diff options
| author |   Stuart Herbert <stuart@gentoo.org> | 2005-01-19 13:28:24 +0000 |
|---|---|---|
| committer | Stuart Herbert <stuart@gentoo.org> | 2005-01-19 13:28:24 +0000 |
| commit | 20503fb3dbf844b47e0e2cc6fb7390c6e5951839 (patch) | |
| tree | 5a820f9c64612136e656908f6678d09a6e30c7f1 /www-apps | |
| parent | - added a sed expression to a src_unpack as per bug #78586 (diff) | |
| download | gentoo-2-20503fb3dbf844b47e0e2cc6fb7390c6e5951839.tar.gz gentoo-2-20503fb3dbf844b47e0e2cc6fb7390c6e5951839.tar.bz2 gentoo-2-20503fb3dbf844b47e0e2cc6fb7390c6e5951839.zip | |
Security fix; see bug #76631
Diffstat (limited to 'www-apps')
| -rw-r--r-- | www-apps/bugzilla/ChangeLog | 11 | ||||
| -rw-r--r-- | www-apps/bugzilla/Manifest | 9 | ||||
| -rw-r--r-- | www-apps/bugzilla/bugzilla-2.18.0_rc1.ebuild | 4 | ||||
| -rw-r--r-- | www-apps/bugzilla/bugzilla-2.18.0_rc2.ebuild | 4 | ||||
| -rw-r--r-- | www-apps/bugzilla/bugzilla-2.18.0_rc3.ebuild | 4 | ||||
| -rw-r--r-- | www-apps/bugzilla/bugzilla-2.18.0_rc4.ebuild | 76 | ||||
| -rw-r--r-- | www-apps/bugzilla/files/2.18.0_rc4/apache.htaccess | 3 | ||||
| -rw-r--r-- | www-apps/bugzilla/files/2.18.0_rc4/reconfig | 91 | ||||
| -rw-r--r-- | www-apps/bugzilla/files/CAN-2004-1061.patch | 46 | ||||
| -rw-r--r-- | www-apps/bugzilla/files/digest-bugzilla-2.18.0_rc4 | 1 |
10 files changed, 239 insertions, 10 deletions
diff --git a/www-apps/bugzilla/ChangeLog b/www-apps/bugzilla/ChangeLog index beb28902b27a..5ed281e813e9 100644 --- a/www-apps/bugzilla/ChangeLog +++ b/www-apps/bugzilla/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for www-apps/bugzilla -# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/ChangeLog,v 1.8 2004/10/29 07:26:35 sejo Exp $ +# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/ChangeLog,v 1.9 2005/01/19 13:28:24 stuart Exp $ + +*bugzilla-2.18.0_rc4 (19 Jan 2005) + + 19 Jan 2005; Stuart Herbert <stuart@gentoo.org> + +files/2.18.0_rc4/apache.htaccess, +files/2.18.0_rc4/reconfig, + +bugzilla-2.18.0_rc4.ebuild: + Added patch for CAN-2004-1061; see bug #76631 29 Oct 2004; <SeJo@gentoo.org> bugzilla-2.18.0_rc3.ebuild: stable on ppc gsla: 68851 diff --git a/www-apps/bugzilla/Manifest b/www-apps/bugzilla/Manifest index a588aefcb3e4..631312d4578a 100644 --- a/www-apps/bugzilla/Manifest +++ b/www-apps/bugzilla/Manifest @@ -1,7 +1,8 @@ +MD5 f3ad5916725d6866aa588383ff7b6ae6 bugzilla-2.18.0_rc4.ebuild 2050 MD5 9fe08fa9f81cad6a42ba7c2439592ad0 ChangeLog 3510 MD5 7cf23db2efcec1146e4a2fa27eddd943 bugzilla-2.18.0_rc1.ebuild 1759 -MD5 f61bfa064e3acdfcd826e4a38b121196 metadata.xml 161 MD5 5083259cf978fc9115440379ff27f1c8 bugzilla-2.18.0_rc2.ebuild 1936 +MD5 f61bfa064e3acdfcd826e4a38b121196 metadata.xml 161 MD5 266683b7045f9baa0c0e557f208d73ab bugzilla-2.18.0_rc3.ebuild 1932 MD5 4a9b1a263f16b2a53b44bce45350b373 files/bugzilla.conf 148 MD5 