Version bump, with security fixes. Remove old insecure versions.

Package-Manager: portage-2.2.0_alpha142/cvs/Linux x86_64
author: Jason Donenfeld <zx2c4@gentoo.org> 2012-11-15 01:14:15 +0000
committer: Jason Donenfeld <zx2c4@gentoo.org> 2012-11-15 01:14:15 +0000
commit: d4aa6096cedd7df5ff0fe764f56ca19fe160804b (patch)
tree: e635cb961aa44c9e9ba27199b4ebb5e4d55b9142 /www-apps
parent: Preparations for linux-kernel 3.7 (diff)
download: historical-d4aa6096cedd7df5ff0fe764f56ca19fe160804b.tar.gz
historical-d4aa6096cedd7df5ff0fe764f56ca19fe160804b.tar.bz2
historical-d4aa6096cedd7df5ff0fe764f56ca19fe160804b.zip
7 files changed, 26 insertions, 155 deletions
diff --git a/www-apps/cgit/ChangeLog b/www-apps/cgit/ChangeLog
index 83ab2de88204..678c8b6eb245 100644
--- a/www-apps/cgit/ChangeLog
+++ b/www-apps/cgit/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for www-apps/cgit
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/cgit/ChangeLog,v 1.11 2012/06/01 04:30:38 zmedico Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/cgit/ChangeLog,v 1.12 2012/11/15 01:14:11 zx2c4 Exp $
+
+*cgit-0.9.1 (15 Nov 2012)
+
+  15 Nov 2012; Jason A. Donenfeld <zx2c4@gentoo.org> +cgit-0.9.1.ebuild,
+  -cgit-0.8.3.5.ebuild, -cgit-0.9.0.2-r1.ebuild,
+  -files/cgit-0.9.0.2-fix-xss.patch, cgit-9999.ebuild, files/cgitrc:
+  Version bump, with security fixes. Remove old insecure versions.
 
   01 Jun 2012; Zac Medico <zmedico@gentoo.org> cgit-0.8.3.5.ebuild,
   cgit-0.9.0.2-r1.ebuild, cgit-9999.ebuild:
@@ -66,4 +73,3 @@
   Initial ebuild
 
