Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Bernard Cafarelli <voyageur@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-apps/owncloud/, www-apps/owncloud/files/
Date: Wed, 15 Sep 2021 10:40:27
Message-Id: 1631702417.cdd0ebd79e5f3cbcc7aa630fe6ffda67683f0bb9.voyageur@gentoo
1 commit: cdd0ebd79e5f3cbcc7aa630fe6ffda67683f0bb9
2 Author: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org>
3 AuthorDate: Wed Sep 15 10:40:17 2021 +0000
4 Commit: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org>
5 CommitDate: Wed Sep 15 10:40:17 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdd0ebd7
7
8 www-apps/owncloud: drop vulnerable version
9
10 Bug: https://bugs.gentoo.org/812491
11 Package-Manager: Portage-3.0.23, Repoman-3.0.3
12 Signed-off-by: Bernard Cafarelli <voyageur <AT> gentoo.org>
13
14 www-apps/owncloud/Manifest | 1 -
15 .../owncloud-10.7.0-share_data_exposure.patch | 78 ----------------------
16 www-apps/owncloud/owncloud-10.7.0-r1.ebuild | 49 --------------
17 3 files changed, 128 deletions(-)
18
19 diff --git a/www-apps/owncloud/Manifest b/www-apps/owncloud/Manifest
20 index caff0833560..12d19ceac59 100644
21 --- a/www-apps/owncloud/Manifest
22 +++ b/www-apps/owncloud/Manifest
23 @@ -1,2 +1 @@
24 -DIST owncloud-10.7.0.tar.bz2 24129028 BLAKE2B 47ce3584f8123cc0a315c7d88847df5844c951e354fcecd7a876ca01f0fa24823a86bdd950dd885f3bbb46f60d8a39271e31d43ac6dac8f3df506d6cdc531231 SHA512 ebb636b8ffd06d4ceb1dd0d50c15ab393b8c7bf2f0e23c61ba957add6ac4d4ba4cdefb9cda2c703f337c82a295e2c40a467a602227728e9506f9a150c9f2fd3c
25 DIST owncloud-10.8.0.tar.bz2 24917781 BLAKE2B 909a8b51034fe07f83adcb3aff9c8eab790da40b115ecc715c4307ecb0364d5f65d75178d76ff27969b28a46f9585915412db235120dbb8600809057eea3c7f1 SHA512 47a23e5c2946e5d4c1d8c8e6d1b754e2a2bce436af532dbc7aa36c8031185fcc28b500fefa064e5290f2af68cbea823fa893acdb90307c9eddf53e126d282c96
26
27 diff --git a/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch b/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch
28 deleted file mode 100644
29 index bab6ffed11e..00000000000
30 --- a/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch
31 +++ /dev/null
32 @@ -1,78 +0,0 @@
33 -From b552f84eedb5d2a113028d7859e82352699fb427 Mon Sep 17 00:00:00 2001
34 -From: JanAckermann <jackermann@××××××××.com>
35 -Date: Tue, 4 May 2021 11:51:29 +0200
36 -Subject: [PATCH 1/3] Throw generic exception to overcome, senstitive exception
37 - data exposure
38 -
39 ----
40 - .../lib/Controllers/ShareController.php | 26 ++++++++++++-------
41 - 1 file changed, 16 insertions(+), 10 deletions(-)
42 -
43 -diff --git a/apps/files_sharing/lib/Controllers/ShareController.php b/apps/files_sharing/lib/Controllers/ShareController.php
44 -index da9832e105b..02bd3553067 100644
45 ---- a/apps/files_sharing/lib/Controllers/ShareController.php
46 -+++ b/apps/files_sharing/lib/Controllers/ShareController.php
47 -@@ -400,6 +400,7 @@ public function showShare($token, $path = '') {
48 - * @param string $path
49 - * @param string $downloadStartSecret
50 - * @return NotFoundResponse|RedirectResponse|void
51 -+ * @throws \Exception
52 - */
53 - public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
54 - \OC_User::setIncognitoMode(true);
55 -@@ -530,16 +531,21 @@ public function downloadShare($token, $files = null, $path = '', $downloadStartS
56 - }
57 -
58 - // download selected files
59 -- if ($files !== null && $files !== '') {
60 -- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
61 -- // after dispatching the request which results in a "Cannot modify header information" notice.
62 -- OC_Files::get($originalSharePath, $files_list, $server_params);
63 -- exit();
64 -- } else {
65 -- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
66 -- // after dispatching the request which results in a "Cannot modify header information" notice.
