summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuca Longinotti <chtekk@gentoo.org>2006-06-15 18:41:52 +0000
committerLuca Longinotti <chtekk@gentoo.org>2006-06-15 18:41:52 +0000
commit29c7aa01cae37d91b176cb082d5dd56f66211d22 (patch)
tree4cdf50dfbeaad3bd1586ac6f8882d5273dfdcc91 /www-apps
parentppc stable, bug #136720 (diff)
downloadgentoo-2-29c7aa01cae37d91b176cb082d5dd56f66211d22.tar.gz
gentoo-2-29c7aa01cae37d91b176cb082d5dd56f66211d22.tar.bz2
gentoo-2-29c7aa01cae37d91b176cb082d5dd56f66211d22.zip
Fix bug #136830.
(Portage version: 2.1)
Diffstat (limited to 'www-apps')
-rw-r--r--www-apps/horde/ChangeLog8
-rw-r--r--www-apps/horde/files/digest-horde-2.2.92
-rw-r--r--www-apps/horde/files/digest-horde-3.0.92
-rw-r--r--www-apps/horde/files/digest-horde-3.12
-rw-r--r--www-apps/horde/files/digest-horde-3.1.1-r13
-rw-r--r--www-apps/horde/files/horde-3.1.1-xss.diff49
-rw-r--r--www-apps/horde/horde-3.1.1-r1.ebuild35
7 files changed, 99 insertions, 2 deletions
diff --git a/www-apps/horde/ChangeLog b/www-apps/horde/ChangeLog
index 1c5c3e01603b..f3f518c8492c 100644
--- a/www-apps/horde/ChangeLog
+++ b/www-apps/horde/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for www-apps/horde
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/horde/ChangeLog,v 1.33 2006/03/31 20:01:55 yoswink Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/horde/ChangeLog,v 1.34 2006/06/15 18:41:52 chtekk Exp $
+
+*horde-3.1.1-r1 (15 Jun 2006)
+
+ 15 Jun 2006; Luca Longinotti <chtekk@gentoo.org>
+ +files/horde-3.1.1-xss.diff, +horde-3.1.1-r1.ebuild:
+ Fix bug #136830.
31 Mar 2006; Jose Luis Rivero <yoswink@gentoo.org> horde-3.1.1.ebuild:
Stable on alpha wrt security bug #127889
diff --git a/www-apps/horde/files/digest-horde-2.2.9 b/www-apps/horde/files/digest-horde-2.2.9
index ab87461b9fb1..e3da094e9c22 100644
--- a/www-apps/horde/files/digest-horde-2.2.9
+++ b/www-apps/horde/files/digest-horde-2.2.9
@@ -1 +1,3 @@
MD5 0d1a8a52ee69307fe2d687edd0b1c3c8 horde-2.2.9.tar.gz 683026
+RMD160 cfd4acad3afe5fd897d6b53c433bb91782fde1f9 horde-2.2.9.tar.gz 683026
+SHA256 a14c1e115d562d9f2b9464ecb2df8e304fa461601f87c5c00b260a923bcf8c64 horde-2.2.9.tar.gz 683026
diff --git a/www-apps/horde/files/digest-horde-3.0.9 b/www-apps/horde/files/digest-horde-3.0.9
index 8c0e3b246b3e..8e0751ecaf70 100644
--- a/www-apps/horde/files/digest-horde-3.0.9
+++ b/www-apps/horde/files/digest-horde-3.0.9
@@ -1 +1,3 @@
MD5 00bb74eb4b208392d2ae065e4bc73531 horde-3.0.9.tar.gz 3738315
+RMD160 e62778f0de7dd3c77f15b0ce760cb6f146ab7027 horde-3.0.9.tar.gz 3738315
+SHA256 6fac31eb9afdd87ebe1ea7ff3c27ba7fc8d46451a18e00cb43830df980913cd1 horde-3.0.9.tar.gz 3738315
diff --git a/www-apps/horde/files/digest-horde-3.1 b/www-apps/horde/files/digest-horde-3.1
index 1e73f967dd6f..d11496a6abb8 100644
--- a/www-apps/horde/files/digest-horde-3.1
+++ b/www-apps/horde/files/digest-horde-3.1
@@ -1,3 +1,3 @@
+MD5 4761fc976e72ece7e8257cfb5c5f86b9 horde-3.1.tar.gz 4880320
RMD160 124ced625af74e4bc36f0986e66bb4a2e6f70dcb horde-3.1.tar.gz 4880320
SHA256 eef3018d0bf9781d8428a554b4203aa10c4ff3f550d600518f2555b2cd91812c horde-3.1.tar.gz 4880320
-MD5 4761fc976e72ece7e8257cfb5c5f86b9 horde-3.1.tar.gz 4880320
diff --git a/www-apps/horde/files/digest-horde-3.1.1-r1 b/www-apps/horde/files/digest-horde-3.1.1-r1
new file mode 100644
index 000000000000..6d7c3464952f
--- /dev/null
+++ b/www-apps/horde/files/digest-horde-3.1.1-r1
@@ -0,0 +1,3 @@
