Fixes "Upload File" Script Insertion Vulnerability, bug 203791, reported by Pierre-Yves Rofes <py AT gentoo.org>.

(Portage version: 2.1.4_rc11)
author: Peter Volkov <pva@gentoo.org> 2007-12-30 19:17:36 +0000
committer: Peter Volkov <pva@gentoo.org> 2007-12-30 19:17:36 +0000
commit: 8710049eaa57df8bc42c3217e3389ace50a80b75 (patch)
tree: aa35826fcd98681cf190c8bcb98b70cfcff9b954 /www-apps/mantisbt
parent: ppc/ppc64 love (diff)
download: gentoo-2-8710049eaa57df8bc42c3217e3389ace50a80b75.tar.gz
gentoo-2-8710049eaa57df8bc42c3217e3389ace50a80b75.tar.bz2
gentoo-2-8710049eaa57df8bc42c3217e3389ace50a80b75.zip
4 files changed, 86 insertions, 1 deletions
diff --git a/www-apps/mantisbt/ChangeLog b/www-apps/mantisbt/ChangeLog
index 9199d0efa6a2..1280582c04c0 100644
--- a/www-apps/mantisbt/ChangeLog
+++ b/www-apps/mantisbt/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for www-apps/mantisbt
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.48 2007/12/10 16:14:57 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.49 2007/12/30 19:17:36 pva Exp $
+
+*mantisbt-1.0.8-r1 (30 Dec 2007)
+
+  30 Dec 2007; <pva@gentoo.org>
+  +files/mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch,
+  +mantisbt-1.0.8-r1.ebuild:
+  Fixes "Upload File" Script Insertion Vulnerability, bug 203791, reported by
+  Pierre-Yves Rofes <py AT gentoo.org>.
 
   10 Dec 2007; <pva@gentoo.org> mantisbt-1.0.8.ebuild:
   Fixed apache2 DEPEND, bug #201822. Thank Nick Devito <nick AT nick125.com>
diff --git a/www-apps/mantisbt/files/digest-mantisbt-1.0.8-r1 b/www-apps/mantisbt/files/digest-mantisbt-1.0.8-r1
new file mode 100644
index 000000000000..2fb7b1796f2d
--- /dev/null
+++ b/www-apps/mantisbt/files/digest-mantisbt-1.0.8-r1
@@ -0,0 +1,3 @@
+MD5 fab90748346fe9a8276a71f59c1a245a mantis-1.0.8.tar.gz 1549854
+RMD160 02e349a05d8d5c190d943ee4dc430a6adaffe1a0 mantis-1.0.8.tar.gz 1549854
+SHA256 c22a3ad2f532addc70f8f266c83a360dfea685de79ebf713801b3f4fb556b501 mantis-1.0.8.tar.gz 1549854
diff --git a/www-apps/mantisbt/files/mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch b/www-apps/mantisbt/files/mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch
new file mode 100644
index 000000000000..274d9692fc1e
--- /dev/null
+++ b/www-apps/mantisbt/files/mantisbt-1.0.8-avoid-XSS-in-file_api.php.patch
@@ -0,0 +1,13 @@
+Index: core/file_api.php
+===================================================================
+--- core/file_api.php	(リビジョン 4833)
++++ core/file_api.php	(作業コピー)
+@@ -163,7 +163,7 @@
+ 			$row = $t_attachment_rows[$i];
+ 			extract( $row, EXTR_PREFIX_ALL, 'v' );
+ 
+-			$t_file_display_name = file_get_display_name( $v_filename );
++			$t_file_display_name = string_html_specialchars( file_get_display_name( $v_filename ) );
+ 			$t_filesize		= number_format( $v_filesize );
+ 			$t_date_added	= date( config_get( 'normal_date_format' ), db_unixtimestamp( $v_date_added ) );
+ 
diff --git a/www-apps/mantisbt/mantisbt-1.0.8-r1.ebuild b/www-apps/mantisbt/mantisbt-1.0.8-r1.ebuild
new file mode 100644
index 000000000000..b0e1e15d48e0
--- /dev/null
+++ b/www-apps/mantisbt/mantisbt-1.0.8-r1.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/mantisbt-1.0.8-r1.ebuild,v 1.1 2007/12/30 19:17:36 pva Exp $
+
+inherit eutils webapp
+
+IUSE="bundled-adodb"
+MY_P=mantis-${PV}
+
+DESCRIPTION="PHP/MySQL/Web based bugtracking system"
+HOMEPAGE="http://www.mantisbt.org/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
+
+S=${WORKDIR}/${MY_P}
+
+KEYWORDS="~amd64 ~ppc ~x86"
+
+RDEPEND="
+	virtual/httpd-php
+	virtual/httpd-cgi
+	!bundled-adodb? ( dev-php/adodb )
+"
+
+LICENSE="GPL-2"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# http://www.mantisbt.org/bugs/view.php?id=8256
+	epatch "${FILESDIR}"/${P}-avoid-XS-type-in-schema.php.patch
+	# http://www.mantisbt.org/bugs/view.php?id=8679
+	epatch "${FILESDIR}"/${P}-avoid-XSS-in-file_api.php.patch
+
+	if use bundled-adodb ; then
+		sed -ie \
+			"s:require_once( 'adodb/adodb.inc.php' );:require_once( \$t_core_dir . 'adodb/adodb.inc.php' );:" \
+			"${S}"/core/database_api.php
+	else
+		rm -r "${S}"/core/adodb/
+	fi
+
+	# Fix permitions. Should be fixed in 1.0.9
+	find "${S}" -type f -exec chmod 644 \{\} \;
+	find "${S}" -type d -exec chmod 755 \{\} \;
+}
+
+src_install() {
+	webapp_src_preinst
+	rm doc/{LICENSE,INSTALL}
+	dodoc doc/*
+
+	cp -R . "${D}"/${MY_HTDOCSDIR}
+	rm -rf "${D}"/${MY_HTDOCSDIR}/doc
+
+	mv "${D}"/${MY_HTDOCSDIR}/config_inc.php.sample "${D}"/${MY_HTDOCSDIR}/config_inc.php
+
+	webapp_configfile ${MY_HTDOCSDIR}/config_inc.php
+	webapp_postinst_txt en "${FILESDIR}"/postinstall-en-1.0.0.txt
+	webapp_src_install
+}
author	Peter Volkov <pva@gentoo.org>	2007-12-30 19:17:36 +0000
committer	Peter Volkov <pva@gentoo.org>	2007-12-30 19:17:36 +0000
commit	8710049eaa57df8bc42c3217e3389ace50a80b75 (patch)
tree	aa35826fcd98681cf190c8bcb98b70cfcff9b954 /www-apps/mantisbt
parent	ppc/ppc64 love (diff)
download	gentoo-2-8710049eaa57df8bc42c3217e3389ace50a80b75.tar.gz gentoo-2-8710049eaa57df8bc42c3217e3389ace50a80b75.tar.bz2 gentoo-2-8710049eaa57df8bc42c3217e3389ace50a80b75.zip