67 -- OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params);
68 -- exit();
69 -+
70 -+ try {
71 -+ if ($files !== null && $files !== '') {
72 -+ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
73 -+ // after dispatching the request which results in a "Cannot modify header information" notice.
74 -+ OC_Files::get($originalSharePath, $files_list, $server_params);
75 -+ exit();
76 -+ } else {
77 -+ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well
78 -+ // after dispatching the request which results in a "Cannot modify header information" notice.
79 -+ OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params);
80 -+ exit();
81 -+ }
82 -+ } catch (\Exception $e) {
83 -+ throw new \Exception();
84 - }
85 - }
86 - }
87 -
88 -From a94f67a4857447e36e205043c55f29737a0bc57d Mon Sep 17 00:00:00 2001
89 -From: JanAckermann <jackermann@××××××××.com>
90 -Date: Tue, 4 May 2021 12:01:17 +0200
91 -Subject: [PATCH 2/3] enhanche if statement
92 -
93 ----
94 - lib/private/Files/Storage/Local.php | 2 +-
95 - 1 file changed, 1 insertion(+), 1 deletion(-)
96 -
97 -diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php
98 -index d5ae0e3794b..d499079da98 100644
99 ---- a/lib/private/Files/Storage/Local.php
100 -+++ b/lib/private/Files/Storage/Local.php
101 -@@ -384,7 +384,7 @@ public function getSourcePath($path) {
102 - }
103 - $pathToResolve = $fullPath;
104 - $realPath = \realpath($pathToResolve);
105 -- while ($realPath === false) { // for non existing files check the parent directory
106 -+ while (!\is_string($realPath)) { // for non existing files check the parent directory
107 - $pathToResolve = \dirname($pathToResolve);
108 - $realPath = \realpath($pathToResolve);
109 - }
110 -
111
112 diff --git a/www-apps/owncloud/owncloud-10.7.0-r1.ebuild b/www-apps/owncloud/owncloud-10.7.0-r1.ebuild
113 deleted file mode 100644
114 index f379b0cf2d4..00000000000
115 --- a/www-apps/owncloud/owncloud-10.7.0-r1.ebuild
116 +++ /dev/null
117 @@ -1,49 +0,0 @@
118 -# Copyright 1999-2021 Gentoo Authors
119 -# Distributed under the terms of the GNU General Public License v2
120 -
121 -EAPI=7
122 -
123 -inherit webapp
124 -
125 -DESCRIPTION="Web-based storage application where all your data is under your own control"
126 -HOMEPAGE="https://owncloud.org"
127 -SRC_URI="https://download.owncloud.org/community/${P}.tar.bz2"
128 -LICENSE="AGPL-3"
129 -
130 -KEYWORDS="~amd64 ~arm ~x86"
131 -IUSE="+curl mysql postgres +sqlite"
132 -REQUIRED_USE="|| ( mysql postgres sqlite )"
133 -
134 -DEPEND=""
135 -RDEPEND=">=dev-lang/php-7.0[curl?,filter,gd,hash(+),intl,json(+),mysql?,pdo,posix,postgres?,session,simplexml,sqlite?,xmlreader,xmlwriter,zip]
136 - virtual/httpd-php"
137 -
138 -PATCHES=( "${FILESDIR}"/${P}-share_data_exposure.patch )
139 -
140 -S=${WORKDIR}/${PN}
141 -
142 -pkg_setup() {
143 - webapp_pkg_setup
144 -}
145 -
146 -src_install() {
147 - webapp_src_preinst
148 -
149 - insinto "${MY_HTDOCSDIR}"
150 - doins -r .
151 - dodir "${MY_HTDOCSDIR}"/data
152 -
153 - webapp_serverowned -R "${MY_HTDOCSDIR}"/apps
154 - webapp_serverowned -R "${MY_HTDOCSDIR}"/data
155 - webapp_serverowned -R "${MY_HTDOCSDIR}"/config
156 - webapp_configfile "${MY_HTDOCSDIR}"/.htaccess
157 -
158 - webapp_src_install
159 -}
160 -
161 -pkg_postinst() {
162 - elog "Additional applications (calendar, ...) are no longer provided by default."
163 - elog "You can install them after login via the applications management page"
164 - elog "(check the recommended tab). No application data is lost."
165 - webapp_pkg_postinst
166 -}
Report Message
Find on MARC Find on Google Groups