www-apps/websvn: treeclean

Closes: https://bugs.gentoo.org/672352
Bug: https://bugs.gentoo.org/794511
Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

6 files changed, 0 insertions, 178 deletions

diff --git a/www-apps/websvn/Manifest b/www-apps/websvn/Manifest
deleted file mode 100644
index e7b9173421a2..000000000000
--- a/www-apps/websvn/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST websvn-2.3.3.tar.gz 882779 BLAKE2B e851bdd8cf42c34202c8416b5f63d0b4b6731f082d1103eaf21689bd65ddb11d8ed2d9d1a8e476d2c342db9b59bc7dea37ae0c9eb929a8c8298dfa3965da34ce SHA512 8c77a9770dfc3c9487793cd71c460d4048aa4aa7b8520a53eea8ae872f30e06d885f849d63fa0e9f61ed5923f9dd9c5ef1f3c4f020afaa83d7815a99d64818a0
diff --git a/www-apps/websvn/files/13_security_CVE-2013-6892.patch b/www-apps/websvn/files/13_security_CVE-2013-6892.patch
deleted file mode 100644
index ffb14e84aa11..000000000000
--- a/www-apps/websvn/files/13_security_CVE-2013-6892.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Arbitrary files with a known path can be accessed in websvn by committing a
-symlink to a repository and then downloading the file (using the download
-link).
-
-Author: Thijs Kinkhorst <thijs@debian.org>
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682
-
-diff -ur oud/dl.php nieuw/dl.php
---- oud/dl.php	2015-01-18 16:03:30.688791512 +0100
-+++ nieuw/dl.php	2015-01-18 16:27:00.950897749 +0100
-@@ -137,6 +137,18 @@
- 		exit(0);
- 	}
- 
-+	// For security reasons, disallow direct downloads of filenames that
-+	// are a symlink, since they may be a symlink to anywhere (/etc/passwd)
-+	// Deciding whether the symlink is relative and legal within the
-+	// repository would be nice but seems to error prone at this moment.
-+	if ( is_link($tempDir.DIRECTORY_SEPARATOR.$archiveName) ) {
-+		header('HTTP/1.x 500 Internal Server Error', true, 500);
-+		error_log('to be downloaded file is symlink, aborting: '.$archiveName);
-+		print 'Download of symlinks disallowed: "'.xml_entities($archiveName).'".';
-+		removeDirectory($tempDir);
-+		exit(0);
-+	}
-+
- 	// Set timestamp of exported directory (and subdirectories) to timestamp of
- 	// the revision so every archive of a given revision has the same timestamp.
- 	$revDate = $logEntry->date;
-@@ -180,7 +192,7 @@
- 		$downloadMimeType = 'application/x-zip';
- 		$downloadArchive .= '.zip';
- 		// Create zip file
--		$cmd = $config->zip.' -r '.quote($downloadArchive).' '.quote($archiveName);
-+		$cmd = $config->zip.' --symlinks -r '.quote($downloadArchive).' '.quote($archiveName);
- 		execCommand($cmd, $retcode);
- 		if ($retcode != 0) {
- 			error_log('Unable to call zip command: '.$cmd);
diff --git a/www-apps/websvn/files/30_CVE-2016-2511.patch b/www-apps/websvn/files/30_CVE-2016-2511.patch
deleted file mode 100644
index 9c270bbc4582..000000000000
--- a/www-apps/websvn/files/30_CVE-2016-2511.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- orig/include/setup.php	2016-02-19 16:02:05.674756241 +0100
-+++ new/include/setup.php	2016-02-19 16:02:10.166832543 +0100
-@@ -467,7 +467,7 @@
- $vars['validationurl'] = getFullURL($_SERVER['SCRIPT_NAME']).'?'.buildQuery($queryParams + array('template' => $template, 'language' => $language), '%26');
- 
- // To avoid a possible XSS exploit, need to clean up the passed-in path first
--$path = !empty($_REQUEST['path']) ? $_REQUEST['path'] : null;
-+$path = !empty($_REQUEST['path']) ? escape($_REQUEST['path']) : null;
- if ($path === null || $path === '')
- 	$path = '/';
- $vars['safepath'] = escape($path);
diff --git a/www-apps/websvn/files/31_CVE-2016-1236.patch b/www-apps/websvn/files/31_CVE-2016-1236.patch
deleted file mode 100644
index 13ff2be66f86..000000000000
--- a/www-apps/websvn/files/31_CVE-2016-1236.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Description: CVE-2016-1236: XSS via directory or file in a repository containing XSS payload
-Origin: vendor
-Forwarded: no
-Author: Nitin Venkatesh <venkatesh.nitin@gmail.com>
-Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2016-05-08
-
---- a/revision.php
-+++ b/revision.php
