Version bump; added patch to fix chat script insertion vuln for sec bug 89950.

Package-Manager: portage-2.0.51.22-r1

5 files changed, 88 insertions, 2 deletions

diff --git a/www-apps/phprojekt/ChangeLog b/www-apps/phprojekt/ChangeLog
index 9efa68fd04ea..1f9530155934 100644
--- a/www-apps/phprojekt/ChangeLog
+++ b/www-apps/phprojekt/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apps/phprojekt
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/phprojekt/ChangeLog,v 1.11 2005/02/17 17:21:29 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/phprojekt/ChangeLog,v 1.12 2005/05/30 05:18:55 ka0ttic Exp $
+
+*phprojekt-4.2.3 (29 May 2005)
+
+  29 May 2005; Aaron Walker <ka0ttic@gentoo.org>
+  +files/phprojekt-4.2.3-fix-chat-vuln.diff, +phprojekt-4.2.3.ebuild:
+  Version bump; added patch to fix chat script insertion vuln for sec bug 89950.
 
   17 Feb 2005; Robin H. Johnson <robbat2@gentoo.org>
   phprojekt-4.2-r1.ebuild, phprojekt-4.2-r2.ebuild:
diff --git a/www-apps/phprojekt/Manifest b/www-apps/phprojekt/Manifest
index 7b1caf5c526c..1c45e31b35d2 100644
--- a/www-apps/phprojekt/Manifest
+++ b/www-apps/phprojekt/Manifest
@@ -1,15 +1,28 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 MD5 5874764cf1d4098657316fd112bdf037 phprojekt-4.1.ebuild 835
 MD5 eee9b6c96fe6a20b510e5a8148a414bb phprojekt-3.2a.ebuild 855
 MD5 eea89c0dabae70387f7719049a97935c phprojekt-4.2-r1.ebuild 1138
 MD5 5ba749dee7d3985f8600279123d1e215 phprojekt-4.2.ebuild 964
-MD5 a320e1c273efb3fdfaf3d72fa28638e2 ChangeLog 2964
+MD5 52361206898d4a5d7a129a89ea2bbc83 phprojekt-4.2.3.ebuild 1178
+MD5 f1f8f188607b907bf01e08ea80b62f1e ChangeLog 3197
 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280
 MD5 e746872e0b2bdb657b55aac6dc8ff7e2 phprojekt-4.0-r1.ebuild 839
 MD5 607b350d1fa8a2cd503643fa8ac1ad55 phprojekt-4.2-r2.ebuild 1307
 MD5 a5312d2a7dbb70b1d0416e37c9fd82d8 files/digest-phprojekt-3.2a 61
 MD5 b22d3aff81f01ade762c248b632b59af files/postinstall-en.txt 566
+MD5 6eaeb910f5378708b62665ecdaaf8be2 files/phprojekt-4.2.3-fix-chat-vuln.diff 773
+MD5 0a2c5111e69c0d6f6c3299c5d892f427 files/digest-phprojekt-4.2.3 170
 MD5 a4fc4523f14a2ad77b9d00dd7e386b88 files/digest-phprojekt-4.0-r1 65
 MD5 938b9d2863dfb43c71b95e95dfa47fec files/digest-phprojekt-4.2-r1 118
 MD5 06ec2426a542cce49d52bdb2e293404d files/digest-phprojekt-4.2-r2 168
 MD5 6d1069d70f3ff3b4f87db9ca117da41d files/digest-phprojekt-4.1 65
 MD5 9795a83201163bd130899be5e47aaad3 files/digest-phprojekt-4.2 66
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (GNU/Linux)
+
+iD8DBQFCmqJSEZCkKN40op4RAgEwAJ9ST4nFr445Is4c7S3rix+V0lGqqACfUUtf
+uKI4rItH0rVZBdIhDmKvJew=
+=TiQN
+-----END PGP SIGNATURE-----
diff --git a/www-apps/phprojekt/files/digest-phprojekt-4.2.3 b/www-apps/phprojekt/files/digest-phprojekt-4.2.3
new file mode 100644
index 000000000000..aa1657f00e29
--- /dev/null
+++ b/www-apps/phprojekt/files/digest-phprojekt-4.2.3
@@ -0,0 +1,3 @@
+MD5 364263b1b0a513dba5df4215e6f2e1f0 phprojekt-4.2.3.tar.gz 1026462
+MD5 4d8ca59d86c32650c34e06691b335841 setup.zip 2830
+MD5 25d69434fb367f39db402c33df6cebd4 lib.zip 2149
diff --git a/www-apps/phprojekt/files/phprojekt-4.2.3-fix-chat-vuln.diff b/www-apps/phprojekt/files/phprojekt-4.2.3-fix-chat-vuln.diff
new file mode 100644
index 000000000000..3bf63a08573d
--- /dev/null
+++ b/www-apps/phprojekt/files/phprojekt-4.2.3-fix-chat-vuln.diff
@@ -0,0 +1,18 @@
+diff --exclude='*~' --exclude='.*' -I '$Id:' -urN phprojekt-4.2.3.orig/chat/chat.php phprojekt-4.2.3/chat/chat.php
+--- phprojekt-4.2.3.orig/chat/chat.php	2005-05-29 16:35:28.000000000 -0400
++++ phprojekt-4.2.3/chat/chat.php	2005-05-29 16:37:16.000000000 -0400
+@@ -37,6 +37,7 @@
+ function writetext () {

