Patch for CVE-2006-1387 ( bug #127758 ).

(Portage version: 2.1_pre6-r3)

5 files changed, 32 insertions, 18 deletions

diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog
index 3d65430efc03..dbe34fe0425e 100644
--- a/www-apps/twiki/ChangeLog
+++ b/www-apps/twiki/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apps/twiki
 # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.24 2006/03/25 16:01:43 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.25 2006/03/27 17:56:24 rl03 Exp $
+
+*twiki-4.0.1-r2 (27 Mar 2006)
+
+  27 Mar 2006; Renat Lumpau <rl03@gentoo.org> +files/CVE-2006-1387.patch,
+  -twiki-4.0.1-r1.ebuild, +twiki-4.0.1-r2.ebuild:
+  Patch for CVE-2006-1387 ( bug #127758 ).
 
 *twiki-4.0.1-r1 (25 Mar 2006)
 
diff --git a/www-apps/twiki/Manifest b/www-apps/twiki/Manifest
index 976e767e97e3..318b0450300c 100644
--- a/www-apps/twiki/Manifest
+++ b/www-apps/twiki/Manifest
@@ -1,15 +1,15 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 91919be0799b998ea4b5347d473288e9 ChangeLog 4684
 RMD160 19f252885704d905159966aaf8530b02b82dfbd9 ChangeLog 4684
 SHA256 7990e3eef5bcd8aa8d3963d4834e297551b447fd93e2534696e9e8ac5f96aa9a ChangeLog 4684
 MD5 08cf8f7a17f0804273178193e1a5aeac files/CVE-2006-1386.patch 1159
 RMD160 33dfc96754cccc24018b5dcf7d399ddbba58a175 files/CVE-2006-1386.patch 1159
 SHA256 95018ddbb0b8831f1bb5f4b12befbf335c58e540841b24be408b9efea9fd6a32 files/CVE-2006-1386.patch 1159
-MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1-r1 229
-RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1-r1 229
-SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1-r1 229
+MD5 245f8918aa96d68cae394496a4ee2dec files/CVE-2006-1387.patch 521
+RMD160 9b3b698f769164668f4be8cc51f2d7af2efa645a files/CVE-2006-1387.patch 521
+SHA256 e60ed3fe90c5593526ef46a8a36226e7ea076799f488e307be5720f82a485d5c files/CVE-2006-1387.patch 521
+MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1-r2 229
+RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1-r2 229
+SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1-r2 229
 MD5 0fb6bff6113baf316a822f611593a0a5 files/postinstall-en.txt 945
 RMD160 cb9968cf0d8f7b217790f2176898202b56ce1905 files/postinstall-en.txt 945
 SHA256 bf8d1eceda6d9383abd4bd3ab3c19cf101606fac89d1bd8e60155b29fb46030a files/postinstall-en.txt 945
@@ -22,13 +22,6 @@ SHA256 9bff3cbfb8ecbfe396e6e61ddf189c24f4500c469e9c0e0a5961a4b5b3fce851 files/re
 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280
 RMD160 c449ad35e8af3f158d8f8305f8a02ff98a420970 metadata.xml 280
 SHA256 fd37fa0f441b1b68ef8dc4bffbb0a51f0414aa7c370b48369453af5f4bff177a metadata.xml 280
-MD5 443f8440cf14c943c308229c99988e1c twiki-4.0.1-r1.ebuild 2126
-RMD160 1289f7278d0725f1fdc607a8795b13e5cd05e97f twiki-4.0.1-r1.ebuild 2126
-SHA256 7e69b02223b9efc5d166b9f96ba9dfb3bf86b565b241143c6b899a944c4b4cd3 twiki-4.0.1-r1.ebuild 2126
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.2 (GNU/Linux)
-
-iD8DBQFEJWlzEzitwsaoONoRAg5mAJ9u+hopL4Ok55C8fbj2r/IkMLIPqwCZAQGy
-mTeXgdv3x4eViTEwJxBZE14=
-=aZWH
------END PGP SIGNATURE-----
+MD5 cb8544d4e8dfb1eb223a4bc17dd82232 twiki-4.0.1-r2.ebuild 2166
+RMD160 f5ce056fdb56856d5b9516fe415f9fdf129abdb2 twiki-4.0.1-r2.ebuild 2166
+SHA256 7cce20fd12745462fb935ca9952a182234362ad268367eeadfa595804a5112b3 twiki-4.0.1-r2.ebuild 2166
diff --git a/www-apps/twiki/files/CVE-2006-1387.patch b/www-apps/twiki/files/CVE-2006-1387.patch
new file mode 100644
index 000000000000..912559c8a489
--- /dev/null
+++ b/www-apps/twiki/files/CVE-2006-1387.patch
@@ -0,0 +1,14 @@
+diff -ur work/lib/TWiki.pm work_patched/lib/TWiki.pm
+--- work/lib/TWiki.pm	2006-02-07 10:08:46.000000000 -0500
++++ work_patched/lib/TWiki.pm	2006-03-27 12:52:39.000000000 -0500
+@@ -1514,6 +1514,10 @@
+ # Fetch content from a URL for inclusion by an INCLUDE
+ sub _includeUrl {
+     my( $this, $theUrl, $thePattern, $theWeb, $theTopic ) = @_;
++
++    # Fix for Codev.SecurityAdvisoryDosAttackWithInclude
++    return "%RED% Include of URL is disabled %ENDCOLOR%";
++
+     my $text = '';
+     my $host = '';
+     my $port = 80;
diff --git a/www-apps/twiki/files/digest-twiki-4.0.1-r1 b/www-apps/twiki/files/digest-twiki-4.0.1-r2
index 18b0503f8fd4..18b0503f8fd4 100644
--- a/www-apps/twiki/files/digest-twiki-4.0.1-r1
+++ b/www-apps/twiki/files/digest-twiki-4.0.1-r2
diff --git a/www-apps/twiki/twiki-4.0.1-r1.ebuild b/www-apps/twiki/twiki-4.0.1-r2.ebuild
index caf2bccbfdc3..ff19b49e6e88 100644
--- a/www-apps/twiki/twiki-4.0.1-r1.ebuild
+++ b/www-apps/twiki/twiki-4.0.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1-r1.ebuild,v 1.1 2006/03/25 16:01:43 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1-r2.ebuild,v 1.1 2006/03/27 17:56:24 rl03 Exp $
 
 inherit webapp eutils versionator
 
@@ -38,6 +38,7 @@ src_unpack() {
 	unpack ${A}
 	cd ${S}
 	epatch ${FILESDIR}/CVE-2006-1386.patch
+	epatch ${FILESDIR}/CVE-2006-1387.patch
 
 	mv ${S}/bin/LocalLib.cfg.txt ${S}/bin/LocalLib.cfg
 	mv ${S}/lib/LocalSite.cfg.txt ${S}/lib/LocalSite.cfg