options
| author |   Renat Lumpau <rl03@gentoo.org> | 2005-09-16 11:38:20 +0000 |
|---|---|---|
| committer | Renat Lumpau <rl03@gentoo.org> | 2005-09-16 11:38:20 +0000 |
| commit | bdba0988853c6b8be8e145d20c27646ee623572e (patch) | |
| tree | ceec56ac7ee43d4d316f959fedcfb91b3d696d5d /www-apps | |
| parent | Mark 1.12.0 stable on alpha (diff) | |
| download | gentoo-2-bdba0988853c6b8be8e145d20c27646ee623572e.tar.gz gentoo-2-bdba0988853c6b8be8e145d20c27646ee623572e.tar.bz2 gentoo-2-bdba0988853c6b8be8e145d20c27646ee623572e.zip | |
Security fixes for bug #106149.
(Portage version: 2.0.51.22-r2)
Diffstat (limited to 'www-apps')
| -rw-r--r-- | www-apps/twiki/ChangeLog | 6 | ||||
| -rw-r--r-- | www-apps/twiki/Manifest | 17 | ||||
| -rw-r--r-- | www-apps/twiki/files/digest-twiki-20041030 | 1 | ||||
| -rw-r--r-- | www-apps/twiki/files/exec_command.patch | 52 | ||||
| -rw-r--r-- | www-apps/twiki/files/postinstall-en.txt | 4 | ||||
| -rw-r--r-- | www-apps/twiki/twiki-20041030.ebuild | 15 |
6 files changed, 76 insertions, 19 deletions
diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog index 421441e6daa1..520a3aace037 100644 --- a/www-apps/twiki/ChangeLog +++ b/www-apps/twiki/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for www-apps/twiki # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.15 2005/08/22 22:50:36 rl03 Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.16 2005/09/16 11:38:20 rl03 Exp $ + + 16 Sep 2005; Renat Lumpau <rl03@gentoo.org> +files/exec_command.patch, + files/postinstall-en.txt, twiki-20041030.ebuild: + Security fixes for bug #106149. 22 Aug 2005; Renat Lumpau <rl03@gentoo.org> files/postinstall-en.txt, files/reconfig, twiki-20041030.ebuild: diff --git a/www-apps/twiki/Manifest b/www-apps/twiki/Manifest index 856a7edb19fb..a85b4db1d1a3 100644 --- a/www-apps/twiki/Manifest +++ b/www-apps/twiki/Manifest @@ -1,18 +1,9 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 92872e036efba580668e29a12da1d3dd twiki-20041030.ebuild 1378 +MD5 6597daa12b67dd64d691d63cda0be63a twiki-20041030.ebuild 1562 MD5 889ea77fb14101813d892655d77ba9e2 ChangeLog 3374 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280 +MD5 e2754c98027bd6468cfe636616377892 files/exec_command.patch 2445 MD5 d6ef3da92ece6d68c83fa4be8f6f97be files/twiki.conf 508 MD5 fab10473182738fadb4188bf90af8162 files/execwithsearch.patch 653 -MD5 538297b9f7809dff8d3d1ade91b3698c files/postinstall-en.txt 722 -MD5 67624b3735f6d1c92bce9dacf2cb36b8 files/digest-twiki-20041030 67 +MD5 81a10e4ed2ea4d51fd1001d051951a61 files/postinstall-en.txt 795 +MD5 4369d80c9ef3589ccebce4a23095082b files/digest-twiki-20041030 138 MD5 f4898afe44208d27fee4ab3910b8cc88 files/reconfig 588 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFDClbIEzitwsaoONoRAjnAAKC5wqwhyUOJiEImXCZkxl4lyYJAyACeOM6v -z5/8GYiXHef56Zz3+R4hDy4= -=lBC2 ------END PGP SIGNATURE----- diff --git a/www-apps/twiki/files/digest-twiki-20041030 b/www-apps/twiki/files/digest-twiki-20041030 index 2c2dfac017e4..215f002bbb13 100644 --- a/www-apps/twiki/files/digest-twiki-20041030 +++ b/www-apps/twiki/files/digest-twiki-20041030 @@ -1 +1,2 @@ MD5 b4acc3ba9e09524d344db4bc76d2faaa TWiki20041030beta.zip 2606614 +MD5 c8e3010b59013dbb7814b26cc609825e twiki-robustness-r3342.diff 36473 diff --git a/www-apps/twiki/files/exec_command.patch b/www-apps/twiki/files/exec_command.patch new file mode 100644 index 000000000000..0425bd5e2991 --- /dev/null +++ b/www-apps/twiki/files/exec_command.patch @@ -0,0 +1,52 @@ +diff -ur work/lib/TWiki/Store.pm work-patched/lib/TWiki/Store.pm +--- work/lib/TWiki/Store.pm 2004-10-19 14:48:40.000000000 -0400 ++++ work-patched/lib/TWiki/Store.pm 2005-09-16 07:19:40.000000000 -0400 +@@ -572,7 +572,9 @@ + } + + $theRev = "" unless( $theRev ); +- $theRev =~ s/^1\.//o; ++ $theRev =~ s/r?1\.//o; # cut 'r' and major ++ # Fix for Codev.SecurityAlertExecuteCommandsWithRev ++ $theRev = "" unless( $theRev =~ s/.*?([0-9]+).