From: Renat Lumpau <rl03@gentoo.org>
Date: Sun, 18 Jun 2006 00:44:42 +0000 (+0000)
Subject: Apply hotfix for CVE-2006-2942.
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8ca9ec119081856549ad9ee39f4fe7a28f06ccb6;p=gentoo.git

Apply hotfix for CVE-2006-2942.
Package-Manager: portage-2.1
---

diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog
index 6b7f5774b4dd..946b1c4dd52d 100644
--- a/www-apps/twiki/ChangeLog
+++ b/www-apps/twiki/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for www-apps/twiki
 # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.29 2006/06/09 22:32:32 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.30 2006/06/18 00:44:42 rl03 Exp $
+
+*twiki-4.0.2-r1 (18 Jun 2006)
+
+  18 Jun 2006; Renat Lumpau <rl03@gentoo.org>
+  +files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff, -twiki-4.0.2.ebuild,
+  +twiki-4.0.2-r1.ebuild:
+  Apply hotfix for CVE-2006-2942.
 
   09 Jun 2006; Renat Lumpau <rl03@gentoo.org> files/postinstall-en.txt:
   Add info on ExecCGI ( bug #134132 ).
diff --git a/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff b/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff
new file mode 100644
index 000000000000..fd06de7446df
--- /dev/null
+++ b/www-apps/twiki/files/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff
@@ -0,0 +1,74 @@
+Index: Register.pm
+===================================================================
+--- lib/TWiki/UI/Register.pm	(revision 10544)
++++ lib/TWiki/UI/Register.pm	(working copy)
+@@ -418,7 +418,7 @@
+       $data->{WikiName}.'.'.TWiki::User::randomPassword();
+     _putRegDetailsByCode( $data, $tmpDir );
+ 
+-    $session->writeLog( 'regstart', $data->{webName}.'.'.$data->{WikiName},
++    $session->writeLog( 'regstart', $TWiki::cfg{UsersWebName}.'.'.$data->{WikiName},
+                         $data->{Email}, $data->{WikiName} );
+ 
+     my $err = _sendEmail( $session, 'registerconfirm', $data );
+@@ -788,13 +788,13 @@
+ 
+     # write log entry
+     if ($TWiki::cfg{Log}{register}) {
+-        $session->writeLog( 'register', $data->{webName}.'.'.$data->{WikiName},
++        $session->writeLog( 'register', $TWiki::cfg{UsersWebName}.'.'.$data->{WikiName},
+                             $data->{Email}, $data->{WikiName} );
+     }
+ 
+     # and finally display thank you page
+     throw TWiki::OopsException( 'attention',
+-                                web => $data->{webName},
++                                web => $TWiki::cfg{UsersWebName},
+                                 topic => $data->{WikiName},
+                                 def => 'thanks',
+                                 params => $data->{Email} );
+@@ -809,7 +809,7 @@
+ sub _newUserFromTemplate {
+     my ($session, $template, $row) = @_;
+     my ( $meta, $text ) = TWiki::UI::readTemplateTopic($session, $template);
+-    my $log = $b.' Writing topic '.$row->{webName}.'.'.$row->{WikiName}."\n".
++    my $log = $b.' Writing topic '.$TWiki::cfg{UsersWebName}.'.'.$row->{WikiName}."\n".
+       $b2.' RegistrationHandler: ';
+     my $regLog = $text;
+     _purgeKeys( $row );
+@@ -859,7 +859,7 @@
+     my $agent = $session->{users}->findUser( $twikiRegistrationAgent,
+                                              $twikiRegistrationAgent);
+ 
+-    $session->{store}->saveTopic($agent, $data->{webName},
++    $session->{store}->saveTopic($agent, $TWiki::cfg{UsersWebName},
+                                  $data->{WikiName}, $text, $meta );
+     return $log;
+ }
+@@ -993,7 +993,7 @@
+     }
+     $templateText = $before.$after;
+     $templateText = $session->handleCommonTags
+-      ( $templateText, $data->{webName}, $data->{WikiName} );
++      ( $templateText, $TWiki::cfg{UsersWebName}, $data->{WikiName} );
