Patch for CVE-2006-1387 ( bug #127758 ).

Package-Manager: portage-2.1_pre6-r3

diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog
index 3d65430efc03260dc9cf0d27137eb2adfb2327a1..dbe34fe0425ebdcb606f0f99102046a95ebaf4ef 100644 (file)
--- a/www-apps/twiki/ChangeLog
+++ b/www-apps/twiki/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apps/twiki
 # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.24 2006/03/25 16:01:43 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.25 2006/03/27 17:56:24 rl03 Exp $
+
+*twiki-4.0.1-r2 (27 Mar 2006)
+
+  27 Mar 2006; Renat Lumpau <rl03@gentoo.org> +files/CVE-2006-1387.patch,
+  -twiki-4.0.1-r1.ebuild, +twiki-4.0.1-r2.ebuild:
+  Patch for CVE-2006-1387 ( bug #127758 ).
 
 *twiki-4.0.1-r1 (25 Mar 2006)
 

diff --git a/www-apps/twiki/Manifest b/www-apps/twiki/Manifest
index 976e767e97e308c8f451cf1af87e2b49911f7a2d..c380b214228ff33431938e095ae6627fd27e971b 100644 (file)
--- a/www-apps/twiki/Manifest
+++ b/www-apps/twiki/Manifest
@@ -1,15 +1,18 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 91919be0799b998ea4b5347d473288e9 ChangeLog 4684
-RMD160 19f252885704d905159966aaf8530b02b82dfbd9 ChangeLog 4684
-SHA256 7990e3eef5bcd8aa8d3963d4834e297551b447fd93e2534696e9e8ac5f96aa9a ChangeLog 4684
+MD5 e12177a09bfcbe7fd66119f543d9c92e ChangeLog 4883
+RMD160 3ae1f000288cc4a96e746ee0805547c7b863915c ChangeLog 4883
+SHA256 c7d37d9d2b43dbaf1c9a02ab0a6ffc8b81ecaf06930408cfa31095d58e0536bf ChangeLog 4883
 MD5 08cf8f7a17f0804273178193e1a5aeac files/CVE-2006-1386.patch 1159
 RMD160 33dfc96754cccc24018b5dcf7d399ddbba58a175 files/CVE-2006-1386.patch 1159
 SHA256 95018ddbb0b8831f1bb5f4b12befbf335c58e540841b24be408b9efea9fd6a32 files/CVE-2006-1386.patch 1159
-MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1-r1 229
-RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1-r1 229
-SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1-r1 229
+MD5 245f8918aa96d68cae394496a4ee2dec files/CVE-2006-1387.patch 521
+RMD160 9b3b698f769164668f4be8cc51f2d7af2efa645a files/CVE-2006-1387.patch 521
+SHA256 e60ed3fe90c5593526ef46a8a36226e7ea076799f488e307be5720f82a485d5c files/CVE-2006-1387.patch 521
+MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1-r2 229
+RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1-r2 229
+SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1-r2 229
 MD5 0fb6bff6113baf316a822f611593a0a5 files/postinstall-en.txt 945
 RMD160 cb9968cf0d8f7b217790f2176898202b56ce1905 files/postinstall-en.txt 945
 SHA256 bf8d1eceda6d9383abd4bd3ab3c19cf101606fac89d1bd8e60155b29fb46030a files/postinstall-en.txt 945
@@ -22,13 +25,13 @@ SHA256 9bff3cbfb8ecbfe396e6e61ddf189c24f4500c469e9c0e0a5961a4b5b3fce851 files/re
 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280
 RMD160 c449ad35e8af3f158d8f8305f8a02ff98a420970 metadata.xml 280
 SHA256 fd37fa0f441b1b68ef8dc4bffbb0a51f0414aa7c370b48369453af5f4bff177a metadata.xml 280
-MD5 443f8440cf14c943c308229c99988e1c twiki-4.0.1-r1.ebuild 2126
-RMD160 1289f7278d0725f1fdc607a8795b13e5cd05e97f twiki-4.0.1-r1.ebuild 2126
-SHA256 7e69b02223b9efc5d166b9f96ba9dfb3bf86b565b241143c6b899a944c4b4cd3 twiki-4.0.1-r1.ebuild 2126
+MD5 e81119fc3ea6b1d01fe21d40d76d7197 twiki-4.0.1-r2.ebuild 2166
+RMD160 c8e60eb7fa461b43fbe5150a6ff1617f5b4c2b86 twiki-4.0.1-r2.ebuild 2166
+SHA256 bc4318e10d14b768403e56754508b9a480908cf7f7d62b6aea68d16b7b603fd2 twiki-4.0.1-r2.ebuild 2166
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.2 (GNU/Linux)
 
