Fix for security bug #73772

author: Stuart Herbert <stuart@gentoo.org> 2004-12-23 11:10:32 +0000
committer: Stuart Herbert <stuart@gentoo.org> 2004-12-23 11:10:32 +0000
commit: 4c55e7003355661dacbc7586913a86d48a91c689 (patch)
tree: 6cab3fc7008e596a5da1d3959745ba309dda2c92 /www-apps/viewcvs
parent: added ~ppc64 (Manifest recommit) (diff)
download: gentoo-2-4c55e7003355661dacbc7586913a86d48a91c689.tar.gz
gentoo-2-4c55e7003355661dacbc7586913a86d48a91c689.tar.bz2
gentoo-2-4c55e7003355661dacbc7586913a86d48a91c689.zip
5 files changed, 121 insertions, 5 deletions
diff --git a/www-apps/viewcvs/ChangeLog b/www-apps/viewcvs/ChangeLog
index 1bf0bfae49bc..9575e25ff594 100644
--- a/www-apps/viewcvs/ChangeLog
+++ b/www-apps/viewcvs/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apps/viewcvs
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/ChangeLog,v 1.10 2004/12/08 08:25:09 sejo Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/ChangeLog,v 1.11 2004/12/23 11:10:32 stuart Exp $
+
+*viewcvs-0.9.2_p20041207-r1 (23 Dec 2004)
+
+  23 Dec 2004; Stuart Herbert <stuart@gentoo.org>
+  +files/viewcvs-CAN-2004-1062.patch, +viewcvs-0.9.2_p20041207-r1.ebuild:
+  Added patch for security-related bug #73772
 
 *viewcvs-0.9.2_p20041207 (08 Dec 2004)
 