*/$1/o ); + + $topicHandler = _getTopicHandler( $theWebName, $theTopic, $attachment ) if( ! $topicHandler ); + my( $rcsOut, $rev, $date, $user, $comment ) = $topicHandler->getRevisionInfo( $theRev ); +diff -ur work/lib/TWiki/UI/RDiff.pm work-patched/lib/TWiki/UI/RDiff.pm +--- work/lib/TWiki/UI/RDiff.pm 2004-08-08 04:28:45.000000000 -0400 ++++ work-patched/lib/TWiki/UI/RDiff.pm 2005-09-16 07:19:40.000000000 -0400 +@@ -409,6 +409,9 @@ + if( ! $rev2 ) { $rev2 = 0; } + $rev1 =~ s/r?1\.//go; # cut 'r' and major + $rev2 =~ s/r?1\.//go; # cut 'r' and major ++ # Fix for Codev.SecurityAlertExecuteCommandsWithRev ++ $rev1 = $maxrev unless( $rev1 =~ s/.*?([0-9]+).*/$1/o ); ++ $rev2 = $maxrev unless( $rev2 =~ s/.*?([0-9]+).*/$1/o ); + if( $rev1 < 1 ) { $rev1 = $maxrev; } + if( $rev1 > $maxrev ) { $rev1 = $maxrev; } + if( $rev2 < 1 ) { $rev2 = 1; } +diff -ur work/lib/TWiki/UI/View.pm work-patched/lib/TWiki/UI/View.pm +--- work/lib/TWiki/UI/View.pm 2004-08-25 02:36:15.000000000 -0400 ++++ work-patched/lib/TWiki/UI/View.pm 2005-09-16 07:19:40.000000000 -0400 +@@ -106,6 +106,8 @@ + $revdate = TWiki::formatTime( $revdate ); + + if( $rev ) { ++ # Fix for Codev.SecurityAlertExecuteCommandsWithRev ++ $rev = $maxrev unless( $rev =~ s/.*?([0-9]+).*/$1/o ); + $rev =~ s/r?1\.//go; # cut 'r' and major + if( $rev < 1 ) { $rev = 1; } + if( $rev > $maxrev ) { $rev = $maxrev; } +diff -ur work/lib/TWiki/UI/Viewfile.pm work-patched/lib/TWiki/UI/Viewfile.pm +--- work/lib/TWiki/UI/Viewfile.pm 2004-05-29 02:51:35.000000000 -0400 ++++ work-patched/lib/TWiki/UI/Viewfile.pm 2005-09-16 07:19:40.000000000 -0400 +@@ -43,6 +43,9 @@ + + my $fileName = $query->param( 'filename' ); + my $rev = $query->param( 'rev' ) || ""; ++ $rev =~ s/r?1\.//o; # cut 'r' and major ++ # Fix for Codev.SecurityAlertExecuteCommandsWithRev ++ $rev = "" unless( $rev =~ s/.*?([0-9]+).*/$1/o ); + + return unless TWiki::UI::webExists( $webName, $topic ); + diff --git a/www-apps/twiki/files/postinstall-en.txt b/www-apps/twiki/files/postinstall-en.txt index f0187ae2a511..c70a30ed65d3 100644 --- a/www-apps/twiki/files/postinstall-en.txt +++ b/www-apps/twiki/files/postinstall-en.txt @@ -16,5 +16,7 @@ You are almost done! http://twiki.org/cgi-bin/view/TWiki/TWikiInstallationGuide particularly if you wish to set up email preferences or I18N. -5. Visit http://${VHOST_HOSTNAME}/twiki, or +5. Read ${MY_INSTALLDIR}/README.robustness for important security info. + +6. Visit http://${VHOST_HOSTNAME}/twiki, or http://${VHOST_HOSTNAME}/${VHOST_APPDIR}/bin/view diff --git a/www-apps/twiki/twiki-20041030.ebuild b/www-apps/twiki/twiki-20041030.ebuild index bb0162775bd5..5700dfa21f73 100644 --- a/www-apps/twiki/twiki-20041030.ebuild +++ b/www-apps/twiki/twiki-20041030.ebuild @@ -1,12 +1,13 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-20041030.ebuild,v 1.3 2005/08/22 22:50:36 rl03 Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-20041030.ebuild,v 1.4 2005/09/16 11:38:20 rl03 Exp $ inherit webapp eutils depend.apache DESCRIPTION="A Web Based Collaboration Platform" HOMEPAGE="http://twiki.org/" -SRC_URI="http://ftp.ale.org/pub/mirrors/openpkg/sources/DST/${PN}//TWiki${PV}beta.zip" +SRC_URI="http://ftp.ale.org/pub/mirrors/openpkg/sources/DST/${PN}//TWiki${PV}beta.zip + http://static.enyo.de/fw/patches/twiki/twiki-robustness-r3342.diff" LICENSE="GPL-2" KEYWORDS="~amd64 ~ppc ~sparc ~x86" @@ -14,7 +15,7 @@ IUSE="" S=${WORKDIR} -RDEPEND=">=dev-lang/perl-5.6.2 +RDEPEND=">=dev-lang/perl-5.8 perl-core/CGI dev-perl/libnet >=app-text/rcs-5.7 @@ -27,6 +28,12 @@ src_unpack() { unpack ${A} cd ${S}/lib/TWiki epatch ${FILESDIR}/execwithsearch.patch + + # bug #106149 + cd ${S} + epatch ${FILESDIR}/exec_command.patch + epatch ${DISTDIR}/twiki-robustness-r3342.diff + # change web user to apache find . -name '*,v' -exec sed -i 's|nobody:|apache:|g' '{}' ';' } @@ -36,7 +43,7 @@ src_install() { cp -r . ${D}/${MY_HTDOCSDIR} - dodoc readme.txt license.txt + dodoc readme.txt README.robustness insinto ${APACHE1_VHOSTDIR} doins ${FILESDIR}/twiki.conf |