Fix for bug #72461

author: Stuart Herbert <stuart@gentoo.org> 2004-12-07 15:01:33 +0000
committer: Stuart Herbert <stuart@gentoo.org> 2004-12-07 15:01:33 +0000
commit: 9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a (patch)
tree: ab95c28648941eddbefc3c706f0072351217febd /www-apps
parent: add direct download link (diff)
download: historical-9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a.tar.gz
historical-9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a.tar.bz2
historical-9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a.zip
7 files changed, 243 insertions, 5 deletions
diff --git a/www-apps/viewcvs/ChangeLog b/www-apps/viewcvs/ChangeLog
index b4b0a6a458df..23f2a14fc7ad 100644
--- a/www-apps/viewcvs/ChangeLog
+++ b/www-apps/viewcvs/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for www-apps/viewcvs
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/ChangeLog,v 1.8 2004/10/04 21:14:50 pvdabeel Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/ChangeLog,v 1.9 2004/12/07 15:01:33 stuart Exp $
+
+  07 Dec 2004; Stuart Herbert <stuart@gentoo.org> :
+  Two rev bumps (one for the released viewcvs, one for the cvs snapshot) to
+  address security bug #72461
 
   05 Sep 2004; Sven Wegener <swegener@gentoo.org>
   viewcvs-0.9.2_p20040831.ebuild:
diff --git a/www-apps/viewcvs/Manifest b/www-apps/viewcvs/Manifest
index fc14c325ff68..0ce145375126 100644
--- a/www-apps/viewcvs/Manifest
+++ b/www-apps/viewcvs/Manifest
@@ -1,14 +1,19 @@
+MD5 5bd8df0dd6518d3a91d4d8700a0b17b6 ChangeLog 4236
 MD5 c339473e0ff43da76eb2f2607c441921 metadata.xml 280
+MD5 11f7a4918520883f4237ed7069dfc451 viewcvs-0.9.2_p20040831.ebuild 2418
 MD5 d4be9b9587fb3ba56b11c3eea3437028 viewcvs-0.9.2-r3.ebuild 2776
 MD5 7e5c309216b00abdd5d51cae387732d9 viewcvs-0.9.2_p20030430-r1.ebuild 2412
-MD5 0b24dbbf17a48fa287b61c6629b69b8a viewcvs-0.9.2_p20030430-r2.ebuild 1257
 MD5 c6d53afae4b75c5d30e3da0d71c2c0f6 viewcvs-0.9.2_p20030430.ebuild 2333
-MD5 11f7a4918520883f4237ed7069dfc451 viewcvs-0.9.2_p20040831.ebuild 2418
-MD5 4685255eeb3c6b70c4f339a5efd9c4c3 ChangeLog 4079
+MD5 0b24dbbf17a48fa287b61c6629b69b8a viewcvs-0.9.2_p20030430-r2.ebuild 1257
+MD5 b892eaf33b2fe3c89548614ddeb5fab5 viewcvs-0.9.2-r4.ebuild 2863
+MD5 f95755174bc2271e2dc4224ecb33515d viewcvs-0.9.2_p20041207.ebuild 2415
+MD5 db9223dd117bcf0933c71e4d5598ceba files/digest-viewcvs-0.9.2_p20040831 69
 MD5 07a07f1a89e77c9f093ade7e395ffe3b files/digest-viewcvs-0.9.2-r3 65
 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430 69
 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430-r1 69
 MD5 fbac846bcd488f255dc57fdd27ba99df files/digest-viewcvs-0.9.2_p20030430-r2 69