0be5a588dc7fdfc9e4898a855bd32361 files/bugzilla.cron.daily 115 @@ -9,12 +10,16 @@ MD5 b38d67b03726b84833bd8c5f632e4020 files/bugzilla.cron.tab 54 MD5 b243138916c1a9e7390fa352aa184a81 files/bz.cfg.templ 273 MD5 0606a9da89d19a505c52818d14de61e3 files/cronset.sh 70 MD5 8d37835f4224135a849a73ab8b6b893a files/digest-bugzilla-2.18.0_rc1 69 -MD5 a001fc92584de0cd6f1a0d8de99ee6ce files/firstcheck.sh 48 MD5 6a37c51e53b1fc63769e3bf5d8c258a4 files/digest-bugzilla-2.18.0_rc2 69 +MD5 a001fc92584de0cd6f1a0d8de99ee6ce files/firstcheck.sh 48 MD5 8e1b090e7085373104bd3e990621574c files/digest-bugzilla-2.18.0_rc3 69 +MD5 084e450d86a5a25f20a6ecd617b1a7b4 files/CAN-2004-1061.patch 2203 +MD5 8e1b090e7085373104bd3e990621574c files/digest-bugzilla-2.18.0_rc4 69 MD5 32cb42777a779ac279c5384643970729 files/2.18.0_rc1/apache.htaccess 70 MD5 2b4f3ae5bc1d383a4951a22cf65b28ae files/2.18.0_rc1/reconfig 3214 MD5 32cb42777a779ac279c5384643970729 files/2.18.0_rc2/apache.htaccess 70 MD5 2b4f3ae5bc1d383a4951a22cf65b28ae files/2.18.0_rc2/reconfig 3214 MD5 32cb42777a779ac279c5384643970729 files/2.18.0_rc3/apache.htaccess 70 MD5 23beb9ca60294343070078f9649dbc03 files/2.18.0_rc3/reconfig 3208 +MD5 32cb42777a779ac279c5384643970729 files/2.18.0_rc4/apache.htaccess 70 +MD5 23beb9ca60294343070078f9649dbc03 files/2.18.0_rc4/reconfig 3208 diff --git a/www-apps/bugzilla/bugzilla-2.18.0_rc1.ebuild b/www-apps/bugzilla/bugzilla-2.18.0_rc1.ebuild index 1e28c37dc406..5de7f3aeb6b9 100644 --- a/www-apps/bugzilla/bugzilla-2.18.0_rc1.ebuild +++ b/www-apps/bugzilla/bugzilla-2.18.0_rc1.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/bugzilla-2.18.0_rc1.ebuild,v 1.3 2004/09/03 17:17:20 pvdabeel Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/bugzilla-2.18.0_rc1.ebuild,v 1.4 2005/01/19 13:28:24 stuart Exp $ inherit webapp MY_P=${P/.0_/} diff --git a/www-apps/bugzilla/bugzilla-2.18.0_rc2.ebuild b/www-apps/bugzilla/bugzilla-2.18.0_rc2.ebuild index 773c2c6c8c17..f5616a7f8fb3 100644 --- a/www-apps/bugzilla/bugzilla-2.18.0_rc2.ebuild +++ b/www-apps/bugzilla/bugzilla-2.18.0_rc2.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/bugzilla-2.18.0_rc2.ebuild,v 1.3 2004/09/03 17:17:20 pvdabeel Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/bugzilla-2.18.0_rc2.ebuild,v 1.4 2005/01/19 13:28:24 stuart Exp $ inherit webapp MY_P=${P/.0_/} diff --git a/www-apps/bugzilla/bugzilla-2.18.0_rc3.ebuild b/www-apps/bugzilla/bugzilla-2.18.0_rc3.ebuild index a02f82699344..8544ce4a7f15 100644 --- a/www-apps/bugzilla/bugzilla-2.18.0_rc3.ebuild +++ b/www-apps/bugzilla/bugzilla-2.18.0_rc3.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/bugzilla-2.18.0_rc3.ebuild,v 1.2 2004/10/29 07:26:35 sejo Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/bugzilla-2.18.0_rc3.ebuild,v 1.3 2005/01/19 13:28:24 stuart Exp $ inherit webapp MY_P=${P/.0_/} diff --git a/www-apps/bugzilla/bugzilla-2.18.0_rc4.ebuild b/www-apps/bugzilla/bugzilla-2.18.0_rc4.ebuild new file mode 100644 index 000000000000..323da1cc46fa --- /dev/null +++ b/www-apps/bugzilla/bugzilla-2.18.0_rc4.