diff options
| author |   Kevin F. Quinn <kevquinn@gentoo.org> | 2006-09-01 14:39:52 +0000 |
|---|---|---|
| committer | Kevin F. Quinn <kevquinn@gentoo.org> | 2006-09-01 14:39:52 +0000 |
| commit | 1da91142a97335f3da48e5e1bf457c11512d7163 (patch) | |
| tree | 4854d83116beb36278aaa83ca5ec0baa2f3b552a /app-text/info2html | |
| parent | New version =app-text/info2html-2.0 masked for ebuild testing (diff) | |
| download | gentoo-2-1da91142a97335f3da48e5e1bf457c11512d7163.tar.gz gentoo-2-1da91142a97335f3da48e5e1bf457c11512d7163.tar.bz2 gentoo-2-1da91142a97335f3da48e5e1bf457c11512d7163.zip | |
bump to 2.0; configure for info dirs more intelligently
(Portage version: 2.1.1_rc1-r1)
Diffstat (limited to 'app-text/info2html')
| -rw-r--r-- | app-text/info2html/ChangeLog | 10 | ||||
| -rw-r--r-- | app-text/info2html/files/digest-info2html-2.0 | 3 | ||||
| -rw-r--r-- | app-text/info2html/files/info2html-2.0-xss.patch | 61 | ||||
| -rw-r--r-- | app-text/info2html/info2html-2.0.ebuild | 72 |
4 files changed, 145 insertions, 1 deletions
diff --git a/app-text/info2html/ChangeLog b/app-text/info2html/ChangeLog index b4a3b764914e..6ca17e656f66 100644 --- a/app-text/info2html/ChangeLog +++ b/app-text/info2html/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-text/info2html # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-text/info2html/ChangeLog,v 1.15 2006/09/01 12:45:42 kevquinn Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-text/info2html/ChangeLog,v 1.16 2006/09/01 14:39:52 kevquinn Exp $ + +*info2html-2.0 (01 Sep 2006) + + 01 Sep 2006; Kevin F. Quinn <kevquinn@gentoo.org> + +files/info2html-2.0-xss.patch, +info2html-2.0.ebuild: + Bump to new version; although it has gone up a major revision the changes are + actually quite small. Ebuild now cunningly sets up the INFODIR configuration + item from the data in profile.env :) 01 Sep 2006; Kevin F. Quinn <kevquinn@gentoo.org> info2html-1.4-r2.ebuild: Make perl RDEPEND not DEPEND; ditch dodoc README since it says nothing useful diff --git a/app-text/info2html/files/digest-info2html-2.0 b/app-text/info2html/files/digest-info2html-2.0 new file mode 100644 index 000000000000..f9ce3e68dea1 --- /dev/null +++ b/app-text/info2html/files/digest-info2html-2.0 @@ -0,0 +1,3 @@ +MD5 fc265a8f5347805689b27c31e85ccc08 info2html-2.0.tar 51200 +RMD160 3fb27f2962c3036eeb740250a848dc87decb613c info2html-2.0.tar 51200 +SHA256 553f4d17e7edc13e5d27ae66e27b8702e1e83691adb3505a26e3af70276f84a5 info2html-2.0.tar 51200 diff --git a/app-text/info2html/files/info2html-2.0-xss.patch b/app-text/info2html/files/info2html-2.0-xss.patch new file mode 100644 index 000000000000..a2254bdbbe2b --- /dev/null +++ b/app-text/info2html/files/info2html-2.0-xss.patch @@ -0,0 +1,61 @@ +diff -u info2html-2.0-orig/info2html info2html-2.0/info2html +--- info2html-2.0-orig/info2html 2006-09-01 14:55:13.000000000 +0200 ++++ info2html-2.0/info2html 2006-09-01 15:05:41.000000000 +0200 +@@ -42,7 +42,7 @@ + + use CGI; + $ENV{'REQUEST_METHOD'} or +- print "Note: I'm really supposed to be run as a CGI!\n"; ++ print "Note: I'm really supposed to be run as a CGI\!\n"; + + #-- patterns + $NODEBORDER = '\037\014?'; #-- delimiter of an info node +@@ -62,7 +62,7 @@ + #--------------------------------------------------------- + # Don't reveal where we're looking... --jonh 5/20/97 (and reapplied 5/4/1998) + sub DieFileNotFound{ +- local($FileName) = @_; ++ local($FileName) = &XssEscape(@_); + #-- TEXT : error message if a file could not be opened + print <<"EOF"; + <html><head><title>Info Files - Error Message</title> +@@ -104,6 +104,28 @@ + } + + #---------------------------------------------------------- ++# XssEscape ++#---------------------------------------------------------- ++sub XssEscape { ++ local($Tag) = @_; ++ #-- output escaping is required to protect browser ++ # against `cross site' and `cross frame scripting' ++ ++ $Tag =~ s/&/&/gs; # ampersand ++ $Tag =~ s/#/#/gs; ++ $Tag =~ s/;/;/gs; ++ $Tag =~ s/[\000-\037\177-\237]/¿/gs; # "ctrl" codes 0-31 and 127-159 ++ $Tag =~ s/</</gs; # less-than symbol ++ $Tag =~ s/>/>/gs; # greater-than symbol ++ $Tag =~ s/"/"/gs; # double quote ++ $Tag =~ s/\240/ /gs; # non-breaking space ++ $Tag =~ s/\255/­/gs; # soft hyphen ++ # the rest is interpreted ++ # as ISO 8859-1 ++ $Tag; ++} ++ ++#---------------------------------------------------------- + # ParsHeaderToken + #---------------------------------------------------------- + # Parses the heaer line of an info node for a specific +@@ -493,6 +515,8 @@ + #---------------------------------------------------------- + sub ReplyNotFoundMessage{ + local($FileName,$Tag) = @_; ++ $FileName = &XssEscape($FileName); ++ $Tag = &XssEscape($Tag); + print <<"EOF"; + <html><head><title>Info Files - Error Message</title> + $BOTS_STAY_AWAY +Only in info2html-2.0: info2html.orig +Only in info2html-2.0: info2html.rej diff --git a/app-text/info2html/info2html-2.0.ebuild b/app-text/info2html/info2html-2.0.ebuild new file mode 100644 index 000000000000..328f1859788b --- /dev/null +++ b/app-text/info2html/info2html-2.0.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-text/info2html/info2html-2.0.ebuild,v 1.1 2006/09/01 14:39:52 kevquinn Exp $ + +inherit eutils webapp + +DESCRIPTION="Converts GNU .info files to HTML" +HOMEPAGE="http://info2html.sourceforge.net/" +SRC_URI="mirror://sourceforge/info2html/${P}.tar" + +LICENSE="freedist" +# webapp.eclass deals with SLOTting +#SLOT="0" +IUSE="" +KEYWORDS="~alpha ~amd64 ~hppa ~sparc ~x86" + +RDEPEND="dev-lang/perl" + +src_unpack() { + local infos state line i + unpack ${A} + cd ${S} + + # filter user-provided data to prevent cross-frame/site scripting attacks + # bug #91354 (fix from Werner Fink) + epatch ${FILESDIR}/info2html-2.0-xss.patch + + # Fixup INFODIR for paths in /etc/profile.env INFOPATH + infos=$(grep "^export INFOPATH=" /etc/profile.env | tail -n 1 |\ + sed -e "s:^export INFOPATH=:INFOPATH=:;s:'::g") + # Default path to /usr/share/info and /usr/local/share/info + [[ -z ${infos} ]] && export infos="/usr/share/info" + infos=( ${INFOPATH//:/ } ) + mv ${S}/info2html.conf ${S}/info2html.conf.orig + touch ${S}/info2html.conf + state="copy" + inserted="no" + while read line; do + [[ ${line} == "@INFODIR = (" ]] && state="insert" + [[ ${line} == ");" ]] && state="copy" + case ${state} in + "copy") + echo ${line} >> ${S}/info2html.conf + ;; + "insert") + echo ${line} >> ${S}/info2html.conf + for info in "${infos[@]}"; do + echo " '${info}'," >> ${S}/info2html.conf + done + echo " '/usr/local/share/info'" >> ${S}/info2html.conf + state="skip" + inserted="yes" + ;; + "skip") + ;; + esac + done < ${S}/info2html.conf.orig + [[ ${state} == "copy" && ${inserted} == "yes" ]] || + die "Setting up info2html.conf failed" +} + +src_install() { + webapp_src_preinst + + exeinto ${MY_CGIBINDIR} + cp info2html infocat info2html.css info2html.conf ${D}/${MY_CGIBINDIR} + # README zapped by info2html-gentoo.patch; it only listed + # the homepage so it doesn't add anything useful. + # dodoc README + + webapp_src_install +} |