+   global $chatfile, $user_name, $user_firstname, $content, $max_lines, $chat_time, $chat_names, $chat_direction;

+   // small irc hack - replace /me with the username 

++  $content = htmlentities(strip_tags($content));

+   $content = ereg_replace('/me',$user_firstname,$content);    

+    

+   // add time to new line       

+@@ -211,4 +212,4 @@
+ elseif ($mode == "alive") { alive(); }

+ elseif ($mode == 'check') { check(); }

+ 

+-?>
+\ No newline at end of file
++?>

diff --git a/www-apps/phprojekt/phprojekt-4.2.3.ebuild b/www-apps/phprojekt/phprojekt-4.2.3.ebuild
new file mode 100644
index 000000000000..b0644a9c9690
--- /dev/null
+++ b/www-apps/phprojekt/phprojekt-4.2.3.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/phprojekt/phprojekt-4.2.3.ebuild,v 1.1 2005/05/30 05:18:55 ka0ttic Exp $
+
+inherit webapp eutils
+
+DESCRIPTION="Project management and coordination system"
+HOMEPAGE="http://www.phprojekt.com/"
+SRC_URI="mirror://gentoo/${P}.tar.gz
+	http://phprojekt.com/files/4.2/setup.zip
+	http://phprojekt.com/files/4.2/lib.zip"
+
+LICENSE="GPL-2"
+KEYWORDS="~ppc x86"
+IUSE="postgres mysql"
+
+RDEPEND="net-www/apache
+		postgres? ( dev-db/postgresql )
+		mysql? ( dev-db/mysql )
+		virtual/php"
+DEPEND="app-arch/unzip"
+
+src_unpack () {
+	unpack ${A}
+	# security bug 89950
+	epatch ${FILESDIR}/${P}-fix-chat-vuln.diff
+}
+
+pkg_setup () {
+	webapp_pkg_setup
+	einfo "Please make sure that your PHP is compiled with support for IMAP and your database of choice"
+}
+
+src_install() {
+	webapp_src_preinst
+
+	dodoc ChangeLog install readme
+	rm -f ChangeLog install readme
+	cp -R . ${D}/${MY_HTDOCSDIR}
+	for file in chat attach upload; do
+		webapp_serverowned ${MY_HTDOCSDIR}/${file}
+	done
+	webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt
+
+	webapp_src_install
+}