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/bugzilla/bugzilla-2.18.0_rc4.ebuild,v 1.1 2005/01/19 13:28:24 stuart Exp $ + +inherit eutils webapp + +MY_PV=${PV/.0_rc4/}rc3 +MY_P=${PN}-${MY_PV} +S=${WORKDIR}/${MY_P} + +DESCRIPTION="Bugzilla is the Bug-Tracking System from the Mozilla project" +SRC_URI="http://ftp.mozilla.org/pub/mozilla.org/webtools/${MY_P}.tar.gz" +HOMEPAGE="http://www.bugzilla.org" + +LICENSE="MPL-1.1 NPL-1.1" +KEYWORDS="~x86 ~ppc ~sparc" + +IUSE="apache2" + +# See http://www.bugzilla.org/docs216/html/stepbystep.html to verify dependancies +# updated list of deps: http://www.bugzilla.org/releases/2.18/release-notes.html +# removed deps: dev-perl/MIME-tools +# dev-perl/Data-Dumper is back +RDEPEND=">=dev-db/mysql-3.23.41 + >=dev-lang/perl-5.6.0 + >=dev-perl/AppConfig-1.52 + >=dev-perl/CGI-2.93 + dev-perl/Data-Dumper + >=dev-perl/TimeDate-1.11 + >=dev-perl/DBI-1.36 + >=dev-perl/DBD-mysql-2.1010 + >=dev-perl/File-Spec-0.8.2 + >=dev-perl/Template-Toolkit-2.08 + >=dev-perl/Text-Tabs+Wrap-2001.0131 + >=dev-perl/Chart-2.3 + >=dev-perl/GD-1.20 + dev-perl/GDGraph + dev-perl/GDTextUtil + dev-perl/perl-ldap + >=dev-perl/PatchReader-0.9.4 + dev-perl/XML-Parser + apache2? ( >=net-www/apache-2.0 ) + !apache2? ( =net-www/apache-1* )" + +src_unpack () { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/CAN-2004-1061.patch +} + +src_install () { + webapp_src_preinst + + cd ${S} + + # remove CVS directories + find . -type d -name 'CVS' -print | xargs rm -rf + + cp -r ${S}/* ${D}/${MY_HTDOCSDIR} || die + for file in `find -type d -printf "%p/* "`; do + webapp_serverowned "${MY_HTDOCSDIR}/${file}" + done + + cp ${FILESDIR}/${PVR}/apache.htaccess ${D}/${MY_HTDOCSDIR}/.htaccess + + FILE="bugzilla.cron.daily bugzilla.cron.tab bz.cfg.templ firstcheck.sh cronset.sh" + for file in ${FILE}; do + cp ${FILESDIR}/${file} ${D}/${MY_HTDOCSDIR} + webapp_serverowned "${MY_HTDOCSDIR}/${file}" + done + + # add the reconfigure hook + webapp_hook_script ${FILESDIR}/${PVR}/reconfig + + webapp_src_install +} diff --git a/www-apps/bugzilla/files/2.18.0_rc4/apache.htaccess b/www-apps/bugzilla/files/2.18.0_rc4/apache.htaccess new file mode 100644 index 000000000000..65b074866f11 --- /dev/null +++ b/www-apps/bugzilla/files/2.18.0_rc4/apache.htaccess @@ -0,0 +1,3 @@ +Order Allow,Deny +Options +ExecCGI +FollowSymLinks +AllowOverride Limit diff --git a/www-apps/bugzilla/files/2.18.0_rc4/reconfig b/www-apps/bugzilla/files/2.18.0_rc4/reconfig new file mode 100644 index 000000000000..26d1f226c3fc --- /dev/null +++ b/www-apps/bugzilla/files/2.18.0_rc4/reconfig @@ -0,0 +1,91 @@ +#!