ports/86691: Patch for TWiki port to latest version, fixes security issues

Thu Sep 29 02:30:19 UTC 2005

>Number:         86691
>Category:       ports
>Synopsis:       Patch for TWiki port to latest version, fixes security issues
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 29 02:30:18 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     justin at hawkins.id.au
>Release:        FreeBSD 5.4-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD tardis.everard.bogus 5.4-RELEASE-p2 FreeBSD 5.4-RELEASE-p2 #11: Sun Jun 19 14:53:54 CST 2005 root at tardis.everard.bogus:/usr/obj/usr/src/sys/TARDIS i386

>Description:
Patch to upgrade TWiki port to latest version

>How-To-Repeat:
N/A
>Fix:

Patch:

(please note that the 'files' directory is removed - no patches are required).

diff -ruN twiki.bak/Makefile twiki/Makefile

--- twiki.bak/Makefile	Thu Sep 29 11:36:13 2005
+++ twiki/Makefile	Thu Sep 29 11:36:58 2005
@@ -6,15 +6,13 @@
 #
 
 PORTNAME=	twiki
-PORTVERSION=	20040902
+PORTVERSION=	20040904
 CATEGORIES=	www
 MASTER_SITES=	http://twiki.org/swd/ http://www.thoeny.com/peter/twiki/
 DISTNAME=	TWiki${PORTVERSION}
 
 MAINTAINER=	justin at hawkins.id.au
 COMMENT=	A flexible, powerful, and easy to use Web-based collaboration platform
-
-FORBIDDEN=	Security: http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude
 
 NO_WRKSUBDIR=	yes
 NO_BUILD=	yes
diff -ruN twiki.bak/distinfo twiki/distinfo
--- twiki.bak/distinfo	Thu Sep 29 11:36:13 2005
+++ twiki/distinfo	Thu Sep 29 11:37:50 2005
@@ -1,2 +1,2 @@
-MD5 (TWiki20040902.zip) = d805a957b9a903e83ee1538db52bca21
-SIZE (TWiki20040902.zip) = 2585307
+MD5 (TWiki20040904.zip) = 9d68a269bb0775bc57a2a5a7005bc4df
+SIZE (TWiki20040904.zip) = 2585626
diff -ruN twiki.bak/files/patch-aa twiki/files/patch-aa
--- twiki.bak/files/patch-aa	Thu Sep 29 11:36:13 2005
+++ twiki/files/patch-aa	Thu Jan  1 09:30:00 1970
@@ -1,18 +0,0 @@
---- work/lib/TWiki/Search.pm.orig   2004-11-12 11:54:47.000000000 -0800
-+++ work/lib/TWiki/Search.pm 2004-11-12 12:08:29.000000000 -0800
-***************
-*** 434,439 ****
---- 434,446 ----
-      my $tempVal = "";
-      my $tmpl = "";
-      my $topicCount = 0; # JohnTalintyre
-+
-+     # fix for Codev.SecurityAlertExecuteCommandsWithSearch
-+     # vulnerability, search: "test_vulnerability '; ls -la'"
-+     $theSearchVal =~ s/[\'\`]//g;                  # Filter ' and `
-+     $theSearchVal =~ s/\@\(/\@\\\(/g;              # Defuse @( ... )
-+     $theSearchVal = substr($theSearchVal, 0, 200); # Limit string length
-+
-      my $originalSearch = $theSearchVal;
-      my $renameTopic;
-      my $renameWeb = "";

>Release-Note:
>Audit-Trail:
>Unformatted:

