Security fixes for bug #106149.

Package-Manager: portage-2.0.51.22-r2

3 files changed, 56 insertions, 1 deletions

diff --git a/www-apps/twiki/files/digest-twiki-20041030 b/www-apps/twiki/files/digest-twiki-20041030
index 2c2dfac017e4..215f002bbb13 100644
--- a/www-apps/twiki/files/digest-twiki-20041030
+++ b/www-apps/twiki/files/digest-twiki-20041030
@@ -1 +1,2 @@
 MD5 b4acc3ba9e09524d344db4bc76d2faaa TWiki20041030beta.zip 2606614
+MD5 c8e3010b59013dbb7814b26cc609825e twiki-robustness-r3342.diff 36473
diff --git a/www-apps/twiki/files/exec_command.patch b/www-apps/twiki/files/exec_command.patch
new file mode 100644
index 000000000000..0425bd5e2991
--- /dev/null
+++ b/www-apps/twiki/files/exec_command.patch
@@ -0,0 +1,52 @@
+diff -ur work/lib/TWiki/Store.pm work-patched/lib/TWiki/Store.pm
+--- work/lib/TWiki/Store.pm	2004-10-19 14:48:40.000000000 -0400
++++ work-patched/lib/TWiki/Store.pm	2005-09-16 07:19:40.000000000 -0400
+@@ -572,7 +572,9 @@
+     }
+ 
+     $theRev = "" unless( $theRev );
+-    $theRev =~ s/^1\.//o;
++    $theRev =~ s/r?1\.//o;  # cut 'r' and major
++    # Fix for Codev.SecurityAlertExecuteCommandsWithRev
++    $theRev = "" unless( $theRev =~ s/.*?([0-9]+).*/$1/o );
+ 
+     $topicHandler = _getTopicHandler( $theWebName, $theTopic, $attachment ) if( ! $topicHandler );
+     my( $rcsOut, $rev, $date, $user, $comment ) = $topicHandler->getRevisionInfo( $theRev );
+diff -ur work/lib/TWiki/UI/RDiff.pm work-patched/lib/TWiki/UI/RDiff.pm
+--- work/lib/TWiki/UI/RDiff.pm	2004-08-08 04:28:45.000000000 -0400
++++ work-patched/lib/TWiki/UI/RDiff.pm	2005-09-16 07:19:40.000000000 -0400
+@@ -409,6 +409,9 @@
+     if( ! $rev2 ) { $rev2 = 0; }
+     $rev1 =~ s/r?1\.//go;  # cut 'r' and major
+     $rev2 =~ s/r?1\.//go;  # cut 'r' and major
++    # Fix for Codev.SecurityAlertExecuteCommandsWithRev
++    $rev1 = $maxrev unless( $rev1 =~ s/.*?([0-9]+).*/$1/o );
++    $rev2 = $maxrev unless( $rev2 =~ s/.*?([0-9]+).*/$1/o );
+     if( $rev1 < 1 )       { $rev1 = $maxrev; }
+     if( $rev1 > $maxrev ) { $rev1 = $maxrev; }
+     if( $rev2 < 1 )       { $rev2 = 1; }
+diff -ur work/lib/TWiki/UI/View.pm work-patched/lib/TWiki/UI/View.pm
+--- work/lib/TWiki/UI/View.pm	2004-08-25 02:36:15.000000000 -0400
++++ work-patched/lib/TWiki/UI/View.pm	2005-09-16 07:19:40.000000000 -0400
+@@ -106,6 +106,8 @@
+     $revdate = TWiki::formatTime( $revdate );
+ 
+     if( $rev ) {
++      # Fix for Codev.SecurityAlertExecuteCommandsWithRev
++      $rev = $maxrev unless( $rev =~ s/.*?([0-9]+).*/$1/o );
+       $rev =~ s/r?1\.//go;  # cut 'r' and major
+       if( $rev < 1 )       { $rev = 1; }
+       if( $rev > $maxrev ) { $rev = $maxrev; }
+diff -ur work/lib/TWiki/UI/Viewfile.pm work-patched/lib/TWiki/UI/Viewfile.pm
+--- work/lib/TWiki/UI/Viewfile.pm	2004-05-29 02:51:35.000000000 -0400
++++ work-patched/lib/TWiki/UI/Viewfile.pm	2005-09-16 07:19:40.000000000 -0400
+@@ -43,6 +43,9 @@
+ 
+   my $fileName = $query->param( 'filename' );
+   my $rev = $query->param( 'rev' ) || "";
++  $rev =~ s/r?1\.//o;  # cut 'r' and major
++  # Fix for Codev.SecurityAlertExecuteCommandsWithRev
++  $rev = "" unless( $rev =~ s/.*?([0-9]+).*/$1/o );
+ 
+   return unless TWiki::UI::webExists( $webName, $topic );
+ 
diff --git a/www-apps/twiki/files/postinstall-en.txt b/www-apps/twiki/files/postinstall-en.txt
index f0187ae2a511..c70a30ed65d3 100644
--- a/www-apps/twiki/files/postinstall-en.txt
+++ b/www-apps/twiki/files/postinstall-en.txt
@@ -16,5 +16,7 @@ You are almost done!
    http://twiki.org/cgi-bin/view/TWiki/TWikiInstallationGuide
    particularly if you wish to set up email preferences or I18N.
 
-5. Visit http://${VHOST_HOSTNAME}/twiki, or
+5. Read ${MY_INSTALLDIR}/README.robustness for important security info.
+
+6. Visit http://${VHOST_HOSTNAME}/twiki, or
    http://${VHOST_HOSTNAME}/${VHOST_APPDIR}/bin/view