+     $templateText =~ s/( ?) *<\/?(nop|noautolink)\/?>\n?/$1/gois;
+     # remove <nop> and <noautolink> tags
+ 
+@@ -1014,7 +1014,7 @@
+                                     params => '' );
+     }
+ 
+-    if($session->{store}->topicExists( $data->{webName}, $data->{WikiName} )) {
++    if($session->{store}->topicExists( $TWiki::cfg{UsersWebName}, $data->{WikiName} )) {
+         throw TWiki::OopsException( 'attention',
+                                     web => $data->{webName},
+                                     topic => $topic,
+@@ -1127,7 +1127,7 @@
+     $text =~ s/%INTRODUCTION%/$p->{Introduction}/go;
+     $text =~ s/%VERIFICATIONCODE%/$p->{VerificationCode}/go;
+     $text =~ s/%PASSWORD%/$p->{PasswordA}/go;
+-    $text = $session->handleCommonTags( $text, $p->{webName}, $p->{WikiName} );
++    $text = $session->handleCommonTags( $text, $TWiki::cfg{UsersWebName}, $p->{WikiName} );
+     return $session->{net}->sendEmail($text);
+ }
+ 
diff --git a/www-apps/twiki/files/digest-twiki-4.0.2-r1 b/www-apps/twiki/files/digest-twiki-4.0.2-r1
new file mode 100644
index 000000000000..4485135441bb
--- /dev/null
+++ b/www-apps/twiki/files/digest-twiki-4.0.2-r1
@@ -0,0 +1,3 @@
+MD5 434fd3dd09138c283bc3f1884e84faa5 TWiki-4.0.2.tgz 4014446
+RMD160 41a3e678fa27ad2d9bdf0e94871df2ca2daa58e0 TWiki-4.0.2.tgz 4014446
+SHA256 22c5c2e3fe703ae29ca3a6ec08950c95460ef28aea73ef3708bf59d0185872ed TWiki-4.0.2.tgz 4014446
diff --git a/www-apps/twiki/twiki-4.0.2-r1.ebuild b/www-apps/twiki/twiki-4.0.2-r1.ebuild
new file mode 100644
index 000000000000..dc1575f69589
--- /dev/null
+++ b/www-apps/twiki/twiki-4.0.2-r1.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.2-r1.ebuild,v 1.1 2006/06/18 00:44:42 rl03 Exp $
+
+inherit webapp eutils
+
+MY_PN="TWiki"
+
+DESCRIPTION="A Web Based Collaboration Platform"
+HOMEPAGE="http://twiki.org/"
+SRC_URI="http://twiki.org/p/pub/Codev/Release/${MY_PN}-${PV}.tgz"
+
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="apache2"
+
+S=${WORKDIR}
+
+RDEPEND=">=dev-lang/perl-5.8
+		>=app-text/rcs-5.7
+		sys-apps/diffutils
+		dev-perl/Algorithm-Diff
+		>=virtual/perl-CGI-3.20
+		perl-core/File-Spec
+		dev-perl/Text-Diff
+		perl-core/Time-Local
+		dev-perl/CGI-Session
+		perl-core/digest-base
+		dev-perl/Digest-SHA1
+		dev-perl/locale-maketext-lexicon
+		virtual/perl-libnet
+		dev-perl/URI
+		virtual/cron
+		apache2? ( >=net-www/apache-2.0.54 )
+		!apache2? ( =net-www/apache-1* )"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+
+	epatch ${FILESDIR}/CVE-2006-2942-hotfix-4.0.0-4.0.2.diff
+
+	mv ${S}/bin/LocalLib.cfg.txt ${S}/bin/LocalLib.cfg
+	mv ${S}/lib/LocalSite.cfg.txt ${S}/lib/LocalSite.cfg
+	# change web user to apache
+	cd ${S}/lib/TWiki
+	find . -name '*,v' -exec sed -i 's|nobody:|apache:|g' '{}' ';'
+}
+
+src_install() {
+	webapp_src_preinst
+
+	cp -r . ${D}/${MY_HTDOCSDIR}
+
+	dodoc readme.txt
+	dohtml T*.html
+
+	for file in $(find data pub) lib/LocalSite.cfg; do
+		webapp_serverowned "${MY_HTDOCSDIR}/${file}"
+	done
+
+	for a in bin/setlib.cfg bin/LocalLib.cfg lib/TWiki.cfg lib/LocalSite.cfg; do
+		webapp_configfile ${MY_HTDOCSDIR}/${a}
+	done
+	webapp_hook_script ${FILESDIR}/reconfig
+	webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt
+	webapp_postupgrade_txt en ${FILESDIR}/postupgrade-en.txt
+
+	webapp_src_install
+}
+
+pkg_postinst() {
+	ewarn
+	ewarn "If you are upgrading from an older version of TWiki, back up your"
+	ewarn "data/ and pub/ directories and any local changes before upgrading!"
+	ewarn
+	ewarn "You are _strongly_ encouraged to to read the upgrade guide:"
+	ewarn "http://twiki.org/cgi-bin/view/TWiki/TWikiDocumentation"
+	ewarn
+	einfo "webapp-config will not be run automatically"
+	einfo
+	# webapp_pkg_postinst
+}