1 |
commit: cdd0ebd79e5f3cbcc7aa630fe6ffda67683f0bb9 |
2 |
Author: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Sep 15 10:40:17 2021 +0000 |
4 |
Commit: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 15 10:40:17 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdd0ebd7 |
7 |
|
8 |
www-apps/owncloud: drop vulnerable version |
9 |
|
10 |
Bug: https://bugs.gentoo.org/812491 |
11 |
Package-Manager: Portage-3.0.23, Repoman-3.0.3 |
12 |
Signed-off-by: Bernard Cafarelli <voyageur <AT> gentoo.org> |
13 |
|
14 |
www-apps/owncloud/Manifest | 1 - |
15 |
.../owncloud-10.7.0-share_data_exposure.patch | 78 ---------------------- |
16 |
www-apps/owncloud/owncloud-10.7.0-r1.ebuild | 49 -------------- |
17 |
3 files changed, 128 deletions(-) |
18 |
|
19 |
diff --git a/www-apps/owncloud/Manifest b/www-apps/owncloud/Manifest |
20 |
index caff0833560..12d19ceac59 100644 |
21 |
--- a/www-apps/owncloud/Manifest |
22 |
+++ b/www-apps/owncloud/Manifest |
23 |
@@ -1,2 +1 @@ |
24 |
-DIST owncloud-10.7.0.tar.bz2 24129028 BLAKE2B 47ce3584f8123cc0a315c7d88847df5844c951e354fcecd7a876ca01f0fa24823a86bdd950dd885f3bbb46f60d8a39271e31d43ac6dac8f3df506d6cdc531231 SHA512 ebb636b8ffd06d4ceb1dd0d50c15ab393b8c7bf2f0e23c61ba957add6ac4d4ba4cdefb9cda2c703f337c82a295e2c40a467a602227728e9506f9a150c9f2fd3c |
25 |
DIST owncloud-10.8.0.tar.bz2 24917781 BLAKE2B 909a8b51034fe07f83adcb3aff9c8eab790da40b115ecc715c4307ecb0364d5f65d75178d76ff27969b28a46f9585915412db235120dbb8600809057eea3c7f1 SHA512 47a23e5c2946e5d4c1d8c8e6d1b754e2a2bce436af532dbc7aa36c8031185fcc28b500fefa064e5290f2af68cbea823fa893acdb90307c9eddf53e126d282c96 |
26 |
|
27 |
diff --git a/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch b/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch |
28 |
deleted file mode 100644 |
29 |
index bab6ffed11e..00000000000 |
30 |
--- a/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch |
31 |
+++ /dev/null |
32 |
@@ -1,78 +0,0 @@ |
33 |
-From b552f84eedb5d2a113028d7859e82352699fb427 Mon Sep 17 00:00:00 2001 |
34 |
-From: JanAckermann <jackermann@××××××××.com> |
35 |
-Date: Tue, 4 May 2021 11:51:29 +0200 |
36 |
-Subject: [PATCH 1/3] Throw generic exception to overcome, senstitive exception |
37 |
- data exposure |
38 |
- |
39 |
---- |
40 |
- .../lib/Controllers/ShareController.php | 26 ++++++++++++------- |
41 |
- 1 file changed, 16 insertions(+), 10 deletions(-) |
42 |
- |
43 |
-diff --git a/apps/files_sharing/lib/Controllers/ShareController.php b/apps/files_sharing/lib/Controllers/ShareController.php |
44 |
-index da9832e105b..02bd3553067 100644 |
45 |
---- a/apps/files_sharing/lib/Controllers/ShareController.php |
46 |
-+++ b/apps/files_sharing/lib/Controllers/ShareController.php |
47 |
-@@ -400,6 +400,7 @@ public function showShare($token, $path = '') { |
48 |
- * @param string $path |
49 |
- * @param string $downloadStartSecret |
50 |
- * @return NotFoundResponse|RedirectResponse|void |
51 |
-+ * @throws \Exception |
52 |
- */ |
53 |
- public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') { |
54 |
- \OC_User::setIncognitoMode(true); |
55 |
-@@ -530,16 +531,21 @@ public function downloadShare($token, $files = null, $path = '', $downloadStartS |
56 |
- } |
57 |
- |
58 |
- // download selected files |
59 |
-- if ($files !== null && $files !== '') { |
60 |
-- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
61 |
-- // after dispatching the request which results in a "Cannot modify header information" notice. |
62 |
-- OC_Files::get($originalSharePath, $files_list, $server_params); |
63 |
-- exit(); |
64 |
-- } else { |
65 |
-- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
66 |
-- // after dispatching the request which results in a "Cannot modify header information" notice. |
67 |
-- OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); |
68 |
-- exit(); |
69 |
