From 802f561aa2cdfe2c1c6a5182419c0b5a42e6a758 Mon Sep 17 00:00:00 2001
From: tonnerre <tonnerre@pkgsrc.org>
Date: Sun, 13 Jul 2008 11:15:27 +0000
Subject: Fix various cross-site scripting issues in websvn (CVE-2007-3056).

---
 www/websvn/Makefile         |  5 +++--
 www/websvn/distinfo         |  8 +++++++-
 www/websvn/patches/patch-aa | 16 ++++++++++++++++
 www/websvn/patches/patch-ab | 35 +++++++++++++++++++++++++++++++++++
 www/websvn/patches/patch-ac | 16 ++++++++++++++++
 www/websvn/patches/patch-ad | 16 ++++++++++++++++
 www/websvn/patches/patch-ae | 13 +++++++++++++
 www/websvn/patches/patch-af | 26 ++++++++++++++++++++++++++
 8 files changed, 132 insertions(+), 3 deletions(-)
 create mode 100644 www/websvn/patches/patch-aa
 create mode 100644 www/websvn/patches/patch-ab
 create mode 100644 www/websvn/patches/patch-ac
 create mode 100644 www/websvn/patches/patch-ad
 create mode 100644 www/websvn/patches/patch-ae
 create mode 100644 www/websvn/patches/patch-af

(limited to 'www/websvn')

diff --git a/www/websvn/Makefile b/www/websvn/Makefile
index c7e8ef118d4..c247f672a47 100644
--- a/www/websvn/Makefile
+++ b/www/websvn/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.17 2008/06/20 01:09:44 joerg Exp $
+# $NetBSD: Makefile,v 1.18 2008/07/13 11:15:27 tonnerre Exp $
 #
 
 DISTNAME=	WebSVN_161
 PKGNAME=	websvn-1.61
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	www
 MASTER_SITES=	http://websvn.tigris.org/files/documents/1380/14334/
 
@@ -42,6 +42,7 @@ post-extract:
 
 do-install:
 	${INSTALL_DATA} ${WRKSRC}/include/distconfig.inc ${DESTDIR}${EGDIR}
+	cd ${WRKSRC} && rm -f *.orig
 	cd ${WRKSRC} && pax -rwppm . ${DESTDIR}${PREFIX}/${HTTPD_ROOT}/websvn
 	${RM} ${DESTDIR}${PREFIX}/${HTTPD_ROOT}/websvn/include/distconfig.inc
 
diff --git a/www/websvn/distinfo b/www/websvn/distinfo
index 0755777658c..a5b9233c879 100644
--- a/www/websvn/distinfo
+++ b/www/websvn/distinfo
@@ -1,5 +1,11 @@
-$NetBSD: distinfo,v 1.4 2005/02/24 14:08:40 wiz Exp $
+$NetBSD: distinfo,v 1.5 2008/07/13 11:15:27 tonnerre Exp $
 