   Thanks to everyone who helped in #223339 for contributing to the ebuild.
-
diff --git a/www-apps/cgit/Manifest b/www-apps/cgit/Manifest
index 3ceb3681de7b..0e0e7c8cf9eb 100644
--- a/www-apps/cgit/Manifest
+++ b/www-apps/cgit/Manifest
@@ -1,22 +1,8 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-AUX cgit-0.9.0.2-fix-xss.patch 1381 RMD160 2ad578425a66e9115161d54c267f02f484928fb2 SHA1 db0c8183764e0056e665195db534c69cfaf6bf77 SHA256 7209929376d5e6be818ef74def7ef9edfaeca11f92e78e094e122f905707d576
-AUX cgitrc 2514 RMD160 614cb050acc97caaa1da7caa6a60e74b457bba37 SHA1 376d65e71ab2ee54896addaf4acb98ed7d5ba327 SHA256 5a53e02e38382b46e3e0dea5efb3ab4ff8eccc8c6a26e7213ab2dee192236c48
-AUX postinstall-en.txt 1844 RMD160 8b6048db73f2b806335ac76a672784a46ba19394 SHA1 f74f0ee924bf91bb9699e83fd947cdd26b0e4f5f SHA256 2bfadbe531386c9f2b9fd6b346c9542dd367f86f1ffc1be1a43d9aa182a0118b
-DIST cgit-0.8.3.5.tar.bz2 54844 RMD160 f47efaa9de8e6d6af85cdf29bfa95a7c17b2d4e5 SHA1 4e3d8a28688efe4372a7945db8ec96b383e8e88b SHA256 2ca856a3ceae1c58e1c066bd06f4112c604a9395ae46f69db524ada1b71d8298
-DIST cgit-0.9.0.2.tar.bz2 64203 RMD160 3eae71b4232308ca62767529c25e9710dd46c80b SHA1 0ae0dcb07001c0e231355f5bb9634e8ebcd6e889 SHA256 97e0f78f5d4aabe59e3795849c6e1a72900cd558a94d88cb236fee12d72b528c
-DIST git-1.7.3.tar.bz2 2629734 RMD160 4b0f95b4d114f5b7a4eb61c0f73b2f9a533637a0 SHA1 32e231fd10b85265487f0c2cc50d6d889b71de78 SHA256 0035a4a7906f65812072457b65c609f24c66f31593d0ad372b7c18894a26b07d
-DIST git-1.7.4.tar.bz2 2703735 RMD160 a064d7a5b2d3fae6171ca91a03082eb46d7bb9b7 SHA1 57b783627d9a9515ce3ef8f79128074de6197b2e SHA256 8e260b9e5dfb46a35f26e3db450c2dabb4d1df254bfb2820779945a1ecbcef51
-EBUILD cgit-0.8.3.5.ebuild 1853 RMD160 069c8878fe4196f454193707e4d43969820524f2 SHA1 3a658ac596754c3857cb3d494a93227bca6c6294 SHA256 9189e246a428c1baf44468dbe60ad688c95fcb7f856d44af3211a5becbd4b1ee
-EBUILD cgit-0.9.0.2-r1.ebuild 1899 RMD160 e241bcf693ed4528caa0df35492b1b7ec34abd80 SHA1 14d9e5636c747f9770e6a2b20361f7c77042172b SHA256 14c7dd2117fd43e2e73da5fcd5179d0cac69091dec0ef2a777904f8a7044a4e8
-EBUILD cgit-9999.ebuild 1836 RMD160 705f968129738b4018858d9b697167320a5d67dc SHA1 b8dbc95202506a25e51fc8283f4b7c8875f86d04 SHA256 ea9060e6d18bb6ea79000b987e07bbb25d379307b6fe88ebd45ebd40ef2d0f67
-MISC ChangeLog 2591 RMD160 c25760fbbf23a909c10c5a25cacd020bf5e3b1d6 SHA1 b1d449d255231e5494fa9170ff01ae9fc3efb515 SHA256 19ee71898d8df51077ba7f803ee0bcbaae6e49bc291c24417529151c52940cb9
-MISC metadata.xml 708 RMD160 9d4dec58ea4db0d424fa1fcdc98879bfac455205 SHA1 2bec92f38a0ff9ef4288093974a04c0dd3a02ee4 SHA256 d19c132bfeebaa0b6eddfc589f49eed3f03fe326e10ebbde8571f4cb97bfadfa
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
-
-iEYEARECAAYFAk/IRXQACgkQ/ejvha5XGaNYYgCeP7c+d/1Tcr1wOQx78Cly16Sh
