Fix various cross-site scripting issues in websvn (CVE-2007-3056).

8 files changed, 132 insertions, 3 deletions

diff --git a/www/websvn/Makefile b/www/websvn/Makefile
index c7e8ef118d4..c247f672a47 100644
--- a/www/websvn/Makefile
+++ b/www/websvn/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.17 2008/06/20 01:09:44 joerg Exp $
+# $NetBSD: Makefile,v 1.18 2008/07/13 11:15:27 tonnerre Exp $
 #
 
 DISTNAME=	WebSVN_161
 PKGNAME=	websvn-1.61
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	www
 MASTER_SITES=	http://websvn.tigris.org/files/documents/1380/14334/
 
@@ -42,6 +42,7 @@ post-extract:
 
 do-install:
 	${INSTALL_DATA} ${WRKSRC}/include/distconfig.inc ${DESTDIR}${EGDIR}
+	cd ${WRKSRC} && rm -f *.orig
 	cd ${WRKSRC} && pax -rwppm . ${DESTDIR}${PREFIX}/${HTTPD_ROOT}/websvn
 	${RM} ${DESTDIR}${PREFIX}/${HTTPD_ROOT}/websvn/include/distconfig.inc
 
diff --git a/www/websvn/distinfo b/www/websvn/distinfo
index 0755777658c..a5b9233c879 100644
--- a/www/websvn/distinfo
+++ b/www/websvn/distinfo
@@ -1,5 +1,11 @@
-$NetBSD: distinfo,v 1.4 2005/02/24 14:08:40 wiz Exp $
+$NetBSD: distinfo,v 1.5 2008/07/13 11:15:27 tonnerre Exp $
 
 SHA1 (WebSVN_161.tar.gz) = 7fecbaa9619e3061ea57dda0a4bfcb4a3cca888d
 RMD160 (WebSVN_161.tar.gz) = aedd187926ff286b5582f2359cbe3fb56d7a0bc9
 Size (WebSVN_161.tar.gz) = 89305 bytes
+SHA1 (patch-aa) = 021727c38d33ccedeaec8c82de912ed94baae565
+SHA1 (patch-ab) = 4724707d5fd3f3699918dfd9754ac92eefec9c8f
+SHA1 (patch-ac) = 6cde8ef4cf0ee0dfd4619a5acebfe09aff40e95c
+SHA1 (patch-ad) = a4c673d6f27629573d520213bd66b9d084a11a64
+SHA1 (patch-ae) = d74b9be874c88edd213fbbd297e8cd0f8bbaf46a
+SHA1 (patch-af) = 92464e74e3aa86529bb0438d7d015dfce9c82de5
diff --git a/www/websvn/patches/patch-aa b/www/websvn/patches/patch-aa
new file mode 100644
index 00000000000..fb46ff65788
--- /dev/null
+++ b/www/websvn/patches/patch-aa
@@ -0,0 +1,16 @@
+$NetBSD: patch-aa,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- blame.php.orig	2004-08-26 10:29:32.000000000 +0200
++++ blame.php
+@@ -49,9 +49,9 @@ else

+ $pos = strrpos($ppath, "/");

+ $parent = substr($ppath, 0, $pos + 1);

+ 

+-$vars["repname"] = $rep->name;

++$vars["repname"] = htmlentities($rep->name, ENT_QUOTES, 'UTF-8');

+ $vars["rev"] = $rev;

+-$vars["path"] = $ppath;

++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');

+ 

+ createDirLinks($rep, $ppath, $rev, $showchanged);

+ 

diff --git a/www/websvn/patches/patch-ab b/www/websvn/patches/patch-ab
new file mode 100644
index 00000000000..6d5dd22d76e
--- /dev/null
+++ b/www/websvn/patches/patch-ab
@@ -0,0 +1,35 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- comp.php.orig	2004-08-30 14:28:10.000000000 +0200
++++ comp.php
+@@ -54,8 +54,8 @@ $svnrep = new SVNRepository($rep->path);
+ // Retrieve the request information

+ $path1 = @$_REQUEST["compare"][0];

+ $path2 = @$_REQUEST["compare"][1];

+-$rev1 = @$_REQUEST["compare_rev"][0];

+-$rev2 = @$_REQUEST["compare_rev"][1];

++$rev1 = (int)@$_REQUEST["compare_rev"][0];

++$rev2 = (int)@$_REQUEST["compare_rev"][1];

+ 

+ // Some page links put the revision with the path...

+ if (strpos($path1, "@")) list($path1, $rev1) = explode("@", $path1);

+@@ -89,15 +89,15 @@ if ($rev2 == 0) $rev2 = "HEAD";

+ $vars["repname"] = $rep->name;

+ $vars["action"] = $lang["PATHCOMPARISON"];

+ $vars["compare_form"] = "<form action=\"$url\" method=\"post\" name=\"compareform\">";

+-$vars["compare_path1input"] = "<input type=\"text\" size=\"40\" name=\"compare[0]\" value=\"$path1\">";

++$vars["compare_path1input"] = "<input type=\"text\" size=\"40\" name=\"compare[0]\" value=\"" . htmlentities($path1, ENT_QUOTES, 'UTF-8') . "\">";

+ $vars["compare_rev1input"] = "<input type=\"text\" size=\"5\" name=\"compare_rev[0]\" value=\"$rev1\">";