-@@ -145,7 +145,7 @@ if ($rep) {
- 		}
- 		$resourceExisted = $change->action == 'M' || $change->copyfrom;
- 		$listing[] = array(
--			'path' => $change->path,
-+			'path' => escape($change->path),
- 			'oldpath' => $change->copyfrom ? $change->copyfrom.' @ '.$change->copyrev : '',
- 			'action' => $change->action,
- 			'added' => $change->action == 'A',
---- a/log.php
-+++ b/log.php
-@@ -323,6 +323,9 @@ if ($rep) {
- 					$listing[$index]['revadded'] = (isset($modpaths['A'])) ? implode('<br/>', $modpaths['A']) : '';
- 					$listing[$index]['revdeleted'] = (isset($modpaths['D'])) ? implode('<br/>', $modpaths['D']) : '';
- 					$listing[$index]['revmodified'] = (isset($modpaths['M'])) ? implode('<br/>', $modpaths['M']) : '';
-+					$listing[$index]['revadded'] = escape($listing[$index]['revadded']);
-+					$listing[$index]['revdeleted'] = escape($listing[$index]['revdeleted']);
-+					$listing[$index]['revmodified'] = escape($listing[$index]['revmodified']);
- 				}
- 
- 				$row = 1 - $row;
---- a/comp.php
-+++ b/comp.php
-@@ -381,7 +381,7 @@ if ($rep) {
- 						$absnode .= $node;
- 					}
- 
--					$listing[$index]['newpath'] = $absnode;
-+					$listing[$index]['newpath'] = escape($absnode);
- 
- 					$listing[$index]['fileurl'] = $config->getURL($rep, $absnode, 'file').'rev='.$rev2;
- 
---- a/listing.php
-+++ b/listing.php
-@@ -123,7 +123,7 @@ function showDirFiles($svnrep, $subs, $l
- 				$listing[$index]['level'] = ($treeview) ? $level : 0;
- 				$listing[$index]['node'] = 0; // t-node
- 				$listing[$index]['path'] = $path.$file;
--				$listing[$index]['filename'] = $file;
-+				$listing[$index]['filename'] = escape($file);
- 				if ($isDir) {
- 					$listing[$index]['fileurl'] = urlForPath($path.$file, $passRevString);
- 				} else {
-@@ -137,7 +137,7 @@ function showDirFiles($svnrep, $subs, $l
- 				}
- 
- 				if ($treeview) {
--					$listing[$index]['compare_box'] = '<input type="checkbox" name="compare[]" value="'.$path.$file.'@'.$passrev.'" onclick="checkCB(this)" />';
-+					$listing[$index]['compare_box'] = '<input type="checkbox" name="compare[]" value="'.escape($path.$file).'@'.$passrev.'" onclick="checkCB(this)" />';
- 				}
- 				if ($config->showLastModInListing()) {
- 					$listing[$index]['committime'] = $entry->committime;
diff --git a/www-apps/websvn/metadata.xml b/www-apps/websvn/metadata.xml
deleted file mode 100644
index 7e524f51be9e..000000000000
--- a/www-apps/websvn/metadata.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-	<maintainer type="project">
-		<email>web-apps@gentoo.org</email>
-		<name>Gentoo Webapps</name>
-	</maintainer>
-	<stabilize-allarches/>
-	<use>
-		<flag name="enscript">Add enscript support to colorize code
-			stored in the repository</flag>
-	</use>
-</pkgmetadata>
diff --git a/www-apps/websvn/websvn-2.3.3-r1.ebuild b/www-apps/websvn/websvn-2.3.3-r1.ebuild
deleted file mode 100644
index 285fce66b2fb..000000000000
--- a/www-apps/websvn/websvn-2.3.3-r1.ebuild
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit webapp
-
-MY_P="${P//_/}"
-
-DESCRIPTION="Web-based browsing tool for Subversion (SVN) repositories in PHP"
-HOMEPAGE="http://www.websvn.info/ http://websvn.tigris.org/"
-DOWNLOAD_NUMBER="49056"
-SRC_URI="http://websvn.tigris.org/files/documents/1380/${DOWNLOAD_NUMBER}/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-IUSE="enscript"
-KEYWORDS="amd64 ppc ppc64 ~sparc x86"
-
-DEPEND=""
-RDEPEND="dev-lang/php:*[xml]
-	dev-vcs/subversion
-	virtual/httpd-php:*
-	enscript? ( app-text/enscript )"
-RESTRICT="mirror"
-
-PATCHES=(
-	"${FILESDIR}/13_security_CVE-2013-6892.patch"
-	"${FILESDIR}/30_CVE-2016-2511.patch"
-	"${FILESDIR}/31_CVE-2016-1236.patch"
-)
-
-S="${WORKDIR}/${MY_P}"
-
-src_install() {
-	webapp_src_preinst
-
-	DOCS=( changes.txt )
-	HTML_DOCS=( doc/* )
-	einstalldocs
-
-	mv include/{dist,}config.php
-	rm -rf license.txt changes.txt doc/
-
-	insinto "${MY_HTDOCSDIR}"
-	doins -r .
-
-	webapp_configfile "${MY_HTDOCSDIR}"/include/config.php
-	webapp_configfile "${MY_HTDOCSDIR}"/wsvn.php
-
-	webapp_serverowned "${MY_HTDOCSDIR}"/cache
-
-	webapp_src_install
-}