summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom William Payne <twp@gentoo.org>2005-05-13 19:03:44 +0000
committerTom William Payne <twp@gentoo.org>2005-05-13 19:03:44 +0000
commit14cb22742a09d4681457b691bad806a918445a84 (patch)
tree19bef632890d80733d57ee414a589b7730b3add6 /app-text/info2html
parentStupid typo. (diff)
downloadhistorical-14cb22742a09d4681457b691bad806a918445a84.tar.gz
historical-14cb22742a09d4681457b691bad806a918445a84.tar.bz2
historical-14cb22742a09d4681457b691bad806a918445a84.zip
Security fix. Bug # 91354.
Package-Manager: portage-2.0.51.21-r1
Diffstat (limited to 'app-text/info2html')
-rw-r--r--app-text/info2html/ChangeLog14
-rw-r--r--app-text/info2html/Manifest7
-rw-r--r--app-text/info2html/files/digest-info2html-1.4-r11
-rw-r--r--app-text/info2html/files/info2html-xss.patch51
-rw-r--r--app-text/info2html/info2html-1.4-r1.ebuild44
5 files changed, 114 insertions, 3 deletions
diff --git a/app-text/info2html/ChangeLog b/app-text/info2html/ChangeLog
index e9e9884c544a..d54e99ca0094 100644
--- a/app-text/info2html/ChangeLog
+++ b/app-text/info2html/ChangeLog
@@ -1,6 +1,18 @@
# ChangeLog for app-text/info2html
# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/info2html/ChangeLog,v 1.8 2005/04/21 20:22:40 blubb Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/info2html/ChangeLog,v 1.9 2005/05/13 19:03:44 twp Exp $
+
+*info2html-1.4-r1 (13 May 2005)
+
+ 13 May 2005; Tom Payne <twp@gentoo.org> +files/info2html-xss.patch,
+ +info2html-1.4-r1.ebuild:
+ Security fix. Bug # 91354.
+
+*info2html-1.4-r1 (13 May 2005)
+
+ 13 May 2005; Tom Payne <twp@gentoo.org> +files/info2html-xss.patch,
+ +info2html-1.4-r1.ebuild:
+ Security fix. Bug # 91354.
21 Apr 2005; Simon Stelling <blubb@gentoo.org> info2html-1.4.ebuild:
stable on amd64
diff --git a/app-text/info2html/Manifest b/app-text/info2html/Manifest
index 2838e9e72b46..971a688fb1fc 100644
--- a/app-text/info2html/Manifest
+++ b/app-text/info2html/Manifest
@@ -1,5 +1,8 @@
-MD5 52a5838473c0a6f6dc9d0e6d2e5b4780 ChangeLog 849
+MD5 2a5cbde8d5db863a1891b34b6c9e4c24 info2html-1.4-r1.ebuild 991
MD5 98979dcc8f89c84051f9957afd8d481a info2html-1.4.ebuild 947
+MD5 5e18f05112a8ba77211a9b95dc22638c ChangeLog 1169
MD5 d992d28bec4a3bfd72b441145091a58e metadata.xml 244
-MD5 4b9f64ddf8e7ef3c725fc1f785c69456 files/digest-info2html-1.4 60
+MD5 cc6a82ee8361bbdc4e94d4f39feb5896 files/info2html-xss.patch 1730
+MD5 4b9f64ddf8e7ef3c725fc1f785c69456 files/digest-info2html-1.4-r1 60
MD5 495fd408850958212ae70b35f3b8129b files/info2html-gentoo.patch 1767
+MD5 4b9f64ddf8e7ef3c725fc1f785c69456 files/digest-info2html-1.4 60
diff --git a/app-text/info2html/files/digest-info2html-1.4-r1 b/app-text/info2html/files/digest-info2html-1.4-r1
new file mode 100644
index 000000000000..cbd2963fe8b5
--- /dev/null
+++ b/app-text/info2html/files/digest-info2html-1.4-r1
@@ -0,0 +1 @@
+MD5 bccc18eeb48bb2571e5c66dec8822770 info2html-1.4.tgz 8473
diff --git a/app-text/info2html/files/info2html-xss.patch b/app-text/info2html/files/info2html-xss.patch
new file mode 100644
index 000000000000..98f61a6461f8
--- /dev/null
+++ b/app-text/info2html/files/info2html-xss.patch
@@ -0,0 +1,51 @@
+Index: info2html1.1/info2html
+===================================================================
+--- info2html1.1.orig/info2html
++++ info2html1.1/info2html
+@@ -47,7 +47,7 @@ $FTAG = '[^\)]+'; #-- p
+ # not accessible.