-iD8DBQFEJWlzEzitwsaoONoRAg5mAJ9u+hopL4Ok55C8fbj2r/IkMLIPqwCZAQGy
-mTeXgdv3x4eViTEwJxBZE14=
-=aZWH
+iD8DBQFEKCdTEzitwsaoONoRAquLAJ4keB22nDO0tqAZInnTg+k6VfCnAwCfe4Wv
+itz16ov53y5lsq1bq6vzCX8=
+=rQE3
 -----END PGP SIGNATURE-----

diff --git a/www-apps/twiki/files/CVE-2006-1387.patch b/www-apps/twiki/files/CVE-2006-1387.patch
new file mode 100644 (file)
index 0000000..912559c
--- /dev/null
+++ b/www-apps/twiki/files/CVE-2006-1387.patch
@@ -0,0 +1,14 @@
+diff -ur work/lib/TWiki.pm work_patched/lib/TWiki.pm
+--- work/lib/TWiki.pm  2006-02-07 10:08:46.000000000 -0500
++++ work_patched/lib/TWiki.pm  2006-03-27 12:52:39.000000000 -0500
+@@ -1514,6 +1514,10 @@
+ # Fetch content from a URL for inclusion by an INCLUDE
+ sub _includeUrl {
+     my( $this, $theUrl, $thePattern, $theWeb, $theTopic ) = @_;
++
++    # Fix for Codev.SecurityAdvisoryDosAttackWithInclude
++    return "%RED% Include of URL is disabled %ENDCOLOR%";
++
+     my $text = '';
+     my $host = '';
+     my $port = 80;

diff --git a/www-apps/twiki/files/digest-twiki-4.0.1-r1 b/www-apps/twiki/files/digest-twiki-4.0.1-r2
similarity index 100%
rename from www-apps/twiki/files/digest-twiki-4.0.1-r1
rename to www-apps/twiki/files/digest-twiki-4.0.1-r2

diff --git a/www-apps/twiki/twiki-4.0.1-r1.ebuild b/www-apps/twiki/twiki-4.0.1-r2.ebuild
similarity index 93%
rename from www-apps/twiki/twiki-4.0.1-r1.ebuild
rename to www-apps/twiki/twiki-4.0.1-r2.ebuild
index caf2bccbfdc366702cb51931342dd6e684ddf7f2..ff19b49e6e8806308e6c3c4e1ce4c9509585dcc7 100644 (file)
--- a/www-apps/twiki/twiki-4.0.1-r1.ebuild
+++ b/www-apps/twiki/twiki-4.0.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1-r1.ebuild,v 1.1 2006/03/25 16:01:43 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1-r2.ebuild,v 1.1 2006/03/27 17:56:24 rl03 Exp $
 
 inherit webapp eutils versionator
 
@@ -38,6 +38,7 @@ src_unpack() {
        unpack ${A}
        cd ${S}
        epatch ${FILESDIR}/CVE-2006-1386.patch
+       epatch ${FILESDIR}/CVE-2006-1387.patch
 
        mv ${S}/bin/LocalLib.cfg.txt ${S}/bin/LocalLib.cfg
        mv ${S}/lib/LocalSite.cfg.txt ${S}/lib/LocalSite.cfg