diff options
| author | Roman Bogorodskiy <novel@FreeBSD.org> | 2005-07-20 05:02:08 +0000 |
|---|---|---|
| committer | Roman Bogorodskiy <novel@FreeBSD.org> | 2005-07-20 05:02:08 +0000 |
| commit | 0d7640e9da4a37bfd6bb789fe78beb0a4b402138 (patch) | |
| tree | d82ddf757999d4388e8d3ab4e0230fdd7f3bb5da /devel/viewvc | |
| parent | 4c6ebfa2a937932ef46fb1b5c5e8c3686bfdcc45 (diff) | |
| download | ports-0d7640e9da4a37bfd6bb789fe78beb0a4b402138.tar.gz ports-0d7640e9da4a37bfd6bb789fe78beb0a4b402138.zip | |
Update to 0.9.3.
Security fixes are included:
* security fix: disallow bad "content-type" input [CAN-2004-1062]
* security fix: disallow bad "sortby" and "cvsroot" input [CAN-2002-0771]
* security fix: omit forbidden/hidden modules from tarballs [CAN-2004-0915]
PR: 83753
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
Notes
Notes:
svn path=/head/; revision=139646
Diffstat (limited to 'devel/viewvc')
| -rw-r--r-- | devel/viewvc/Makefile | 5 | ||||
| -rw-r--r-- | devel/viewvc/distinfo | 4 | ||||
| -rw-r--r-- | devel/viewvc/files/patch-CAN-2004-0915 | 37 |
3 files changed, 4 insertions, 42 deletions
diff --git a/devel/viewvc/Makefile b/devel/viewvc/Makefile index c3d584ad2056..050395520e4f 100644 --- a/devel/viewvc/Makefile +++ b/devel/viewvc/Makefile @@ -6,8 +6,7 @@ # PORTNAME= viewcvs -PORTVERSION= 0.9.2 -PORTREVISION= 3 +PORTVERSION= 0.9.3 CATEGORIES= devel python MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -22,7 +21,7 @@ INSTDIR?= ${PORTNAME}-${PORTVERSION} PLIST_SUB= INSTDIR=${INSTDIR} do-install: - @ cd ${WRKSRC} && INSTDIR=${PREFIX}/${INSTDIR} ${PYTHON_CMD} viewcvs-install + @(cd ${WRKSRC} && INSTDIR=${PREFIX}/${INSTDIR} ${PYTHON_CMD} viewcvs-install) post-install: @ ${SED} -e "s:%%INSTDIR%%:${PREFIX}/${INSTDIR}:g" ${MASTERDIR}/pkg-message >${PKGMESSAGE} diff --git a/devel/viewvc/distinfo b/devel/viewvc/distinfo index eaf830f6c309..59a623d90283 100644 --- a/devel/viewvc/distinfo +++ b/devel/viewvc/distinfo @@ -1,2 +1,2 @@ -MD5 (viewcvs-0.9.2.tar.gz) = c7857b1ed05240ad1f691ea40044daf2 -SIZE (viewcvs-0.9.2.tar.gz) = 140063 +MD5 (viewcvs-0.9.3.tar.gz) = 8be527279feaaa6ecf184bcf714e2f22 +SIZE (viewcvs-0.9.3.tar.gz) = 140215 diff --git a/devel/viewvc/files/patch-CAN-2004-0915 b/devel/viewvc/files/patch-CAN-2004-0915 deleted file mode 100644 index 6e150bc53438..000000000000 --- a/devel/viewvc/files/patch-CAN-2004-0915 +++ /dev/null @@ -1,37 +0,0 @@ ---- lib/viewcvs.py.orig 2004-10-20 15:03:41.000000000 +0200 -+++ lib/viewcvs.py 2004-10-20 16:37:35.000000000 +0200 -@@ -2455,10 +2455,17 @@ def generate_tarball_header(out, name, s - def generate_tarball(out, relative, directory, tag, stack=[]): - subdirs = [ ] - rcs_files = [ ] -+ if relative == 'CVSROOT' and cfg.options.hide_cvsroot: -+ return -+ - for file, pathname, isdir in get_file_data(directory): - if pathname == _UNREADABLE_MARKER: - continue - if isdir: -+ if file == 'CVSROOT' and relative.find('/') == -1 and cfg.options.hide_cvsroot: -+ continue -+ if relative.find('/') == -1 and cfg.is_forbidden(file): -+ continue - subdirs.append(file) - else: - rcs_files.append(file) -@@ -2583,6 +2590,16 @@ def main(): - '</body></html>\n') - return - -+ if where == 'CVSROOT' and cfg.options.hide_cvsroot: -+ print "Status: 400" -+ http_header() -+ print ('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n' -+ '<html><head>\n<title>400 Bad Request</title>\n' -+ '</head><body>\n' -+ '<H1>Bad Request</H1>\n Listing of CVSROOT is disallowed.<p>\n' -+ '</body></html>\n') -+ return -+ - ### look for GZIP binary - - # if we have a directory and the request didn't end in "/", then redirect |