-+ |
70 |
-+ try { |
71 |
-+ if ($files !== null && $files !== '') { |
72 |
-+ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
73 |
-+ // after dispatching the request which results in a "Cannot modify header information" notice. |
74 |
-+ OC_Files::get($originalSharePath, $files_list, $server_params); |
75 |
-+ exit(); |
76 |
-+ } else { |
77 |
-+ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
78 |
-+ // after dispatching the request which results in a "Cannot modify header information" notice. |
79 |
-+ OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); |
80 |
-+ exit(); |
81 |
-+ } |
82 |
-+ } catch (\Exception $e) { |
83 |
-+ throw new \Exception(); |
84 |
- } |
85 |
- } |
86 |
- } |
87 |
- |
88 |
-From a94f67a4857447e36e205043c55f29737a0bc57d Mon Sep 17 00:00:00 2001 |
89 |
-From: JanAckermann <jackermann@××××××××.com> |
90 |
-Date: Tue, 4 May 2021 12:01:17 +0200 |
91 |
-Subject: [PATCH 2/3] enhanche if statement |
92 |
- |
93 |
---- |
94 |
- lib/private/Files/Storage/Local.php | 2 +- |
95 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
96 |
- |
97 |
-diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php |
98 |
-index d5ae0e3794b..d499079da98 100644 |
99 |
---- a/lib/private/Files/Storage/Local.php |
100 |
-+++ b/lib/private/Files/Storage/Local.php |
101 |
-@@ -384,7 +384,7 @@ public function getSourcePath($path) { |
102 |
- } |
103 |
- $pathToResolve = $fullPath; |
104 |
- $realPath = \realpath($pathToResolve); |
105 |
-- while ($realPath === false) { // for non existing files check the parent directory |
106 |
-+ while (!\is_string($realPath)) { // for non existing files check the parent directory |
107 |
- $pathToResolve = \dirname($pathToResolve); |
108 |
- $realPath = \realpath($pathToResolve); |
109 |
- } |
110 |
- |
111 |
|
112 |
diff --git a/www-apps/owncloud/owncloud-10.7.0-r1.ebuild b/www-apps/owncloud/owncloud-10.7.0-r1.ebuild |
113 |
deleted file mode 100644 |
114 |
index f379b0cf2d4..00000000000 |
115 |
--- a/www-apps/owncloud/owncloud-10.7.0-r1.ebuild |
116 |
+++ /dev/null |
117 |
@@ -1,49 +0,0 @@ |
118 |
-# Copyright 1999-2021 Gentoo Authors |
119 |
-# Distributed under the terms of the GNU General Public License v2 |
120 |
- |
121 |
-EAPI=7 |
122 |
- |
123 |
-inherit webapp |
124 |
- |
125 |
-DESCRIPTION="Web-based storage application where all your data is under your own control" |
126 |
-HOMEPAGE="https://owncloud.org" |
127 |
-SRC_URI="https://download.owncloud.org/community/${P}.tar.bz2" |
128 |
-LICENSE="AGPL-3" |
129 |
- |
130 |
-KEYWORDS="~amd64 ~arm ~x86" |
131 |
-IUSE="+curl mysql postgres +sqlite" |
132 |
-REQUIRED_USE="|| ( mysql postgres sqlite )" |
133 |
- |
134 |
-DEPEND="" |
135 |
-RDEPEND=">=dev-lang/php-7.0[curl?,filter,gd,hash(+),intl,json(+),mysql?,pdo,posix,postgres?,session,simplexml,sqlite?,xmlreader,xmlwriter,zip] |
136 |
- virtual/httpd-php" |
137 |
- |
138 |
-PATCHES=( "${FILESDIR}"/${P}-share_data_exposure.patch ) |
139 |
- |
140 |
-S=${WORKDIR}/${PN} |
141 |
- |
142 |
-pkg_setup() { |
143 |
- webapp_pkg_setup |
144 |
-} |
145 |
- |
146 |
-src_install() { |
147 |
- webapp_src_preinst |
148 |
- |
149 |
- insinto "${MY_HTDOCSDIR}" |
150 |
- doins -r . |
151 |
- dodir "${MY_HTDOCSDIR}"/data |
152 |
- |
153 |
- webapp_serverowned -R "${MY_HTDOCSDIR}"/apps |
154 |
- webapp_serverowned -R "${MY_HTDOCSDIR}"/data |
155 |
- webapp_serverowned -R "${MY_HTDOCSDIR}"/config |
156 |
- webapp_configfile "${MY_HTDOCSDIR}"/.htaccess |
157 |
- |
158 |
- webapp_src_install |
159 |
-} |
160 |
- |
161 |
-pkg_postinst() { |
162 |
- elog "Additional applications (calendar, ...) are no longer provided by default." |
163 |
- elog "You can install them after login via the applications management page" |
164 |
- elog "(check the recommended tab). No application data is lost." |
165 |
- webapp_pkg_postinst |
166 |
-} |