-KTUAoOTX7x28lUPKpeFyzVcotlqHP1gV
-=W6EL
------END PGP SIGNATURE-----
+AUX cgitrc 2632 SHA256 b2870479f67b1e357283cec08e848aec5ab410514fc14883f325c0d833efe626 SHA512 e54745599d14b595d83aa179dfcaa704d883c3513c77ff2c4eeb8d98a4c7955d9dd94b595b6a60382e8f9a3eb5460886395f858a49e888a8004a535efb759281 WHIRLPOOL 01c803a9798c6435767affbce855832aecc54a8503b6a8af270d58aab1ed7ac4c3df293f9989854a9f4cfaa4d54ea33ddb918c07cb17edcbcf28a90c9f83c763
+AUX postinstall-en.txt 1844 SHA256 2bfadbe531386c9f2b9fd6b346c9542dd367f86f1ffc1be1a43d9aa182a0118b SHA512 40848a103f12cebe1572b51640abf8bb8c7cab58b6bcb95493498af61ee743abb987b59b6e5d6d9ff4eec5ba7d21cf2e5173ddbf4c51cd4210fdfa430da3aadc WHIRLPOOL d008d1fd56bd5410fe705cd38697dc66bf9e273052aea16a1ba2eaf91b0c2a400ac1d12abc9884cbce7481c5b2e0cab8a15c29489f8f97092f3655637e9b8f19
+DIST cgit-0.9.1.tar.xz 66472 SHA256 e2d7de92cfcd5d61a7dacee2f603784843903081675f3c74e4845df9185930a0 SHA512 b26fa65cb229d3e84840acab9f3dd375605ab566ab1099ca467cc8778dc5469448597af1a56bd2b5ebe0768eb4e59826304ee049e0cef17833df3e076606de1e WHIRLPOOL ab531c9e1d3a24e8c43e4625318575f55ec3583b88f739b07d26563781b0ebcee36c07c34464267129d9cbb97323f827db9051699e33b62a261172b9571bf376
+DIST git-1.7.4.tar.bz2 2703735 SHA256 8e260b9e5dfb46a35f26e3db450c2dabb4d1df254bfb2820779945a1ecbcef51 SHA512 3f7c72b019d17888d6b197c799fadf57099a42401586fb0f01a3d518608f46db25b87b88a96d0438cc770bd0232ee856aa49283a95430d391eefd737b67ead6e WHIRLPOOL 48fef9436578721e8a22948edd06137238fdbca87d191cb4d52dac7025db15e2ba52ec994323e7e996a1cffd91ccbb63cc002083a3b4bfce9017985c8a9bdcb3
+EBUILD cgit-0.9.1.ebuild 1846 SHA256 d6077bacfffa848900cd2f3ce912490034be495eb742b523976875cd0d1c027f SHA512 04475de24891967b4957e13c56553a0e1890111171cbbeaa24b439187d93a44858bc6ff0bef3b65aa6c2a0d544bad6ae8d62a927cc1e802f9b1fcc41fa158c28 WHIRLPOOL 4094fd86817d4c31bcc0fc95a362e81039b68fe541338d4717b399d53b370681271526ad8fdca1cd0d0353327ab498318d8bb19d0d684026a6a94a568b52f9b5
+EBUILD cgit-9999.ebuild 1828 SHA256 b32c55e70be9a5277f147fc2f1d8a81f62bac5f392e9a4169873ad7355305522 SHA512 5bf578849252af80cf6c1eb353e0bfbd955ccb5937de2081ff57d801fdc64bba8104a32d94589cb6abdcd2bd54c3c0f70ac44408c5e08928e857b45d05aa55bb WHIRLPOOL 2f4e30a5344730af0508f3389340972f98ff5deff7d170da8cd930a52f68bd96fad3fc9fd33258965af6c84031d2c7544516778562b6ced5657e1fb8a417d42e
+MISC ChangeLog 2874 SHA256 0cc38507d48297b40ef6cb2a60e7d23d8e0977a9a47bd466383737d3197506e3 SHA512 b94b154c02a559405008f82af428c19190170207abb8e0ac1fc0463181db426c8c209917edbbb55b2fb60055b51009632a02a3c90597735c1f11d0883da96667 WHIRLPOOL 59b32480e5df91c16a0b716c3cceedeed2e108bc32db59fef0e16dc0a7c5d27a6f6a17c25067b52a0fad488008163502fe689eb96e577e69e0f5dc227954ec85
