From c8aa9b76775773a3345c801651841676a4ac9185 Mon Sep 17 00:00:00 2001 From: Renat Lumpau Date: Mon, 27 Mar 2006 17:56:24 +0000 Subject: [PATCH] Patch for CVE-2006-1387 ( bug #127758 ). Package-Manager: portage-2.1_pre6-r3 --- www-apps/twiki/ChangeLog | 8 +++++- www-apps/twiki/Manifest | 27 ++++++++++--------- www-apps/twiki/files/CVE-2006-1387.patch | 14 ++++++++++ ...t-twiki-4.0.1-r1 => digest-twiki-4.0.1-r2} | 0 ...-4.0.1-r1.ebuild => twiki-4.0.1-r2.ebuild} | 3 ++- 5 files changed, 38 insertions(+), 14 deletions(-) create mode 100644 www-apps/twiki/files/CVE-2006-1387.patch rename www-apps/twiki/files/{digest-twiki-4.0.1-r1 => digest-twiki-4.0.1-r2} (100%) rename www-apps/twiki/{twiki-4.0.1-r1.ebuild => twiki-4.0.1-r2.ebuild} (93%) diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog index 3d65430efc03..dbe34fe0425e 100644 --- a/www-apps/twiki/ChangeLog +++ b/www-apps/twiki/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-apps/twiki # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.24 2006/03/25 16:01:43 rl03 Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.25 2006/03/27 17:56:24 rl03 Exp $ + +*twiki-4.0.1-r2 (27 Mar 2006) + + 27 Mar 2006; Renat Lumpau +files/CVE-2006-1387.patch, + -twiki-4.0.1-r1.ebuild, +twiki-4.0.1-r2.ebuild: + Patch for CVE-2006-1387 ( bug #127758 ). *twiki-4.0.1-r1 (25 Mar 2006) diff --git a/www-apps/twiki/Manifest b/www-apps/twiki/Manifest index 976e767e97e3..c380b214228f 100644 --- a/www-apps/twiki/Manifest +++ b/www-apps/twiki/Manifest @@ -1,15 +1,18 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 91919be0799b998ea4b5347d473288e9 ChangeLog 4684 -RMD160 19f252885704d905159966aaf8530b02b82dfbd9 ChangeLog 4684 -SHA256 7990e3eef5bcd8aa8d3963d4834e297551b447fd93e2534696e9e8ac5f96aa9a ChangeLog 4684 +MD5 e12177a09bfcbe7fd66119f543d9c92e ChangeLog 4883 +RMD160 3ae1f000288cc4a96e746ee0805547c7b863915c ChangeLog 4883 +SHA256 c7d37d9d2b43dbaf1c9a02ab0a6ffc8b81ecaf06930408cfa31095d58e0536bf ChangeLog 4883 MD5 08cf8f7a17f0804273178193e1a5aeac files/CVE-2006-1386.patch 1159 RMD160 33dfc96754cccc24018b5dcf7d399ddbba58a175 files/CVE-2006-1386.patch 1159 SHA256 95018ddbb0b8831f1bb5f4b12befbf335c58e540841b24be408b9efea9fd6a32 files/CVE-2006-1386.patch 1159 -MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1-r1 229 -RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1-r1 229 -SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1-r1 229 +MD5 245f8918aa96d68cae394496a4ee2dec files/CVE-2006-1387.patch 521 +RMD160 9b3b698f769164668f4be8cc51f2d7af2efa645a files/CVE-2006-1387.patch 521 +SHA256 e60ed3fe90c5593526ef46a8a36226e7ea076799f488e307be5720f82a485d5c files/CVE-2006-1387.patch 521 +MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1-r2 229 +RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1-r2 229 +SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1-r2 229 MD5 0fb6bff6113baf316a822f611593a0a5 files/postinstall-en.txt 945 RMD160 cb9968cf0d8f7b217790f2176898202b56ce1905 