 SHA1 (WebSVN_161.tar.gz) = 7fecbaa9619e3061ea57dda0a4bfcb4a3cca888d
 RMD160 (WebSVN_161.tar.gz) = aedd187926ff286b5582f2359cbe3fb56d7a0bc9
 Size (WebSVN_161.tar.gz) = 89305 bytes
+SHA1 (patch-aa) = 021727c38d33ccedeaec8c82de912ed94baae565
+SHA1 (patch-ab) = 4724707d5fd3f3699918dfd9754ac92eefec9c8f
+SHA1 (patch-ac) = 6cde8ef4cf0ee0dfd4619a5acebfe09aff40e95c
+SHA1 (patch-ad) = a4c673d6f27629573d520213bd66b9d084a11a64
+SHA1 (patch-ae) = d74b9be874c88edd213fbbd297e8cd0f8bbaf46a
+SHA1 (patch-af) = 92464e74e3aa86529bb0438d7d015dfce9c82de5
diff --git a/www/websvn/patches/patch-aa b/www/websvn/patches/patch-aa
new file mode 100644
index 00000000000..fb46ff65788
--- /dev/null
+++ b/www/websvn/patches/patch-aa
@@ -0,0 +1,16 @@
+$NetBSD: patch-aa,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- blame.php.orig	2004-08-26 10:29:32.000000000 +0200
++++ blame.php
+@@ -49,9 +49,9 @@ else
+ $pos = strrpos($ppath, "/");
+ $parent = substr($ppath, 0, $pos + 1);
+ 
+-$vars["repname"] = $rep->name;
++$vars["repname"] = htmlentities($rep->name, ENT_QUOTES, 'UTF-8');
+ $vars["rev"] = $rev;
+-$vars["path"] = $ppath;
++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');
+ 
+ createDirLinks($rep, $ppath, $rev, $showchanged);
+ 
diff --git a/www/websvn/patches/patch-ab b/www/websvn/patches/patch-ab
new file mode 100644
index 00000000000..6d5dd22d76e
--- /dev/null
+++ b/www/websvn/patches/patch-ab
@@ -0,0 +1,35 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- comp.php.orig	2004-08-30 14:28:10.000000000 +0200
++++ comp.php
+@@ -54,8 +54,8 @@ $svnrep = new SVNRepository($rep->path);
+ // Retrieve the request information
+ $path1 = @$_REQUEST["compare"][0];
+ $path2 = @$_REQUEST["compare"][1];
+-$rev1 = @$_REQUEST["compare_rev"][0];
+-$rev2 = @$_REQUEST["compare_rev"][1];
++$rev1 = (int)@$_REQUEST["compare_rev"][0];
++$rev2 = (int)@$_REQUEST["compare_rev"][1];
+ 
+ // Some page links put the revision with the path...
+ if (strpos($path1, "@")) list($path1, $rev1) = explode("@", $path1);
+@@ -89,15 +89,15 @@ if ($rev2 == 0) $rev2 = "HEAD";
+ $vars["repname"] = $rep->name;
+ $vars["action"] = $lang["PATHCOMPARISON"];
+ $vars["compare_form"] = "<form action=\"$url\" method=\"post\" name=\"compareform\">";
+-$vars["compare_path1input"] = "<input type=\"text\" size=\"40\" name=\"compare[0]\" value=\"$path1\">";
++$vars["compare_path1input"] = "<input type=\"text\" size=\"40\" name=\"compare[0]\" value=\"" . htmlentities($path1, ENT_QUOTES, 'UTF-8') . "\">";
+ $vars["compare_rev1input"] = "<input type=\"text\" size=\"5\" name=\"compare_rev[0]\" value=\"$rev1\">";
+-$vars["compare_path2input"] = "<input type=\"text\" size=\"40\" name=\"compare[1]\" value=\"$path2\">";
++$vars["compare_path2input"] = "<input type=\"text\" size=\"40\" name=\"compare[1]\" value=\"" . htmlentities($path2, ENT_QUOTES, 'UTF-8') . "\">";
+ $vars["compare_rev2input"] = "<input type=\"text\" size=\"5\" name=\"compare_rev[1]\" value=\"$rev2\">";
+ $vars["compare_submit"] = "<input name=\"comparesubmit\" type=\"submit\" value=\"${lang["COMPAREPATHS"]}\">";
+ $vars["compare_endform"] = "<input type=\"hidden\" name=\"op\" value=\"comp\"><input type=\"hidden\" name=\"manualorder\" value=\"1\"><input type=\"hidden\" name=\"sc\" value=\"$showchanged\"></form>";   
+ 
+-$vars["path1"] = $path1;
+-$vars["path2"] = $path2;