+-$vars["compare_path2input"] = "<input type=\"text\" size=\"40\" name=\"compare[1]\" value=\"$path2\">";

++$vars["compare_path2input"] = "<input type=\"text\" size=\"40\" name=\"compare[1]\" value=\"" . htmlentities($path2, ENT_QUOTES, 'UTF-8') . "\">";

+ $vars["compare_rev2input"] = "<input type=\"text\" size=\"5\" name=\"compare_rev[1]\" value=\"$rev2\">";

+ $vars["compare_submit"] = "<input name=\"comparesubmit\" type=\"submit\" value=\"${lang["COMPAREPATHS"]}\">";

+ $vars["compare_endform"] = "<input type=\"hidden\" name=\"op\" value=\"comp\"><input type=\"hidden\" name=\"manualorder\" value=\"1\"><input type=\"hidden\" name=\"sc\" value=\"$showchanged\"></form>";   

+ 

+-$vars["path1"] = $path1;

+-$vars["path2"] = $path2;

++$vars["path1"] = htmlentities($path1, ENT_QUOTES, 'UTF-8');

++$vars["path2"] = htmlentities($path2, ENT_QUOTES, 'UTF-8');

+ 

+ $vars["rev1"] = $rev1;

+ $vars["rev2"] = $rev2;

diff --git a/www/websvn/patches/patch-ac b/www/websvn/patches/patch-ac
new file mode 100644
index 00000000000..a8752c2f6ac
--- /dev/null
+++ b/www/websvn/patches/patch-ac
@@ -0,0 +1,16 @@
+$NetBSD: patch-ac,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- diff.php.orig	2004-08-26 10:29:32.000000000 +0200
++++ diff.php
+@@ -59,9 +59,9 @@ else

+ 

+ $prevrev = @$history[1]["rev"];

+ 

+-$vars["repname"] = $rep->name;

++$vars["repname"] = htmlentities($rep->name, ENT_QUOTES, 'UTF-8');

+ $vars["rev"] = $rev;

+-$vars["path"] = $ppath;

++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');

+ $vars["prevrev"] = $prevrev;

+ 

+ $vars["rev1"] = $history[0]["rev"];

diff --git a/www/websvn/patches/patch-ad b/www/websvn/patches/patch-ad
new file mode 100644
index 00000000000..766090e7f8e
--- /dev/null
+++ b/www/websvn/patches/patch-ad
@@ -0,0 +1,16 @@
+$NetBSD: patch-ad,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- filedetails.php.orig	2004-08-26 10:29:32.000000000 +0200
++++ filedetails.php
+@@ -127,9 +127,9 @@ else

+    $vars["goyoungestlink"] = "";

+ 

+ $vars["action"] = "";

+-$vars["repname"] = $rep->name;

++$vars["repname"] = htmlentitites($rep->name, ENT_QUOTES, 'UTF-8');

+ $vars["rev"] = $rev;

+-$vars["path"] = $ppath;

++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');

+ 

+ createDirLinks($rep, $ppath, $passrev, $showchanged);

+ 

diff --git a/www/websvn/patches/patch-ae b/www/websvn/patches/patch-ae
new file mode 100644
index 00000000000..6b0894b7cfd
--- /dev/null
+++ b/www/websvn/patches/patch-ae
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- listing.php.orig	2004-08-30 10:49:58.000000000 +0200
++++ listing.php
+@@ -235,7 +235,7 @@ $vars["date"] = $log['date'];

+ $vars["log"] = nl2br($bugtraq->replaceIDs(create_anchors($log['message'])));

+ $vars["rev"] = $rev;

+ $vars["lastchangedrev"] = $logrev;

+-$vars["path"] = $ppath;

++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');

+ 

+ if (!$showchanged)

+ {

diff --git a/www/websvn/patches/patch-af b/www/websvn/patches/patch-af
new file mode 100644
index 00000000000..4d8e68bb655
--- /dev/null
+++ b/www/websvn/patches/patch-af
@@ -0,0 +1,26 @@
+$NetBSD: patch-af,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- log.php.orig	2004-08-26 14:47:30.000000000 +0200
++++ log.php
+@@ -98,9 +98,9 @@ else

+    $ppath = $path;

+ 

+ $vars["action"] = $lang["LOG"];

+-$vars["repname"] = $rep->name;

++$vars["repname"] = htmlentities($rep->name, ENT_QUOTES, 'UTF-8');

+ $vars["rev"] = $rev;

+-$vars["path"] = $ppath;

++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');

+ 

+ createDirLinks($rep, $ppath, $passrev, $showchanged);

+ 

+@@ -278,7 +278,8 @@ if ($pages > 1)

+ $url = $config->getURL($rep, $path, "log");

+ $vars["logsearch_form"] = "<form action=\"$url\" method=\"post\" name=\"logsearchform\">";

+ 

+-$vars["logsearch_inputbox"] = "<input name=\"search\" value=\"$search\">";

++$vars["logsearch_inputbox"] = "<input name=\"search\" value=\"" .

++	htmlentities($search, ENT_QUOTES, 'UTF-8') . "\">";

+ 

+ $vars["logsearch_submit"] = "<input type=\"submit\" value=\"${lang["GO"]}\">";

+ $vars["logsearch_endform"] = "<input type=\"hidden\" name=\"logsearch\" value=\"1\">".