-MD5 db9223dd117bcf0933c71e4d5598ceba files/digest-viewcvs-0.9.2_p20040831 69
 MD5 39d356a0537a0b8cdee280b47feb6413 files/postinstall-en.txt 416
 MD5 af9b030c39a014066d0fa7e2cd18636c files/reconfig 437
+MD5 07a07f1a89e77c9f093ade7e395ffe3b files/digest-viewcvs-0.9.2-r4 65
+MD5 9ac90900c491e917c037819a688ea54c files/viewcvs-0.9.2.patch 1295
+MD5 48783b2b9bd95be9a4eb1525a0bf708a files/digest-viewcvs-0.9.2_p20041207 69
diff --git a/www-apps/viewcvs/files/digest-viewcvs-0.9.2-r4 b/www-apps/viewcvs/files/digest-viewcvs-0.9.2-r4
new file mode 100644
index 000000000000..7ee3ce69fbbc
--- /dev/null
+++ b/www-apps/viewcvs/files/digest-viewcvs-0.9.2-r4
@@ -0,0 +1 @@
+MD5 c7857b1ed05240ad1f691ea40044daf2 viewcvs-0.9.2.tar.gz 140063
diff --git a/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207 b/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207
new file mode 100644
index 000000000000..b49145e38456
--- /dev/null
+++ b/www-apps/viewcvs/files/digest-viewcvs-0.9.2_p20041207
@@ -0,0 +1 @@
+MD5 86315155b4e24072e414f719178cbde5 viewcvs-20041207.tar.bz2 340385
diff --git a/www-apps/viewcvs/files/viewcvs-0.9.2.patch b/www-apps/viewcvs/files/viewcvs-0.9.2.patch
new file mode 100644
index 000000000000..4986836eb6b8
--- /dev/null
+++ b/www-apps/viewcvs/files/viewcvs-0.9.2.patch
@@ -0,0 +1,37 @@
+--- viewcvs.py.orig	2004-10-20 15:03:41.000000000 +0200
++++ viewcvs.py	2004-10-20 16:37:35.000000000 +0200
+@@ -2455,10 +2455,17 @@ def generate_tarball_header(out, name, s
+ def generate_tarball(out, relative, directory, tag, stack=[]):
+   subdirs = [ ]
+   rcs_files = [ ]
++  if relative == 'CVSROOT' and cfg.options.hide_cvsroot:
++    return
++
+   for file, pathname, isdir in get_file_data(directory):
+     if pathname == _UNREADABLE_MARKER:
+       continue
+     if isdir:
++      if file == 'CVSROOT' and relative.find('/') == -1 and cfg.options.hide_cvsroot:
++        continue
++      if relative.find('/') == -1 and cfg.is_forbidden(file):
++        continue
+       subdirs.append(file)
+     else:
+       rcs_files.append(file)
+@@ -2583,6 +2590,16 @@ def main():
+            '</body></html>\n')
+     return
+ 
++  if where == 'CVSROOT' and cfg.options.hide_cvsroot:
++    print "Status: 400"
++    http_header()
++    print ('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n'
++           '<html><head>\n<title>400 Bad Request</title>\n'
++           '</head><body>\n'
++           '<H1>Bad Request</H1>\n Listing of CVSROOT is disallowed.<p>\n'
++           '</body></html>\n')
++    return
++
+   ### look for GZIP binary
+ 
+   # if we have a directory and the request didn't end in "/", then redirect
diff --git a/www-apps/viewcvs/viewcvs-0.9.2-r4.ebuild b/www-apps/viewcvs/viewcvs-0.9.2-r4.ebuild
new file mode 100644
index 000000000000..6f2a734f4d3e
--- /dev/null
+++ b/www-apps/viewcvs/viewcvs-0.9.2-r4.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/viewcvs-0.9.2-r4.ebuild,v 1.1 2004/12/07 15:01:33 stuart Exp $
+
+PDATE=${PV/0.9.2_p/}
+DESCRIPTION="Viewcvs, a web interface to cvs and subversion"
+HOMEPAGE="http://viewcvs.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${PN}-${PDATE}.tar.gz"
+
+LICENSE="viewcvs"
+SLOT="0"
+KEYWORDS="x86 ~ppc"
+IUSE="apache2"
+
+DEPEND=""
+RDEPEND=">=app-text/rcs-5.7
+	>=dev-util/cvs-1.11
+	sys-apps/diffutils
+	net-www/apache"
+
+WWW="/var/www/localhost/viewcvs"
+
+src_unpack () {
+	unpack ${A}
+	cd ${S}/lib
+	patch < ${FILESDIR}/viewcvs-${PV}.patch
+}
+
+doinstall() {
+	# start_location=$1
+	# end_location=$2
+	# mode=$3
+	if [ -d $1 ]; then
+		install -o root -d ${D}/$2
+		for f in ${1}/*
+		do
+			doinstall ${f} ${f/${1}/${2}} $3
+		done
+	else
+		sed -e "{ s,\(^#!.*$\),#!/usr/bin/python,; \
+		s,\(<VIEWCVS_INSTALL_DIRECTORY>\),${WWW},; \
+		s,\(^LIBRARY_DIR\)\(.*\$\),\1 = \"${WWW}/lib\",; \
+		s,\(^CONF_PATHNAME\)\(.*\$\),\1 = \"${WWW}/viewcvs.conf\",}" ${1} >${1}.cpy
+
+		install -o root -m $3 ${1}.cpy ${D}/$2
+		rm ${1}.cpy
+	fi
+}
+
+src_install() {
+	cd ${S}
+	install -o root -d ${D}/${WWW}/cgi
+
+	doinstall cgi/viewcvs.cgi ${WWW}/cgi/viewcvs.cgi 755
+	doinstall cgi/query.cgi ${WWW}/cgi/query.cgi 755
+	doinstall standalone.py ${WWW}/standalone.py 755
+	doinstall tools/loginfo-handler ${WWW}/loginfo-handler 755
+	doinstall tools/cvsdbadmin ${WWW}/cvsdbadmin 755
+	doinstall tools/make-database ${WWW}/make-database 755
+
+	insinto /etc/viewcvs
+	doinstall cgi/viewcvs.conf.dist ${WWW}/viewcvs.conf 644
+	doinstall cgi/cvsgraph.conf.dist ${WWW}/cvsgraph.conf 644
+
+	doinstall lib ${WWW}/lib 644
+	doinstall templates ${WWW}/templates 644
+
+	doinstall website ${WWW}/doc 644
+
+	dosym ${WWW}/viewcvs.conf /etc/viewcvs/viewcvs.conf
+	dosym ${WWW}/cvsgraph.conf /etc/viewcvs/cvsgraph.conf
+
+	cat <<EOF >apache.conf
+# Enables ViewCVS in /var/www/localhost/viewcvs and creates an alias to /viewcvs
+# Configuration of ViewCVS could be done in /etc/viewcvs/
+
+ScriptAlias /viewcvs /var/www/localhost/viewcvs/cgi/viewcvs.cgi
+ScriptAlias /cvsquery /var/www/localhost/viewcvs/cgi/cvsquery.cgi
+
+<Directory /var/www/localhost/viewcvs/cgi>
+	Options ExecCGI
+	<IfModule mod_access.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
+</Directory>
+EOF
+
+	if use apache2; then
+		cp apache.conf 47_viewcvs.conf
+		insinto /etc/apache2/conf/modules.d
+		doins 47_viewcvs.conf
+	fi
+
+	dodoc INSTALL TODO CHANGES README apache.conf
+}
+
+pkg_postinst() {
+	ewarn "Before using viewcvs make sure you configure it correctly."