++$vars["path1"] = htmlentities($path1, ENT_QUOTES, 'UTF-8');
++$vars["path2"] = htmlentities($path2, ENT_QUOTES, 'UTF-8');
+ 
+ $vars["rev1"] = $rev1;
+ $vars["rev2"] = $rev2;
diff --git a/www/websvn/patches/patch-ac b/www/websvn/patches/patch-ac
new file mode 100644
index 00000000000..a8752c2f6ac
--- /dev/null
+++ b/www/websvn/patches/patch-ac
@@ -0,0 +1,16 @@
+$NetBSD: patch-ac,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- diff.php.orig	2004-08-26 10:29:32.000000000 +0200
++++ diff.php
+@@ -59,9 +59,9 @@ else
+ 
+ $prevrev = @$history[1]["rev"];
+ 
+-$vars["repname"] = $rep->name;
++$vars["repname"] = htmlentities($rep->name, ENT_QUOTES, 'UTF-8');
+ $vars["rev"] = $rev;
+-$vars["path"] = $ppath;
++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');
+ $vars["prevrev"] = $prevrev;
+ 
+ $vars["rev1"] = $history[0]["rev"];
diff --git a/www/websvn/patches/patch-ad b/www/websvn/patches/patch-ad
new file mode 100644
index 00000000000..766090e7f8e
--- /dev/null
+++ b/www/websvn/patches/patch-ad
@@ -0,0 +1,16 @@
+$NetBSD: patch-ad,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- filedetails.php.orig	2004-08-26 10:29:32.000000000 +0200
++++ filedetails.php
+@@ -127,9 +127,9 @@ else
+    $vars["goyoungestlink"] = "";
+ 
+ $vars["action"] = "";
+-$vars["repname"] = $rep->name;
++$vars["repname"] = htmlentitites($rep->name, ENT_QUOTES, 'UTF-8');
+ $vars["rev"] = $rev;
+-$vars["path"] = $ppath;
++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');
+ 
+ createDirLinks($rep, $ppath, $passrev, $showchanged);
+ 
diff --git a/www/websvn/patches/patch-ae b/www/websvn/patches/patch-ae
new file mode 100644
index 00000000000..6b0894b7cfd
--- /dev/null
+++ b/www/websvn/patches/patch-ae
@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- listing.php.orig	2004-08-30 10:49:58.000000000 +0200
++++ listing.php
+@@ -235,7 +235,7 @@ $vars["date"] = $log['date'];
+ $vars["log"] = nl2br($bugtraq->replaceIDs(create_anchors($log['message'])));
+ $vars["rev"] = $rev;
+ $vars["lastchangedrev"] = $logrev;
+-$vars["path"] = $ppath;
++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');
+ 
+ if (!$showchanged)
+ {
diff --git a/www/websvn/patches/patch-af b/www/websvn/patches/patch-af
new file mode 100644
index 00000000000..4d8e68bb655
--- /dev/null
+++ b/www/websvn/patches/patch-af
@@ -0,0 +1,26 @@
+$NetBSD: patch-af,v 1.1 2008/07/13 11:15:27 tonnerre Exp $
+
+--- log.php.orig	2004-08-26 14:47:30.000000000 +0200
++++ log.php
+@@ -98,9 +98,9 @@ else
+    $ppath = $path;
+ 
+ $vars["action"] = $lang["LOG"];
+-$vars["repname"] = $rep->name;
++$vars["repname"] = htmlentities($rep->name, ENT_QUOTES, 'UTF-8');
+ $vars["rev"] = $rev;
+-$vars["path"] = $ppath;
++$vars["path"] = htmlentities($ppath, ENT_QUOTES, 'UTF-8');
+ 
+ createDirLinks($rep, $ppath, $passrev, $showchanged);
+ 
+@@ -278,7 +278,8 @@ if ($pages > 1)
+ $url = $config->getURL($rep, $path, "log");
+ $vars["logsearch_form"] = "<form action=\"$url\" method=\"post\" name=\"logsearchform\">";
+ 
+-$vars["logsearch_inputbox"] = "<input name=\"search\" value=\"$search\">";
++$vars["logsearch_inputbox"] = "<input name=\"search\" value=\"" .
++	htmlentities($search, ENT_QUOTES, 'UTF-8') . "\">";
+ 
+ $vars["logsearch_submit"] = "<input type=\"submit\" value=\"${lang["GO"]}\">";
+ $vars["logsearch_endform"] = "<input type=\"hidden\" name=\"logsearch\" value=\"1\">".
-- 
cgit v1.2.3