+MISC metadata.xml 708 SHA256 d19c132bfeebaa0b6eddfc589f49eed3f03fe326e10ebbde8571f4cb97bfadfa SHA512 fbd2e80f27717f0fc5f1868459cb32b71d69ff4ce2661b7cbfd3b1ba13016bf974458491b90a6b370169d2bb5345fbc95a82f5afcadafcc7da5088d6a9650264 WHIRLPOOL 66b05ebc80c2c174923db051d7854dafb4dcd06f2f13abf6873635dff906702e480cdb251f0d99e8eda97eadd38356683e6a3d65171813949b5b2d4bf8067b37
diff --git a/www-apps/cgit/cgit-0.8.3.5.ebuild b/www-apps/cgit/cgit-0.8.3.5.ebuild
deleted file mode 100644
index 9720c9c22862..000000000000
--- a/www-apps/cgit/cgit-0.8.3.5.ebuild
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/cgit/cgit-0.8.3.5.ebuild,v 1.2 2012/06/01 04:30:38 zmedico Exp $
-
-EAPI="2"
-
-WEBAPP_MANUAL_SLOT="yes"
-
-inherit webapp multilib user
-
-[[ -z "${CGIT_CACHEDIR}" ]] && CGIT_CACHEDIR="/var/cache/${PN}/"
-
-GIT_V="1.7.3"
-
-DESCRIPTION="a fast web-interface for git repositories"
-HOMEPAGE="http://hjemli.net/git/cgit/about/"
-SRC_URI="mirror://kernel/software/scm/git/git-${GIT_V}.tar.bz2
-	http://hjemli.net/git/cgit/snapshot/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="doc highlight"
-
-RDEPEND="
-	dev-vcs/git
-	sys-libs/zlib
-	dev-libs/openssl
-	virtual/httpd-cgi
-	highlight? ( app-text/highlight )
-"
-# ebuilds without WEBAPP_MANUAL_SLOT="yes" are broken
-DEPEND="${RDEPEND}
-	!<www-apps/cgit-0.8.3.3
-	doc? ( app-text/docbook-xsl-stylesheets
-		>=app-text/asciidoc-8.5.1 )
-"
-
-pkg_setup() {
-	webapp_pkg_setup
-	enewuser "${PN}"
-}
-
-src_prepare() {
-	rmdir git || die
-	mv "${WORKDIR}"/git-"${GIT_V}" git || die
-
-	sed -i \
-		-e "/^CACHE_ROOT =/s:/var/cache/cgit:${CGIT_CACHEDIR}:" \
-		Makefile || die
-}
-
-src_compile() {
-	emake || die
-	if use doc ; then
-		emake man-doc || die
-	fi
-}
-
-src_install() {
-	webapp_src_preinst
-
-	emake \
-		CGIT_SCRIPT_PATH="${MY_CGIBINDIR}" \
-		CGIT_DATA_PATH="${MY_HTDOCSDIR}" \
-		DESTDIR="${D}" install || die
-
-	exeinto /usr/$(get_libdir)/${PN}/filters
-	doexe filters/*.sh
-
-	insinto /etc
-	doins "${FILESDIR}"/cgitrc
-
-	dodoc README
-	use doc && doman cgitrc.5
-
-	webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
-	webapp_src_install
-
-	keepdir "${CGIT_CACHEDIR}"
-	fowners ${PN}:${PN} "${CGIT_CACHEDIR}"
-	fperms 700 "${CGIT_CACHEDIR}"
-}
-
-pkg_postinst() {
-	ewarn "If you intend to run cgit using web server's user"
-	ewarn "you should change /var/cache/cgit/ permissions."
-}
diff --git a/www-apps/cgit/cgit-0.9.0.2-r1.ebuild b/www-apps/cgit/cgit-0.9.1.ebuild
index 7f4908383c8a..9eabc105b772 100644
--- a/www-apps/cgit/cgit-0.9.0.2-r1.ebuild
+++ b/www-apps/cgit/cgit-0.9.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/cgit/cgit-0.9.0.2-r1.ebuild,v 1.3 2012/06/01 04:30:38 zmedico Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/cgit/cgit-0.9.1.ebuild,v 1.1 2012/11/15 01:14:11 zx2c4 Exp $
 
