diff options
| author |   Stuart Herbert <stuart@gentoo.org> | 2004-12-23 11:10:32 +0000 |
|---|---|---|
| committer | Stuart Herbert <stuart@gentoo.org> | 2004-12-23 11:10:32 +0000 |
| commit | 4ca8168379c302d2498224591e71906546e3913d (patch) | |
| tree | 39ff2b193c6af914aebcb014dfdff6af3d9103ad /www-apps | |
| parent | New versions, and bugs fixed 74248, 74742, 70122, 58469, 50921, 60869. (diff) | |
| download | historical-4ca8168379c302d2498224591e71906546e3913d.tar.gz historical-4ca8168379c302d2498224591e71906546e3913d.tar.bz2 historical-4ca8168379c302d2498224591e71906546e3913d.zip | |
Fix for security bug #73772
Diffstat (limited to 'www-apps')
| -rw-r--r-- | www-apps/viewcvs/ChangeLog | 8 | ||||
| -rw-r--r-- | www-apps/viewcvs/Manifest | 13 | ||||
| -rw-r--r-- | www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207-r1 | 1 | ||||
| -rw-r--r-- | www-apps/viewcvs/files/viewcvs-CAN-2004-1062.patch | 12 | ||||
| -rw-r--r-- | www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild | 94 |
5 files changed, 122 insertions, 6 deletions
diff --git a/www-apps/viewcvs/ChangeLog b/www-apps/viewcvs/ChangeLog index 1bf0bfae49bc..9575e25ff594 100644 --- a/www-apps/viewcvs/ChangeLog +++ b/www-apps/viewcvs/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-apps/viewcvs # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/ChangeLog,v 1.10 2004/12/08 08:25:09 sejo Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/ChangeLog,v 1.11 2004/12/23 11:10:32 stuart Exp $ + +*viewcvs-0.9.2_p20041207-r1 (23 Dec 2004) + + 23 Dec 2004; Stuart Herbert <stuart@gentoo.org> + +files/viewcvs-CAN-2004-1062.patch, +viewcvs-0.9.2_p20041207-r1.ebuild: + Added patch for security-related bug #73772 *viewcvs-0.9.2_p20041207 (08 Dec 2004) diff --git a/www-apps/viewcvs/Manifest b/www-apps/viewcvs/Manifest index ad772d930dc6..456596918cd0 100644 --- a/www-apps/viewcvs/Manifest +++ b/www-apps/viewcvs/Manifest @@ -1,19 +1,22 @@ -MD5 37272717344c94e1c63c2f7dd323ec9c ChangeLog 4369 +MD5 8307071682db2e5f98259785bafabf08 ChangeLog 4585 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280 +MD5 11f7a4918520883f4237ed7069dfc451 viewcvs-0.9.2_p20040831.ebuild 2418 MD5 d4be9b9587fb3ba56b11c3eea3437028 viewcvs-0.9.2-r3.ebuild 2776 MD5 7e5c309216b00abdd5d51cae387732d9 viewcvs-0.9.2_p20030430-r1.ebuild 2412 -MD5 0b24dbbf17a48fa287b61c6629b69b8a viewcvs-0.9.2_p20030430-r2.ebuild 1257 MD5 c6d53afae4b75c5d30e3da0d71c2c0f6 viewcvs-0.9.2_p20030430.ebuild 2333 -MD5 11f7a4918520883f4237ed7069dfc451 viewcvs-0.9.2_p20040831.ebuild 2418 +MD5 0b24dbbf17a48fa287b61c6629b69b8a viewcvs-0.9.2_p20030430-r2.ebuild 1257 MD5 b892eaf33b2fe3c89548614ddeb5fab5 viewcvs-0.9.2-r4.ebuild 2863 MD5 ebb372a1d2cb625d712975d9a52a4576 viewcvs-0.9.2_p20041207.ebuild 2412 +MD5 b4104ec1e8d3555125a00ee354647cde viewcvs-0.9.2_p20041207-r1.ebuild 2521 +MD5 db9223dd117bcf0933c71e4d5598ceba files/digest-viewcvs-0.9.2_p20040831 69 MD5 07a07f1a89e77c9f093ade7e395ffe3b files/digest-viewcvs-0.9.2-r3 65 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430 69 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430-r1 69 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430-r2 69 -MD5 db9223dd117bcf0933c71e4d5598ceba files/digest-viewcvs-0.9.2_p20040831 69 MD5 39d356a0537a0b8cdee280b47feb6413 files/postinstall-en.txt 416 MD5 af9b030c39a014066d0fa7e2cd18636c files/reconfig 437 MD5 07a07f1a89e77c9f093ade7e395ffe3b files/digest-viewcvs-0.9.2-r4 65 -MD5 48783b2b9bd95be9a4eb1525a0bf708a files/digest-viewcvs-0.9.2_p20041207 69 MD5 9ac90900c491e917c037819a688ea54c files/viewcvs-0.9.2.patch 1295 +MD5 48783b2b9bd95be9a4eb1525a0bf708a files/digest-viewcvs-0.9.2_p20041207-r1 69 +MD5 48783b2b9bd95be9a4eb1525a0bf708a files/digest-viewcvs-0.9.2_p20041207 69 +MD5 