/bin/bash + +function die () +{ + echo + echo "***" + echo "*** Fatal error: $*" + echo "***" + exit 1 +} + +if [ $1 = "start" -o $1 = "install" ]; then + + cd "${MY_INSTALLDIR}" || die "Cannot find install dir ${MY_INSTALLDIR}" + + FILE="bugzilla.cron.daily bugzilla.cron.tab cronset.sh firstcheck.sh" + for file in ${FILE}; do + sed -e "s|/var/www/bugzilla|${MY_INSTALLDIR}|g;" -i ${D}/${MY_INSTALLDIR}/${FILE} + done + + if ( test -a localconfig ) ; then + echo "The following does not work on previous installations, please run checksetup.pl in ${MY_INSTALLDIR}" + exit 1 + fi + + echo + echo "Finalizing the installation of bugzilla in ${MY_INSTALLDIR}" + echo + + # config setting + echo "Details for the bugzilla database" + echo "(This scripts creates the database & user)" + echo + echo -n "mysql bugs db name [bugs]: "; read mybugsdb + if (test -z ${mybugsdb}) ; then mybugsdb="bugs" ; fi + + echo -n "mysql bugs db host [localhost]: "; read mybugshost + if (test -z ${mybugshost}) ; then mybugshost="localhost" ; fi + + echo -n "mysql bugs dbuser name [bugs]: "; read mybugsuser + if (test -z ${mybugsuser}) ; then mybugsuser="bugs" ; fi + + echo -n "mysql bugs dbuser password: "; read mybugspwd + if (test -z ${mybugspwd}) ; then echo "Error: no dbuser password" ; exit 1; fi + + cat bz.cfg.templ | sed -e "s/tmpdbname/${mybugsdb}/ + s/tmphost/${mybugshost}/ + s/tmpdbuser/${mybugsuser}/ + s/tmpdbpass/${mybugspwd}/" > bz.cfg.pl + + if [ ! -f bz.cfg.pl ] ; then echo "Error: no template for db vars" ; exit 1 ; fi + + # privileges + echo "Setting correct privileges for bugzilla mysql connection" + echo -n "Please enter login info for user who has grant privileges on ${mybugshost} [$USER]: "; read adminuser + if (test -z ${adminuser}) ; then adminuser="$USER" ; fi + if [ "${mybugshost}" != "localhost" ]; then + echo -n "Client address for bugzilla (at db side) [$(hostname -f)]: "; read clientaddr + if (test -z ${clientaddr}) ; then clientaddr="$(hostname -f)" ; fi + fi + # this will be default for localhost + if (test -z ${clientaddr}) ; then clientaddr="${mybugshost}" ; fi + + # if $bugshost == localhost, don't specify -h argument, so local socket can be used. + host=${mybugshost/localhost} + mysql -u ${adminuser} ${host:+-h ${host}} -p mysql --exec="GRANT SELECT,INSERT,UPDATE,DELETE,INDEX, ALTER,CREATE,DROP,REFERENCES ON ${mybugsdb}.* TO ${mybugsuser}@${clientaddr} IDENTIFIED BY '${mybugspwd}'; FLUSH PRIVILEGES;" || { + echo "Error running query!" + echo + echo "Please run it manually on ${host}." + echo + echo " \$ mysql -u ${adminuser} -p mysql --exec=\"GRANT SELECT,INSERT,UPDATE,DELETE,INDEX, ALTER,CREATE,DROP,REFERENCES ON ${mybugsdb}.