files/postinstall-en.txt 945 SHA256 bf8d1eceda6d9383abd4bd3ab3c19cf101606fac89d1bd8e60155b29fb46030a files/postinstall-en.txt 945 @@ -22,13 +25,13 @@ SHA256 9bff3cbfb8ecbfe396e6e61ddf189c24f4500c469e9c0e0a5961a4b5b3fce851 files/re MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280 RMD160 c449ad35e8af3f158d8f8305f8a02ff98a420970 metadata.xml 280 SHA256 fd37fa0f441b1b68ef8dc4bffbb0a51f0414aa7c370b48369453af5f4bff177a metadata.xml 280 -MD5 443f8440cf14c943c308229c99988e1c twiki-4.0.1-r1.ebuild 2126 -RMD160 1289f7278d0725f1fdc607a8795b13e5cd05e97f twiki-4.0.1-r1.ebuild 2126 -SHA256 7e69b02223b9efc5d166b9f96ba9dfb3bf86b565b241143c6b899a944c4b4cd3 twiki-4.0.1-r1.ebuild 2126 +MD5 e81119fc3ea6b1d01fe21d40d76d7197 twiki-4.0.1-r2.ebuild 2166 +RMD160 c8e60eb7fa461b43fbe5150a6ff1617f5b4c2b86 twiki-4.0.1-r2.ebuild 2166 +SHA256 bc4318e10d14b768403e56754508b9a480908cf7f7d62b6aea68d16b7b603fd2 twiki-4.0.1-r2.ebuild 2166 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) -iD8DBQFEJWlzEzitwsaoONoRAg5mAJ9u+hopL4Ok55C8fbj2r/IkMLIPqwCZAQGy -mTeXgdv3x4eViTEwJxBZE14= -=aZWH +iD8DBQFEKCdTEzitwsaoONoRAquLAJ4keB22nDO0tqAZInnTg+k6VfCnAwCfe4Wv +itz16ov53y5lsq1bq6vzCX8= +=rQE3 -----END PGP SIGNATURE----- diff --git a/www-apps/twiki/files/CVE-2006-1387.patch b/www-apps/twiki/files/CVE-2006-1387.patch new file mode 100644 index 000000000000..912559c8a489 --- /dev/null +++ b/www-apps/twiki/files/CVE-2006-1387.patch @@ -0,0 +1,14 @@ +diff -ur work/lib/TWiki.pm work_patched/lib/TWiki.pm +--- work/lib/TWiki.pm 2006-02-07 10:08:46.000000000 -0500 ++++ work_patched/lib/TWiki.pm 2006-03-27 12:52:39.000000000 -0500 +@@ -1514,6 +1514,10 @@ + # Fetch content from a URL for inclusion by an INCLUDE + sub _includeUrl { + my( $this, $theUrl, $thePattern, $theWeb, $theTopic ) = @_; ++ ++ # Fix for Codev.SecurityAdvisoryDosAttackWithInclude ++ return "%RED% Include of URL is disabled %ENDCOLOR%"; ++ + my $text = ''; + my $host = ''; + my $port = 80; diff --git a/www-apps/twiki/files/digest-twiki-4.0.1-r1 b/www-apps/twiki/files/digest-twiki-4.0.1-r2 similarity index 100% rename from www-apps/twiki/files/digest-twiki-4.0.1-r1 rename to www-apps/twiki/files/digest-twiki-4.0.1-r2 diff --git a/www-apps/twiki/twiki-4.0.1-r1.ebuild b/www-apps/twiki/twiki-4.0.1-r2.ebuild similarity index 93% rename from www-apps/twiki/twiki-4.0.1-r1.ebuild rename to www-apps/twiki/twiki-4.0.1-r2.ebuild index caf2bccbfdc3..ff19b49e6e88 100644 --- a/www-apps/twiki/twiki-4.0.1-r1.ebuild +++ b/www-apps/twiki/twiki-4.0.1-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1-r1.ebuild,v 1.1 2006/03/25 16:01:43 rl03 Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1-r2.ebuild,v 1.1 2006/03/27 17:56:24 rl03 Exp $ inherit webapp eutils versionator @@ -38,6 +38,7 @@ src_unpack() { unpack ${A} cd ${S} epatch ${FILESDIR}/CVE-2006-1386.patch + epatch ${FILESDIR}/CVE-2006-1387.patch mv ${S}/bin/LocalLib.cfg.txt ${S}/bin/LocalLib.cfg mv ${S}/lib/LocalSite.cfg.txt ${S}/lib/LocalSite.cfg -- 2.26.2