diff options
author | Luca Longinotti <chtekk@gentoo.org> | 2006-06-15 18:41:52 +0000 |
---|---|---|
committer | Luca Longinotti <chtekk@gentoo.org> | 2006-06-15 18:41:52 +0000 |
commit | 29c7aa01cae37d91b176cb082d5dd56f66211d22 (patch) | |
tree | 4cdf50dfbeaad3bd1586ac6f8882d5273dfdcc91 /www-apps | |
parent | ppc stable, bug #136720 (diff) | |
download | gentoo-2-29c7aa01cae37d91b176cb082d5dd56f66211d22.tar.gz gentoo-2-29c7aa01cae37d91b176cb082d5dd56f66211d22.tar.bz2 gentoo-2-29c7aa01cae37d91b176cb082d5dd56f66211d22.zip |
Fix bug #136830.
(Portage version: 2.1)
Diffstat (limited to 'www-apps')
-rw-r--r-- | www-apps/horde/ChangeLog | 8 | ||||
-rw-r--r-- | www-apps/horde/files/digest-horde-2.2.9 | 2 | ||||
-rw-r--r-- | www-apps/horde/files/digest-horde-3.0.9 | 2 | ||||
-rw-r--r-- | www-apps/horde/files/digest-horde-3.1 | 2 | ||||
-rw-r--r-- | www-apps/horde/files/digest-horde-3.1.1-r1 | 3 | ||||
-rw-r--r-- | www-apps/horde/files/horde-3.1.1-xss.diff | 49 | ||||
-rw-r--r-- | www-apps/horde/horde-3.1.1-r1.ebuild | 35 |
7 files changed, 99 insertions, 2 deletions
diff --git a/www-apps/horde/ChangeLog b/www-apps/horde/ChangeLog index 1c5c3e01603b..f3f518c8492c 100644 --- a/www-apps/horde/ChangeLog +++ b/www-apps/horde/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-apps/horde # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/horde/ChangeLog,v 1.33 2006/03/31 20:01:55 yoswink Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/horde/ChangeLog,v 1.34 2006/06/15 18:41:52 chtekk Exp $ + +*horde-3.1.1-r1 (15 Jun 2006) + + 15 Jun 2006; Luca Longinotti <chtekk@gentoo.org> + +files/horde-3.1.1-xss.diff, +horde-3.1.1-r1.ebuild: + Fix bug #136830. 31 Mar 2006; Jose Luis Rivero <yoswink@gentoo.org> horde-3.1.1.ebuild: Stable on alpha wrt security bug #127889 diff --git a/www-apps/horde/files/digest-horde-2.2.9 b/www-apps/horde/files/digest-horde-2.2.9 index ab87461b9fb1..e3da094e9c22 100644 --- a/www-apps/horde/files/digest-horde-2.2.9 +++ b/www-apps/horde/files/digest-horde-2.2.9 @@ -1 +1,3 @@ MD5 0d1a8a52ee69307fe2d687edd0b1c3c8 horde-2.2.9.tar.gz 683026 +RMD160 cfd4acad3afe5fd897d6b53c433bb91782fde1f9 horde-2.2.9.tar.gz 683026 +SHA256 a14c1e115d562d9f2b9464ecb2df8e304fa461601f87c5c00b260a923bcf8c64 horde-2.2.9.tar.gz 683026 diff --git a/www-apps/horde/files/digest-horde-3.0.9 b/www-apps/horde/files/digest-horde-3.0.9 index 8c0e3b246b3e..8e0751ecaf70 100644 --- a/www-apps/horde/files/digest-horde-3.0.9 +++ b/www-apps/horde/files/digest-horde-3.0.9 @@ -1 +1,3 @@ MD5 00bb74eb4b208392d2ae065e4bc73531 horde-3.0.9.tar.gz 3738315 +RMD160 e62778f0de7dd3c77f15b0ce760cb6f146ab7027 horde-3.0.9.tar.gz 3738315 +SHA256 6fac31eb9afdd87ebe1ea7ff3c27ba7fc8d46451a18e00cb43830df980913cd1 horde-3.0.9.tar.gz 3738315 diff --git a/www-apps/horde/files/digest-horde-3.1 b/www-apps/horde/files/digest-horde-3.1 index 1e73f967dd6f..d11496a6abb8 100644 --- a/www-apps/horde/files/digest-horde-3.1 +++ b/www-apps/horde/files/digest-horde-3.1 @@ -1,3 +1,3 @@ +MD5 4761fc976e72ece7e8257cfb5c5f86b9 horde-3.1.tar.gz 4880320 RMD160 124ced625af74e4bc36f0986e66bb4a2e6f70dcb horde-3.1.tar.gz 4880320 SHA256 eef3018d0bf9781d8428a554b4203aa10c4ff3f550d600518f2555b2cd91812c horde-3.1.tar.gz 4880320 -MD5 4761fc976e72ece7e8257cfb5c5f86b9 horde-3.1.tar.gz 4880320 diff --git a/www-apps/horde/files/digest-horde-3.1.1-r1 b/www-apps/horde/files/digest-horde-3.1.1-r1 new file mode 100644 index 000000000000..6d7c3464952f --- /dev/null +++ b/www-apps/horde/files/digest-horde-3.1.1-r1 @@ -0,0 +1,3 @@ +MD5 ef5001144b80422b71454d285056e90a horde-3.1.1.tar.gz 5068434 +RMD160 bb98dbc34caa3410382dcf34afba20e257c62a8d horde-3.1.1.tar.gz 5068434 +SHA256 5edb80766cb71832b1c5435b5093392164dbab46bdf5a496050620249d66e06f horde-3.1.1.tar.gz 5068434 diff --git a/www-apps/horde/files/horde-3.1.1-xss.diff b/www-apps/horde/files/horde-3.1.1-xss.diff new file mode 100644 index 000000000000..00b36f0522db --- /dev/null +++ b/www-apps/horde/files/horde-3.1.1-xss.diff @@ -0,0 +1,49 @@ +--- horde3-3.1.1.orig/templates/problem/problem.inc ++++ horde3-3.1.1/templates/problem/problem.inc +@@ -31,17 +31,17 @@ + + <tr> + <td class="light rightAlign"><?php echo _("Your Name") ?></td> +- <td><input type="text" tabindex="1" name="name" value="<?php echo $name ?>" size="70" /></td> ++ <td><input type="text" tabindex="1" name="name" value="<?php echo htmlspecialchars($name) ?>" size="70" /></td> + </tr> + + <tr> + <td class="light rightAlign"><?php echo _("Your Email Address") ?></td> +- <td><input type="text" tabindex="2" name="email" value="<?php echo $email ?>" size="70" /></td> ++ <td><input type="text" tabindex="2" name="email" value="<?php echo htmlspecialchars($email) ?>" size="70" /></td> + </tr> + + <tr> + <td class="light rightAlign"><?php echo _("Short Summary") ?></td> +- <td><input type="text" tabindex="3" name="subject" value="<?php echo $subject ?>" size="70" /></td> ++ <td><input type="text" tabindex="3" name="subject" value="<?php echo htmlspecialchars($subject) ?>" size="70" /></td> + </tr> + + <tr> +@@ -49,7 +49,7 @@ + </tr> + <tr> + <td></td> +- <td><textarea tabindex="4" name="message" rows="20" cols="80" wrap="hard"><?php echo $message ?></textarea></td> ++ <td><textarea tabindex="4" name="message" rows="20" cols="80" wrap="hard"><?php echo htmlspecialchars($message) ?></textarea></td> + </tr> + + <tr> +--- horde3-3.1.1.orig/test.php ++++ horde3-3.1.1/test.php +@@ -250,12 +250,12 @@ + exit; + + case 'phpinfo': +- echo '<a href="' . $url . '?mode=test"><< Back to test.php</a>'; ++ echo '<a href="' . htmlspecialchars($url) . '?mode=test"><< Back to test.php</a>'; + phpinfo(); + exit; + + case 'filetest': +- echo '<a href="' . $url . '?mode=test"><< Back to test.php</a>'; ++ echo '<a href="' . htmlspecialchars($url) . '?mode=test"><< Back to test.php</a>'; + ?> + <html> + <body bgcolor="white" text="black"> diff --git a/www-apps/horde/horde-3.1.1-r1.ebuild b/www-apps/horde/horde-3.1.1-r1.ebuild new file mode 100644 index 000000000000..d7d0e71a9714 --- /dev/null +++ b/www-apps/horde/horde-3.1.1-r1.ebuild @@ -0,0 +1,35 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/horde/horde-3.1.1-r1.ebuild,v 1.1 2006/06/15 18:41:52 chtekk Exp $ + +HORDE_PHP_FEATURES="session xml" + +# Patch to fix bug #136830 +EHORDE_PATCHES="${FILESDIR}/${P}-xss.diff" + +inherit horde + +DESCRIPTION="Horde Application Framework" +HOMEPAGE="http://www.horde.org/" + +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86" +IUSE="mysql" + +DEPEND="" +RDEPEND="virtual/php + >=sys-devel/gettext-0.10.40 + >=dev-libs/libxml2-2.4.21 + >=www-apps/horde-pear-1.3 + dev-php/PEAR-Log + dev-php/PEAR-Mail_Mime + mysql? ( dev-php/PEAR-DB )" + +pkg_postinst() { + horde_pkg_postinst + echo + einfo "Horde requires PHP to have:" + einfo " ==> 'short_open_tag enabled = On'" + einfo " ==> 'magic_quotes_runtime set = Off'" + einfo " ==> 'file_uploads enabled = On'" + einfo "Please edit /etc/php/apache2-php4/php.ini" +} |