+MD5 ef5001144b80422b71454d285056e90a horde-3.1.1.tar.gz 5068434
+RMD160 bb98dbc34caa3410382dcf34afba20e257c62a8d horde-3.1.1.tar.gz 5068434
+SHA256 5edb80766cb71832b1c5435b5093392164dbab46bdf5a496050620249d66e06f horde-3.1.1.tar.gz 5068434
diff --git a/www-apps/horde/files/horde-3.1.1-xss.diff b/www-apps/horde/files/horde-3.1.1-xss.diff
new file mode 100644
index 000000000000..00b36f0522db
--- /dev/null
+++ b/www-apps/horde/files/horde-3.1.1-xss.diff
@@ -0,0 +1,49 @@
+--- horde3-3.1.1.orig/templates/problem/problem.inc
++++ horde3-3.1.1/templates/problem/problem.inc
+@@ -31,17 +31,17 @@
+
+ <tr>
+ <td class="light rightAlign"><?php echo _("Your Name") ?></td>
+- <td><input type="text" tabindex="1" name="name" value="<?php echo $name ?>" size="70" /></td>
++ <td><input type="text" tabindex="1" name="name" value="<?php echo htmlspecialchars($name) ?>" size="70" /></td>
+ </tr>
+
+ <tr>
+ <td class="light rightAlign"><?php echo _("Your Email Address") ?></td>
+- <td><input type="text" tabindex="2" name="email" value="<?php echo $email ?>" size="70" /></td>
++ <td><input type="text" tabindex="2" name="email" value="<?php echo htmlspecialchars($email) ?>" size="70" /></td>
+ </tr>
+
+ <tr>
+ <td class="light rightAlign"><?php echo _("Short Summary") ?></td>
+- <td><input type="text" tabindex="3" name="subject" value="<?php echo $subject ?>" size="70" /></td>
++ <td><input type="text" tabindex="3" name="subject" value="<?php echo htmlspecialchars($subject) ?>" size="70" /></td>
+ </tr>
+
+ <tr>
+@@ -49,7 +49,7 @@
+ </tr>
+ <tr>
+ <td></td>
+- <td><textarea tabindex="4" name="message" rows="20" cols="80" wrap="hard"><?php echo $message ?></textarea></td>
++ <td><textarea tabindex="4" name="message" rows="20" cols="80" wrap="hard"><?php echo htmlspecialchars($message) ?></textarea></td>
+ </tr>
+
+ <tr>
+--- horde3-3.1.1.orig/test.php
++++ horde3-3.1.1/test.php
+@@ -250,12 +250,12 @@
+ exit;
+
+ case 'phpinfo':
+- echo '<a href="' . $url . '?mode=test">&lt;&lt; Back to test.php</a>';
++ echo '<a href="' . htmlspecialchars($url) . '?mode=test">&lt;&lt; Back to test.php</a>';
+ phpinfo();
+ exit;
+
+ case 'filetest':
+- echo '<a href="' . $url . '?mode=test">&lt;&lt; Back to test.php</a>';
++ echo '<a href="' . htmlspecialchars($url) . '?mode=test">&lt;&lt; Back to test.php</a>';
+ ?>
+ <html>
+ <body bgcolor="white" text="black">
diff --git a/www-apps/horde/horde-3.1.1-r1.ebuild b/www-apps/horde/horde-3.1.1-r1.ebuild
new file mode 100644
index 000000000000..d7d0e71a9714
--- /dev/null
+++ b/www-apps/horde/horde-3.1.1-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/horde/horde-3.1.1-r1.ebuild,v 1.1 2006/06/15 18:41:52 chtekk Exp $
+
+HORDE_PHP_FEATURES="session xml"
+
+# Patch to fix bug #136830
+EHORDE_PATCHES="${FILESDIR}/${P}-xss.diff"
+
+inherit horde
+
+DESCRIPTION="Horde Application Framework"
+HOMEPAGE="http://www.horde.org/"
+
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86"
+IUSE="mysql"
+
+DEPEND=""
+RDEPEND="virtual/php
+ >=sys-devel/gettext-0.10.40
+ >=dev-libs/libxml2-2.4.21
+ >=www-apps/horde-pear-1.3
+ dev-php/PEAR-Log
+ dev-php/PEAR-Mail_Mime
+ mysql? ( dev-php/PEAR-DB )"
+
+pkg_postinst() {
+ horde_pkg_postinst
+ echo
+ einfo "Horde requires PHP to have:"
+ einfo " ==> 'short_open_tag enabled = On'"
+ einfo " ==> 'magic_quotes_runtime set = Off'"
+ einfo " ==> 'file_uploads enabled = On'"
+ einfo "Please edit /etc/php/apache2-php4/php.ini"
+}