Patch for CVE-2006-1386

(Portage version: 2.1_pre6-r3)

5 files changed, 43 insertions, 18 deletions

diff --git a/www-apps/twiki/ChangeLog b/www-apps/twiki/ChangeLog
index 2935c21163ad..3d65430efc03 100644
--- a/www-apps/twiki/ChangeLog
+++ b/www-apps/twiki/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apps/twiki
 # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.23 2006/02/14 19:36:11 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/ChangeLog,v 1.24 2006/03/25 16:01:43 rl03 Exp $
+
+*twiki-4.0.1-r1 (25 Mar 2006)
+
+  25 Mar 2006; Renat Lumpau <rl03@gentoo.org> +files/CVE-2006-1386.patch,
+  -twiki-4.0.1.ebuild, +twiki-4.0.1-r1.ebuild:
+  Patch for CVE-2006-1386
 
   14 Feb 2006; Renat Lumpau <rl03@gentoo.org> twiki-4.0.1.ebuild:
   Bring back virtuals
diff --git a/www-apps/twiki/Manifest b/www-apps/twiki/Manifest
index 487e3754a5e7..2ab7b7fa6651 100644
--- a/www-apps/twiki/Manifest
+++ b/www-apps/twiki/Manifest
@@ -1,12 +1,12 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 69ed92f3be5322f2762e0900ead6a1ad ChangeLog 4505
 RMD160 6dc01e13786d64f4f950aff06e92a29afffb4a1e ChangeLog 4505
 SHA256 1757aaddafdf12fab1fa76d76a52affdfe90033ab3b0c1595bff0edaa894ea84 ChangeLog 4505
-MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1 229
-RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1 229
-SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1 229
+MD5 08cf8f7a17f0804273178193e1a5aeac files/CVE-2006-1386.patch 1159
+RMD160 33dfc96754cccc24018b5dcf7d399ddbba58a175 files/CVE-2006-1386.patch 1159
+SHA256 95018ddbb0b8831f1bb5f4b12befbf335c58e540841b24be408b9efea9fd6a32 files/CVE-2006-1386.patch 1159
+MD5 31710ea4552684e8487d19f277b1da6a files/digest-twiki-4.0.1-r1 229
+RMD160 e6489159d65198115eac8917cb1207a475b057c1 files/digest-twiki-4.0.1-r1 229
+SHA256 89f5fd5db54e613cd62b9b6f86b4a231965ec98021cf4c0a559e8f6ed0e1d332 files/digest-twiki-4.0.1-r1 229
 MD5 0fb6bff6113baf316a822f611593a0a5 files/postinstall-en.txt 945
 RMD160 cb9968cf0d8f7b217790f2176898202b56ce1905 files/postinstall-en.txt 945
 SHA256 bf8d1eceda6d9383abd4bd3ab3c19cf101606fac89d1bd8e60155b29fb46030a files/postinstall-en.txt 945
@@ -19,13 +19,6 @@ SHA256 9bff3cbfb8ecbfe396e6e61ddf189c24f4500c469e9c0e0a5961a4b5b3fce851 files/re
 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280
 RMD160 c449ad35e8af3f158d8f8305f8a02ff98a420970 metadata.xml 280
 SHA256 fd37fa0f441b1b68ef8dc4bffbb0a51f0414aa7c370b48369453af5f4bff177a metadata.xml 280
-MD5 39848b8ea29cd31246b525bec3753407 twiki-4.0.1.ebuild 2073
-RMD160 cd18efbb03e980edd35a6cb7a8d5ee3d6f3b9d89 twiki-4.0.1.ebuild 2073
-SHA256 828ddc30a4d7cde5d3b72bd6f1ecdda9c40b200f43f8a21bbe8ef40dbbcfb824 twiki-4.0.1.ebuild 2073
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.2 (GNU/Linux)