+ #---------------------------------------------------------
+ sub DieFileNotFound{
+- local($FileName) = @_;
++ local($FileName) = &XssEscape(@_);
+ #-- TEXT : error message if a file could not be opened
+ print <<EOF;
+ <head>
+@@ -110,6 +110,28 @@ sub DeEscape{
+ }
+
+ #----------------------------------------------------------
++# XssEscape
++#----------------------------------------------------------
++sub XssEscape {
++ local($Tag) = @_;
++ #-- output escaping is required to protect browser
++ # against `cross site' and `cross frame scripting'
++
++ $Tag =~ s/&/&amp;/gs; # ampersand
++ $Tag =~ s/#/&#35;/gs;
++ $Tag =~ s/;/&#59;/gs;
++ $Tag =~ s/[\000-\037\200-\237]/&iquest;/gs;
++ $Tag =~ s/</&lt;/gs; # less-than symbol
++ $Tag =~ s/>/&gt;/gs; # greater-than symbol
++ $Tag =~ s/"/&quot;/gs; # double quote
++ $Tag =~ s/\240/&nbsp;/gs; # non-breaking space
++ $Tag =~ s/\255/&shy;/gs; # soft hyphen
++ # the rest is interpreted
++ # as ISO 8859-1
++ $Tag;
++}
++
++#----------------------------------------------------------
+ # ParsHeaderToken
+ #----------------------------------------------------------
+ # Parses the heaer line of an info node for a specific
+@@ -470,6 +492,8 @@ EOF
+ #----------------------------------------------------------
+ sub ReplyNotFoundMessage{
+ local($FileName,$Tag) = @_;
++ $FileName = &XssEscape($FileName);
++ $Tag = &XssEscape($Tag);
+ print <<EOF;
+ <head>
+ <title>Info Files - Error Message</title>
diff --git a/app-text/info2html/info2html-1.4-r1.ebuild b/app-text/info2html/info2html-1.4-r1.ebuild
new file mode 100644
index 000000000000..ca36616dc2b8
--- /dev/null
+++ b/app-text/info2html/info2html-1.4-r1.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/info2html/info2html-1.4-r1.ebuild,v 1.1 2005/05/13 19:03:44 twp Exp $
+
+inherit eutils webapp-apache
+
+DESCRIPTION="Converts GNU .info files to HTML"
+HOMEPAGE="http://info2html.sourceforge.net/"
+SRC_URI="mirror://sourceforge/info2html/${P}.tgz"
+
+LICENSE="freedist"
+SLOT="0"
+IUSE=""
+KEYWORDS="~alpha ~hppa ~sparc x86 ~amd64"
+
+DEPEND="dev-lang/perl"
+
+pkg_setup() {
+ webapp-detect || NO_HTTPD=1
+ webapp-pkg_setup "${NO_HTTPD}"
+ einfo "Installing into ${ROOT}${HTTPD_ROOT}"
+}
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/info2html-gentoo.patch
+ epatch ${FILESDIR}/info2html-xss.patch
+}
+
+src_install() {
+ webapp-mkdirs
+
+ exeinto ${HTTPD_CGIBIN}
+ doexe info2html infocat
+ insinto ${HTTPD_CGIBIN}
+ doins info2html.conf
+ dodoc README
+}
+
+pkg_postinst() {
+ einfo "Info files can be found at:"
+ einfo "\thttp://localhost/cgi-bin/infocat"
+}