summaryrefslogtreecommitdiff
path: root/www/tdiary
diff options
context:
space:
mode:
authorMark Linimon <linimon@FreeBSD.org>2003-12-09 02:48:11 +0000
committerMark Linimon <linimon@FreeBSD.org>2003-12-09 02:48:11 +0000
commitbde98a7340772ad78b1e327fb5e110496d26229f (patch)
tree3daf3121ac83885be2fcbb2f11112df43e615ef6 /www/tdiary
parentUpdate to 0.2.8. (diff)
Fix a security related problem in tDiary 1.5.6, see
http://www.tdiary.org/20031119.html (Japanese-language) for details. It only happened in the following case: * "@secure = true" in setting file (tdiary.conf) * output_rdf.rb or tb-send.rb by plugin choice PR: ports/59451 Submitted by: Fumihiko Kimura <jfkimura@yahoo.co.jp> (maintainer)
Diffstat (limited to 'www/tdiary')
-rw-r--r--www/tdiary/Makefile4
-rw-r--r--www/tdiary/files/patch-aa47
-rw-r--r--www/tdiary/files/pkg-message.in (renamed from www/tdiary/pkg-message)3
3 files changed, 53 insertions, 1 deletions
diff --git a/www/tdiary/Makefile b/www/tdiary/Makefile
index 13383966da2f..fa00ee3b640c 100644
--- a/www/tdiary/Makefile
+++ b/www/tdiary/Makefile
@@ -7,6 +7,7 @@
PORTNAME= tdiary
PORTVERSION= 1.5.6
+PORTREVISION= 1
CATEGORIES?= www ruby
MASTER_SITES= \
${MASTER_SITE_SOURCEFORGE} \
@@ -70,6 +71,7 @@ do-install:
post-install:
@cd ${WRKSRC} && ${FIND} . -type f -o -type l | ${SED} -e 's,^\.,${TDIARYDIR:S|${LOCALBASE}/||},' >> ${TMPPLIST}
@cd ${WRKSRC} && ${FIND} . -type d -depth | ${SED} -e 's,^\.,@dirrm ${TDIARYDIR:S|${LOCALBASE}/||},' >> ${TMPPLIST}
- @${SED} -e "s,%%EXAMPLESDIR%%,${EXAMPLESDIR},g" ${PKGMESSAGE}
+ @${SED} -e 's|%%EXAMPLESDIR%%|${EXAMPLESDIR}|' < ${FILESDIR}/pkg-message.in > ${PKGMESSAGE}
+ @${CAT} ${PKGMESSAGE}
.include <bsd.port.mk>
diff --git a/www/tdiary/files/patch-aa b/www/tdiary/files/patch-aa
new file mode 100644
index 000000000000..a88609622b12
--- /dev/null
+++ b/www/tdiary/files/patch-aa
@@ -0,0 +1,47 @@
+--- tdiary.rb Thu Nov 13 15:34:22 2003
++++ tdiary.rb.new Fri Nov 21 16:11:26 2003
+@@ -1,13 +1,13 @@
+ =begin
+ == NAME
+ tDiary: the "tsukkomi-able" web diary system.
+-tdiary.rb $Revision: 1.156 $
++tdiary.rb $Revision: 1.159 $
+
+ Copyright (C) 2001-2003, TADA Tadashi <sho@spc.gr.jp>
+ You can redistribute it and/or modify it under GPL2.
+ =end
+
+-TDIARY_VERSION = '1.5.6'
++TDIARY_VERSION = '1.5.6.20031118'
+
+ require 'cgi'
+ begin
+@@ -62,10 +62,14 @@
+ module Safe
+ def safe( level = 4 )
+ result = nil
+- Thread.start {
+- $SAFE = level
++ if $SAFE < level then
++ Thread.start {
++ $SAFE = level
++ result = yield
++ }.join
++ else
+ result = yield
+- }.join
++ end
+ result
+ end
+ module_function :safe
+@@ -740,7 +744,9 @@
+ r = str.dup
+ if @options['apply_plugin'] and str.index( '<%' ) then
+ r = str.untaint if $SAFE < 3
+- r = ERbLight.new( r ).result( binding )
++ Safe::safe( @conf.secure ? 4 : 1 ) do
++ r = ERbLight.new( r ).result( binding )
++ end
+ end
+ r.gsub!( /<.*?>/, '' ) if remove_tag
+ r
diff --git a/www/tdiary/pkg-message b/www/tdiary/files/pkg-message.in
index 237ee08b2814..7641c845f302 100644
--- a/www/tdiary/pkg-message
+++ b/www/tdiary/files/pkg-message.in
@@ -9,6 +9,9 @@ This script should be run manually.
or
% ruby %%EXAMPLESDIR%%/tdiaryinst.rb
+ * Option: --suexec Use suExec for CGI execution
+ --help Display Help information
+
[Ruby 1.8.x]
# %%EXAMPLESDIR%%/tdiary-FreeBSD.sh User