-
-iD8DBQFD8jE0EzitwsaoONoRAsuJAJ0V4KAeoPKWyjVgQoQyzxU671MrsgCeL4LM
-AflNJxTOgueI+ieYDiFna+E=
-=JoDh
------END PGP SIGNATURE-----
+MD5 39a3b1748259151c2be634364f9aa8c4 twiki-4.0.1-r1.ebuild 2123
+RMD160 b971eb8c322630379b14bfbbb2ad945a013f24d3 twiki-4.0.1-r1.ebuild 2123
+SHA256 839ba30399b39eb5cc9e08db4e65e94e90a613a5b7e2b6defb957382850f74f3 twiki-4.0.1-r1.ebuild 2123
diff --git a/www-apps/twiki/files/CVE-2006-1386.patch b/www-apps/twiki/files/CVE-2006-1386.patch
new file mode 100644
index 000000000000..dff921cd50a5
--- /dev/null
+++ b/www-apps/twiki/files/CVE-2006-1386.patch
@@ -0,0 +1,23 @@
+diff -ur work/lib/TWiki/UI/RDiff.pm work_patched/lib/TWiki/UI/RDiff.pm
+--- work/lib/TWiki/UI/RDiff.pm	2006-02-07 10:08:45.000000000 -0500
++++ work_patched/lib/TWiki/UI/RDiff.pm	2006-03-25 10:55:01.000000000 -0500
+@@ -394,6 +394,7 @@
+ 
+     TWiki::UI::checkWebExists( $session, $webName, $topic, 'diff' );
+     TWiki::UI::checkTopicExists( $session, $webName, $topic, 'diff' );
++    TWiki::UI::checkAccess( $session, $webName, $topic, 'view', $session->{user} );
+ 
+     my $renderStyle = $query->param('render') ||
+       $session->{prefs}->getPreferencesValue( 'DIFFRENDERSTYLE' ) ||
+diff -ur work/lib/TWiki/UI/Save.pm work_patched/lib/TWiki/UI/Save.pm
+--- work/lib/TWiki/UI/Save.pm	2006-02-07 10:08:45.000000000 -0500
++++ work_patched/lib/TWiki/UI/Save.pm	2006-03-25 10:54:19.000000000 -0500
+@@ -104,7 +104,7 @@
+ 
+     if( $topicExists ) {
+         ( $prevMeta, $prevText ) =
+-          $store->readTopic( undef, $webName, $topic, undef );
++          $store->readTopic( $user, $webName, $topic, undef );
+         if( $prevMeta ) {
+             foreach my $k ( keys %$prevMeta ) {
+                 unless( $k =~ /^_/ || $k eq 'FORM' || $k eq 'TOPICPARENT' ||
diff --git a/www-apps/twiki/files/digest-twiki-4.0.1 b/www-apps/twiki/files/digest-twiki-4.0.1-r1
index 18b0503f8fd4..18b0503f8fd4 100644
--- a/www-apps/twiki/files/digest-twiki-4.0.1
+++ b/www-apps/twiki/files/digest-twiki-4.0.1-r1
diff --git a/www-apps/twiki/twiki-4.0.1.ebuild b/www-apps/twiki/twiki-4.0.1-r1.ebuild
index f3e60268df25..caf2bccbfdc3 100644
--- a/www-apps/twiki/twiki-4.0.1.ebuild
+++ b/www-apps/twiki/twiki-4.0.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1.ebuild,v 1.2 2006/02/14 19:36:11 rl03 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/twiki/twiki-4.0.1-r1.ebuild,v 1.1 2006/03/25 16:01:43 rl03 Exp $
 
 inherit webapp eutils versionator
 
@@ -36,6 +36,9 @@ RDEPEND=">=dev-lang/perl-5.8
 
 src_unpack() {
 	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/CVE-2006-1386.patch
+
 	mv ${S}/bin/LocalLib.cfg.txt ${S}/bin/LocalLib.cfg
 	mv ${S}/lib/LocalSite.cfg.txt ${S}/lib/LocalSite.cfg
 	# change web user to apache