550579a3a648e62d01ec4c3c3ee47327 files/viewcvs-CAN-2004-1062.patch 341 diff --git a/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207-r1 b/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207-r1 new file mode 100644 index 000000000000..b49145e38456 --- /dev/null +++ b/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207-r1 @@ -0,0 +1 @@ +MD5 86315155b4e24072e414f719178cbde5 viewcvs-20041207.tar.bz2 340385 diff --git a/www-apps/viewcvs/files/viewcvs-CAN-2004-1062.patch b/www-apps/viewcvs/files/viewcvs-CAN-2004-1062.patch new file mode 100644 index 000000000000..6caa4ab88251 --- /dev/null +++ b/www-apps/viewcvs/files/viewcvs-CAN-2004-1062.patch @@ -0,0 +1,12 @@ +--- /srv/viewcvs/lib/debug.py.orig 2004-12-09 17:28:26.268442577 +0100 ++++ /srv/viewcvs/lib/debug.py 2004-12-09 17:28:31.386142630 +0100 +@@ -50,7 +50,8 @@ + + class ViewCVSException: + def __init__(self, msg, status=None): +- self.msg = msg ++ import cgi ++ self.msg = cgi.escape(msg) + self.status = status + + def __str__(self): diff --git a/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild b/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild new file mode 100644 index 000000000000..6bf68de4e576 --- /dev/null +++ b/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild @@ -0,0 +1,94 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/viewcvs-0.9.2_p20041207-r1.ebuild,v 1.1 2004/12/23 11:10:32 stuart Exp $ + +inherit eutils + +PDATE=${PV/0.9.2_p/} +DESCRIPTION="Viewcvs, a web interface to cvs and subversion" +HOMEPAGE="http://viewcvs.sourceforge.net/" +SRC_URI="mirror://gentoo/${PN}-${PDATE}.tar.bz2" + +LICENSE="viewcvs" +SLOT="0" +KEYWORDS="~x86 ~ppc" +IUSE="" + +DEPEND="" +RDEPEND="|| ( ( >=app-text/rcs-5.7 + >=dev-util/cvs-1.11 ) + dev-util/subversion ) + sys-apps/diffutils + net-www/apache" +S=${WORKDIR}/${PN} + +WWW="/var/www/localhost/viewcvs" +CONFFILE="/etc/viewcvs/viewcvs.conf" + +doinstall() { + # start_location=$1 + # end_location=$2 + # mode=$3 + if [ -d $1 ]; then + install -o root -d ${D}/$2 + for f in ${1}/* + do + doinstall ${f} ${f/${1}/${2}} $3 + done + else + sed -e "{ s,\(^#!.*$\),#!/usr/bin/python,; \ + s,\(<VIEWCVS_INSTALL_DIRECTORY>\),${WWW},; \ + s,\(^LIBRARY_DIR\)\(.*\$\),\1 = \"${WWW}/lib\",; \ + s,\(^CONF_PATHNAME\)\(.*\$\),\1 = \"${CONFFILE}\",}" ${1} >${1}.cpy + + install -o root -m $3 ${1}.cpy ${D}/$2 + rm ${1}.cpy + fi +} + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/${PN}-CAN-2004-1062.patch +} + +src_install() { + cd ${S} + install -o root -d ${D}/${WWW}/cgi + + doinstall www/cgi/viewcvs.cgi ${WWW}/cgi/viewcvs.cgi 755 + doinstall www/cgi/query.cgi ${WWW}/cgi/query.cgi 755 + doinstall standalone.py ${WWW}/standalone.py 755 + mkdir -p ${D}/`dirname ${CONFFILE}` + doinstall viewcvs.conf.dist ${CONFFILE} 644 + doinstall cvsgraph.conf.dist `dirname ${CONFFILE}`/cvsgraph.conf 644 + doinstall tools/loginfo-handler ${WWW}/loginfo-handler 755 + doinstall tools/cvsdbadmin ${WWW}/cvsdbadmin 755 + doinstall tools/make-database ${WWW}/make-database 755 + + doinstall lib ${WWW}/lib 644 + doinstall templates `dirname ${CONFFILE}`/templates 644 + + dohtml -r website/* + dosym /usr/share/doc/${PF}/html /etc/viewcvs/doc + + cat <<EOF >apache.conf +ScriptAlias /viewcvs /var/www/localhost/viewcvs/cgi/viewcvs.cgi +ScriptAlias /cvsquery /var/www/localhost/viewcvs/cgi/cvsquery.cgi + +<Directory /var/www/localhost/viewcvs/cgi> + Options ExecCGI + <IfModule mod_access.c> + Order allow,deny + Allow from all + </IfModule> +</Directory> +EOF + dodoc INSTALL TODO CHANGES README apache.conf +} + +pkg_postinst() { + ewarn "Before using viewcvs make sure you configure it correctly" + einfo "There is a sample apache integration configuration file in the" + einfo "documentation directory named: apache.conf" +} |