 EAPI="4"
 
@@ -13,9 +13,9 @@ inherit webapp eutils multilib user
 GIT_V="1.7.4"
 
 DESCRIPTION="a fast web-interface for git repositories"
-HOMEPAGE="http://hjemli.net/git/cgit/about/"
+HOMEPAGE="http://git.zx2c4.com/cgit/about"
 SRC_URI="mirror://kernel/software/scm/git/git-${GIT_V}.tar.bz2
-	http://hjemli.net/git/cgit/snapshot/${P}.tar.bz2"
+	http://git.zx2c4.com/cgit/snapshot/${P}.tar.xz"
 
 LICENSE="GPL-2"
 SLOT="0"
@@ -45,8 +45,6 @@ src_prepare() {
 	rmdir git || die
 	mv "${WORKDIR}"/git-"${GIT_V}" git || die
 
-	epatch "${FILESDIR}"/${P}-fix-xss.patch
-
 	sed -i \
 		-e "/^CACHE_ROOT =/s:/var/cache/cgit:${CGIT_CACHEDIR}:" \
 		Makefile || die
diff --git a/www-apps/cgit/cgit-9999.ebuild b/www-apps/cgit/cgit-9999.ebuild
index 7f2d474dbcef..cb29340e3ca7 100644
--- a/www-apps/cgit/cgit-9999.ebuild
+++ b/www-apps/cgit/cgit-9999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/cgit/cgit-9999.ebuild,v 1.5 2012/06/01 04:30:38 zmedico Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/cgit/cgit-9999.ebuild,v 1.6 2012/11/15 01:14:11 zx2c4 Exp $
 
 EAPI="4"
 
@@ -13,9 +13,9 @@ inherit webapp multilib user git-2
 GIT_V="1.7.4"
 
 DESCRIPTION="a fast web-interface for git repositories"
-HOMEPAGE="http://hjemli.net/git/cgit/about/"
+HOMEPAGE="http://git.zx2c4.com/cgit/about/"
 SRC_URI="mirror://kernel/software/scm/git/git-${GIT_V}.tar.bz2"
-EGIT_REPO_URI="git://hjemli.net/pub/git/${PN}"
+EGIT_REPO_URI="http://git.zx2c4.com/cgit"
 
 LICENSE="GPL-2"
 SLOT="0"
diff --git a/www-apps/cgit/files/cgit-0.9.0.2-fix-xss.patch b/www-apps/cgit/files/cgit-0.9.0.2-fix-xss.patch
deleted file mode 100644
index cfd230cd62f3..000000000000
--- a/www-apps/cgit/files/cgit-0.9.0.2-fix-xss.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001
-From: Lukas Fleischer <cgit@cryptocrack.de>
-Date: Fri, 22 Jul 2011 11:47:19 +0000
-Subject: Fix potential XSS vulnerability in rename hint
-
-The file name displayed in the rename hint should be escaped to avoid
-XSS. Note that this vulnerability is only applicable when an attacker
-has gained push access to the repository.
-
-Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
-Signed-off-by: Lars Hjemli <hjemli@gmail.com>
----
-diff --git a/ui-diff.c b/ui-diff.c
-index d21541b..383a534 100644
---- a/ui-diff.c
-+++ b/ui-diff.c
-@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
- 	htmlf("</td><td class='%s'>", class);
- 	cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
- 		       ctx.qry.sha2, info->new_path, 0);
--	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
--		htmlf(" (%s from %s)",
--		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
--		      info->old_path);
-+	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
-+		htmlf(" (%s from ",
-+		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
-+		html_txt(info->old_path);
-+		html(")");
-+	}
- 	html("</td><td class='right'>");
- 	if (info->binary) {
- 		htmlf("bin</td><td class='graph'>%ld -> %ld bytes",
---
-cgit v0.9.0.2-51-g5d24
diff --git a/www-apps/cgit/files/cgitrc b/www-apps/cgit/files/cgitrc
index a3eba1157342..a1d9f2f572b9 100644
--- a/www-apps/cgit/files/cgitrc
+++ b/www-apps/cgit/files/cgitrc
@@ -57,6 +57,10 @@
 ## List of common mimetypes
 ##
 
+# Instead of defining mime types ourselves, grab it from etc
+#mimetype-file=/etc/mime.types
+
+# Or do it manually here
 #mimetype.gif=image/gif
 #mimetype.html=text/html
 #mimetype.jpg=image/jpeg
author	Jason Donenfeld <zx2c4@gentoo.org>	2012-11-15 01:14:15 +0000
committer	Jason Donenfeld <zx2c4@gentoo.org>	2012-11-15 01:14:15 +0000
commit	d4aa6096cedd7df5ff0fe764f56ca19fe160804b (patch)
tree	e635cb961aa44c9e9ba27199b4ebb5e4d55b9142 /www-apps
parent	Preparations for linux-kernel 3.7 (diff)
download	historical-d4aa6096cedd7df5ff0fe764f56ca19fe160804b.tar.gz historical-d4aa6096cedd7df5ff0fe764f56ca19fe160804b.tar.bz2 historical-d4aa6096cedd7df5ff0fe764f56ca19fe160804b.zip