* TO ${mybugsuser}@${clientaddr} IDENTIFIED BY '${mybugspwd}'; FLUSH PRIVILEGES;\"" + echo + } + + echo "Setting the template for localconfig variables" + chmod 755 ./checksetup.pl + ./checksetup.pl bz.cfg.pl || exit 1 + + echo "Final step: setting all html templates and db tables" + chmod 750 ${MY_INSTALLDIR}/firstcheck.sh + chmod 755 ./firstcheck.sh + ./firstcheck.sh || die "firstcheck.sh config script failed" + + echo -n "Do you want to set a crontab [y/N]" ; read cronyes + if [ "${cronyes}+" = "y+" ] ; then + crontab -u apache ${MY_INSTALLDIR}/bugzilla.cron.tab + fi + +else + echo $1 +fi diff --git a/www-apps/bugzilla/files/CAN-2004-1061.patch b/www-apps/bugzilla/files/CAN-2004-1061.patch new file mode 100644 index 000000000000..a4286323915a --- /dev/null +++ b/www-apps/bugzilla/files/CAN-2004-1061.patch @@ -0,0 +1,46 @@ +Index: template/en/default/global/code-error.html.tmpl +=================================================================== +RCS file: /cvsroot/mozilla/webtools/bugzilla/template/en/default/global/code-error.html.tmpl,v +retrieving revision 1.41 +diff -5 -p -u -r1.41 code-error.html.tmpl +--- template/en/default/global/code-error.html.tmpl 9 Dec 2004 09:22:20 -0000 1.41 ++++ template/en/default/global/code-error.html.tmpl 15 Dec 2004 23:50:52 -0000 +@@ -254,11 +254,14 @@ + [% terms.Bugzilla %] has suffered an internal error. Please save this page and send + it to [% Param("maintainer") %] with details of what you were doing at + the time this message appeared. + </p> + <script type="text/javascript"> <!-- +- document.write("<p>URL: " + document.location + "</p>"); ++ document.write("<p>URL: " + ++ document.location.href.replace(/&/g,"&") ++ .replace(/</g,"<") ++ .replace(/>/g,">") + "</p>"); + // --> + </script> + </tt> + + <table cellpadding="20"> +Index: Bugzilla/Error.pm +=================================================================== +RCS file: /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Error.pm,v +retrieving revision 1.8 +diff -5 -p -u -r1.8 Error.pm +--- Bugzilla/Error.pm 8 Nov 2004 02:25:59 -0000 1.8 ++++ Bugzilla/Error.pm 15 Dec 2004 23:50:52 -0000 +@@ -116,11 +116,14 @@ sub ThrowTemplateError { + Bugzilla has suffered an internal error. Please save this page and + send it to $maintainer with details of what you were doing at the + time this message appeared. + </p> + <script type="text/javascript"> <!-- +- document.write("<p>URL: " + document.location + "</p>"); ++ document.write("<p>URL: " + ++ document.location.href.replace(/&/g,"&") ++ .replace(/</g,"<") ++ .replace(/>/g,">") + "</p>"); + // --> + </script> + <p>Template->process() failed twice.<br> + First error: $error<br> + Second error: $error2</p> diff --git a/www-apps/bugzilla/files/digest-bugzilla-2.18.0_rc4 b/www-apps/bugzilla/files/digest-bugzilla-2.18.0_rc4 new file mode 100644 index 000000000000..9d950f6bd474 --- /dev/null +++ b/www-apps/bugzilla/files/digest-bugzilla-2.18.0_rc4 @@ -0,0 +1 @@ +MD5 d17ffda0334124710873eeb09173d5a3 bugzilla-2.18rc3.tar.gz 1234642 |