diff --git a/www-apps/viewcvs/Manifest b/www-apps/viewcvs/Manifest
index ad772d930dc6..9bd4d5cd0e4e 100644
--- a/www-apps/viewcvs/Manifest
+++ b/www-apps/viewcvs/Manifest
@@ -1,19 +1,22 @@
 MD5 37272717344c94e1c63c2f7dd323ec9c ChangeLog 4369
 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280
+MD5 11f7a4918520883f4237ed7069dfc451 viewcvs-0.9.2_p20040831.ebuild 2418
 MD5 d4be9b9587fb3ba56b11c3eea3437028 viewcvs-0.9.2-r3.ebuild 2776
 MD5 7e5c309216b00abdd5d51cae387732d9 viewcvs-0.9.2_p20030430-r1.ebuild 2412
-MD5 0b24dbbf17a48fa287b61c6629b69b8a viewcvs-0.9.2_p20030430-r2.ebuild 1257
 MD5 c6d53afae4b75c5d30e3da0d71c2c0f6 viewcvs-0.9.2_p20030430.ebuild 2333
-MD5 11f7a4918520883f4237ed7069dfc451 viewcvs-0.9.2_p20040831.ebuild 2418
+MD5 0b24dbbf17a48fa287b61c6629b69b8a viewcvs-0.9.2_p20030430-r2.ebuild 1257
 MD5 b892eaf33b2fe3c89548614ddeb5fab5 viewcvs-0.9.2-r4.ebuild 2863
 MD5 ebb372a1d2cb625d712975d9a52a4576 viewcvs-0.9.2_p20041207.ebuild 2412
+MD5 fa008513ba24747e2dbf3323cb15b164 viewcvs-0.9.2_p20041207-r1.ebuild 2516
+MD5 db9223dd117bcf0933c71e4d5598ceba files/digest-viewcvs-0.9.2_p20040831 69
 MD5 07a07f1a89e77c9f093ade7e395ffe3b files/digest-viewcvs-0.9.2-r3 65
 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430 69
 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430-r1 69
 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430-r2 69
-MD5 db9223dd117bcf0933c71e4d5598ceba files/digest-viewcvs-0.9.2_p20040831 69
 MD5 39d356a0537a0b8cdee280b47feb6413 files/postinstall-en.txt 416
 MD5 af9b030c39a014066d0fa7e2cd18636c files/reconfig 437
 MD5 07a07f1a89e77c9f093ade7e395ffe3b files/digest-viewcvs-0.9.2-r4 65
-MD5 48783b2b9bd95be9a4eb1525a0bf708a files/digest-viewcvs-0.9.2_p20041207 69
 MD5 9ac90900c491e917c037819a688ea54c files/viewcvs-0.9.2.patch 1295
+MD5 48783b2b9bd95be9a4eb1525a0bf708a files/digest-viewcvs-0.9.2_p20041207-r1 69
+MD5 48783b2b9bd95be9a4eb1525a0bf708a files/digest-viewcvs-0.9.2_p20041207 69
+MD5 550579a3a648e62d01ec4c3c3ee47327 files/viewcvs-CAN-2004-1062.patch 341
diff --git a/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207-r1 b/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207-r1
new file mode 100644
index 000000000000..b49145e38456
--- /dev/null
+++ b/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207-r1
@@ -0,0 +1 @@
+MD5 86315155b4e24072e414f719178cbde5 viewcvs-20041207.tar.bz2 340385
diff --git a/www-apps/viewcvs/files/viewcvs-CAN-2004-1062.patch b/www-apps/viewcvs/files/viewcvs-CAN-2004-1062.patch
new file mode 100644
index 000000000000..6caa4ab88251
--- /dev/null
+++ b/www-apps/viewcvs/files/viewcvs-CAN-2004-1062.patch
@@ -0,0 +1,12 @@
+--- /srv/viewcvs/lib/debug.py.orig	2004-12-09 17:28:26.268442577 +0100
++++ /srv/viewcvs/lib/debug.py	2004-12-09 17:28:31.386142630 +0100
+@@ -50,7 +50,8 @@
+ 
+ class ViewCVSException:
+   def __init__(self, msg, status=None):
+-    self.msg = msg
++    import cgi
++    self.msg = cgi.escape(msg)
+     self.status = status
+ 
+   def __str__(self):
diff --git a/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild b/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild
new file mode 100644
index 000000000000..6bf68de4e576
--- /dev/null
+++ b/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild,v 1.1 2004/12/23 11:10:32 stuart Exp $
+
+inherit eutils
+
+PDATE=${PV/0.9.2_p/}
+DESCRIPTION="Viewcvs, a web interface to cvs and subversion"
+HOMEPAGE="http://viewcvs.sourceforge.net/"
+SRC_URI="mirror://gentoo/${PN}-${PDATE}.tar.bz2"
+
+LICENSE="viewcvs"
+SLOT="0"
+KEYWORDS="~x86 ~ppc"
+IUSE=""
+
+DEPEND=""
+RDEPEND="|| ( ( >=app-text/rcs-5.7
+	>=dev-util/cvs-1.11 )
+	dev-util/subversion )
+	sys-apps/diffutils
+	net-www/apache"
+S=${WORKDIR}/${PN}
+
+WWW="/var/www/localhost/viewcvs"
+CONFFILE="/etc/viewcvs/viewcvs.conf"
+
+doinstall() {
+	# start_location=$1
+	# end_location=$2
+	# mode=$3
+	if [ -d $1 ]; then
+		install -o root -d ${D}/$2
+		for f in ${1}/*
+		do
+			doinstall ${f} ${f/${1}/${2}} $3
+		done
+	else
+		sed -e "{ s,\(^#!.*$\),#!/usr/bin/python,; \
+		s,\(<VIEWCVS_INSTALL_DIRECTORY>\),${WWW},; \
+		s,\(^LIBRARY_DIR\)\(.*\$\),\1 = \"${WWW}/lib\",; \
+		s,\(^CONF_PATHNAME\)\(.*\$\),\1 = \"${CONFFILE}\",}" ${1} >${1}.cpy
+
+		install -o root -m $3 ${1}.cpy ${D}/$2
+		rm ${1}.cpy
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${PN}-CAN-2004-1062.patch
+}
+
+src_install() {
+	cd ${S}
+	install -o root -d ${D}/${WWW}/cgi
+
+	doinstall www/cgi/viewcvs.cgi ${WWW}/cgi/viewcvs.cgi 755
+	doinstall www/cgi/query.cgi ${WWW}/cgi/query.cgi 755
+	doinstall standalone.py ${WWW}/standalone.py 755
+	mkdir -p ${D}/`dirname ${CONFFILE}`
+	doinstall viewcvs.conf.dist ${CONFFILE} 644
+	doinstall cvsgraph.conf.dist `dirname ${CONFFILE}`/cvsgraph.conf 644
+	doinstall tools/loginfo-handler ${WWW}/loginfo-handler 755
+	doinstall tools/cvsdbadmin ${WWW}/cvsdbadmin 755
+	doinstall tools/make-database ${WWW}/make-database 755
+
+	doinstall lib ${WWW}/lib 644
+	doinstall templates `dirname ${CONFFILE}`/templates 644
+
+	dohtml -r website/*
+	dosym /usr/share/doc/${PF}/html /etc/viewcvs/doc
+
+	cat <<EOF >apache.conf
+ScriptAlias /viewcvs /var/www/localhost/viewcvs/cgi/viewcvs.cgi
+ScriptAlias /cvsquery /var/www/localhost/viewcvs/cgi/cvsquery.cgi
+
+<Directory /var/www/localhost/viewcvs/cgi>
+	Options ExecCGI
+	<IfModule mod_access.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
+</Directory>
+EOF
+	dodoc INSTALL TODO CHANGES README apache.conf
+}
+
+pkg_postinst() {
+	ewarn "Before using viewcvs make sure you configure it correctly"
+	einfo "There is a sample apache integration configuration file in the"
+	einfo "documentation directory named: apache.conf"
+}
author	Stuart Herbert <stuart@gentoo.org>	2004-12-23 11:10:32 +0000
committer	Stuart Herbert <stuart@gentoo.org>	2004-12-23 11:10:32 +0000
commit	4c55e7003355661dacbc7586913a86d48a91c689 (patch)
tree	6cab3fc7008e596a5da1d3959745ba309dda2c92 /www-apps/viewcvs
parent	added ~ppc64 (Manifest recommit) (diff)
download	gentoo-2-4c55e7003355661dacbc7586913a86d48a91c689.tar.gz gentoo-2-4c55e7003355661dacbc7586913a86d48a91c689.tar.bz2 gentoo-2-4c55e7003355661dacbc7586913a86d48a91c689.zip