+	einfo "There is a sample apache integration configuration file in the"
+	einfo "documentation directory named: apache.conf"
+	einfo "If you're using apache2 this configuration is already done for"
+	einfo "you in /etc/apache2/conf/modules.d/47_viewcvs.conf"
+}
diff --git a/www-apps/viewcvs/viewcvs-0.9.2_p20041207.ebuild b/www-apps/viewcvs/viewcvs-0.9.2_p20041207.ebuild
new file mode 100644
index 000000000000..ff5478eb6edd
--- /dev/null
+++ b/www-apps/viewcvs/viewcvs-0.9.2_p20041207.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/viewcvs/viewcvs-0.9.2_p20041207.ebuild,v 1.1 2004/12/07 15:01:33 stuart Exp $
+
+PDATE=${PV/0.9.2_p/}
+DESCRIPTION="Viewcvs, a web interface to cvs and subversion"
+HOMEPAGE="http://viewcvs.sourceforge.net/"
+SRC_URI="mirror://gentoo/${PN}-${PDATE}.tar.bz2"
+
+LICENSE="viewcvs"
+SLOT="0"
+KEYWORDS="x86 ~ppc"
+IUSE=""
+
+DEPEND=""
+RDEPEND="|| ( ( >=app-text/rcs-5.7
+	>=dev-util/cvs-1.11 )
+	dev-util/subversion )
+	sys-apps/diffutils
+	net-www/apache"
+S=${WORKDIR}/${PN}
+
+WWW="/var/www/localhost/viewcvs"
+CONFFILE="/etc/viewcvs/viewcvs.conf"
+
+doinstall() {
+	# start_location=$1
+	# end_location=$2
+	# mode=$3
+	if [ -d $1 ]; then
+		install -o root -d ${D}/$2
+		for f in ${1}/*
+		do
+			doinstall ${f} ${f/${1}/${2}} $3
+		done
+	else
+		sed -e "{ s,\(^#!.*$\),#!/usr/bin/python,; \
+		s,\(<VIEWCVS_INSTALL_DIRECTORY>\),${WWW},; \
+		s,\(^LIBRARY_DIR\)\(.*\$\),\1 = \"${WWW}/lib\",; \
+		s,\(^CONF_PATHNAME\)\(.*\$\),\1 = \"${CONFFILE}\",}" ${1} >${1}.cpy
+
+		install -o root -m $3 ${1}.cpy ${D}/$2
+		rm ${1}.cpy
+	fi
+}
+
+src_install() {
+	cd ${S}
+	install -o root -d ${D}/${WWW}/cgi
+
+	doinstall www/cgi/viewcvs.cgi ${WWW}/cgi/viewcvs.cgi 755
+	doinstall www/cgi/query.cgi ${WWW}/cgi/query.cgi 755
+	doinstall standalone.py ${WWW}/standalone.py 755
+	mkdir -p ${D}/`dirname ${CONFFILE}`
+	doinstall viewcvs.conf.dist ${CONFFILE} 644
+	doinstall cvsgraph.conf.dist `dirname ${CONFFILE}`/cvsgraph.conf 644
+	doinstall tools/loginfo-handler ${WWW}/loginfo-handler 755
+	doinstall tools/cvsdbadmin ${WWW}/cvsdbadmin 755
+	doinstall tools/make-database ${WWW}/make-database 755
+
+	doinstall lib ${WWW}/lib 644
+	doinstall templates `dirname ${CONFFILE}`/templates 644
+
+	dohtml -r website/*
+	dosym /usr/share/doc/${PF}/html /etc/viewcvs/doc
+
+	cat <<EOF >apache.conf
+ScriptAlias /viewcvs /var/www/localhost/viewcvs/cgi/viewcvs.cgi
+ScriptAlias /cvsquery /var/www/localhost/viewcvs/cgi/cvsquery.cgi
+
+<Directory /var/www/localhost/viewcvs/cgi>
+	Options ExecCGI
+	<IfModule mod_access.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
+</Directory>
+EOF
+	dodoc INSTALL TODO CHANGES README apache.conf
+}
+
+pkg_postinst() {
+	ewarn "Before using viewcvs make sure you configure it correctly"
+	einfo "There is a sample apache integration configuration file in the"
+	einfo "documentation directory named: apache.conf"
+}
author	Stuart Herbert <stuart@gentoo.org>	2004-12-07 15:01:33 +0000
committer	Stuart Herbert <stuart@gentoo.org>	2004-12-07 15:01:33 +0000
commit	9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a (patch)
tree	ab95c28648941eddbefc3c706f0072351217febd /www-apps
parent	add direct download link (diff)
download	historical-9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a.tar.gz historical-9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a.tar.bz2 historical-9f5644e4cee1fb6ba3d6b64b9115f0bc63678a2a.zip