From b49172b833149d88e21bc4b3dac1e48c06a984d4 Mon Sep 17 00:00:00 2001
From: Renat Lumpau <rl03@gentoo.org>
Date: Sat, 25 Mar 2006 16:01:43 +0000
Subject: Patch for CVE-2006-1386 Package-Manager: portage-2.1_pre6-r3

---
 www-apps/twiki/files/CVE-2006-1386.patch   | 23 +++++++++++++++++++++++
 www-apps/twiki/files/digest-twiki-4.0.1    |  3 ---
 www-apps/twiki/files/digest-twiki-4.0.1-r1 |  3 +++
 3 files changed, 26 insertions(+), 3 deletions(-)
 create mode 100644 www-apps/twiki/files/CVE-2006-1386.patch
 delete mode 100644 www-apps/twiki/files/digest-twiki-4.0.1
 create mode 100644 www-apps/twiki/files/digest-twiki-4.0.1-r1

(limited to 'www-apps/twiki/files')

diff --git a/www-apps/twiki/files/CVE-2006-1386.patch b/www-apps/twiki/files/CVE-2006-1386.patch
new file mode 100644
index 000000000000..dff921cd50a5
--- /dev/null
+++ b/www-apps/twiki/files/CVE-2006-1386.patch
@@ -0,0 +1,23 @@
+diff -ur work/lib/TWiki/UI/RDiff.pm work_patched/lib/TWiki/UI/RDiff.pm
+--- work/lib/TWiki/UI/RDiff.pm	2006-02-07 10:08:45.000000000 -0500
++++ work_patched/lib/TWiki/UI/RDiff.pm	2006-03-25 10:55:01.000000000 -0500
+@@ -394,6 +394,7 @@
+ 
+     TWiki::UI::checkWebExists( $session, $webName, $topic, 'diff' );
+     TWiki::UI::checkTopicExists( $session, $webName, $topic, 'diff' );
++    TWiki::UI::checkAccess( $session, $webName, $topic, 'view', $session->{user} );
+ 
+     my $renderStyle = $query->param('render') ||
+       $session->{prefs}->getPreferencesValue( 'DIFFRENDERSTYLE' ) ||
+diff -ur work/lib/TWiki/UI/Save.pm work_patched/lib/TWiki/UI/Save.pm
+--- work/lib/TWiki/UI/Save.pm	2006-02-07 10:08:45.000000000 -0500
++++ work_patched/lib/TWiki/UI/Save.pm	2006-03-25 10:54:19.000000000 -0500
+@@ -104,7 +104,7 @@
+ 
+     if( $topicExists ) {
+         ( $prevMeta, $prevText ) =
+-          $store->readTopic( undef, $webName, $topic, undef );
++          $store->readTopic( $user, $webName, $topic, undef );
+         if( $prevMeta ) {
+             foreach my $k ( keys %$prevMeta ) {
+                 unless( $k =~ /^_/ || $k eq 'FORM' || $k eq 'TOPICPARENT' ||
diff --git a/www-apps/twiki/files/digest-twiki-4.0.1 b/www-apps/twiki/files/digest-twiki-4.0.1
deleted file mode 100644
index 18b0503f8fd4..000000000000
--- a/www-apps/twiki/files/digest-twiki-4.0.1
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 bbfaa7fe279b374407a5bd7d946bbe7a TWiki-4.0.1.tgz 3849689
-RMD160 5f812ccb0c136b2e6ed8e0a69f205c6073f65ea8 TWiki-4.0.1.tgz 3849689
-SHA256 209b749ed737868b7d3b960132a27104107d15866c10ba1b8bf362b13a992be6 TWiki-4.0.1.tgz 3849689
diff --git a/www-apps/twiki/files/digest-twiki-4.0.1-r1 b/www-apps/twiki/files/digest-twiki-4.0.1-r1
new file mode 100644
index 000000000000..18b0503f8fd4
--- /dev/null
+++ b/www-apps/twiki/files/digest-twiki-4.0.1-r1
@@ -0,0 +1,3 @@
+MD5 bbfaa7fe279b374407a5bd7d946bbe7a TWiki-4.0.1.tgz 3849689
+RMD160 5f812ccb0c136b2e6ed8e0a69f205c6073f65ea8 TWiki-4.0.1.tgz 3849689
+SHA256 209b749ed737868b7d3b960132a27104107d15866c10ba1b8bf362b13a992be6 TWiki-4.0.1.tgz 3849689
-- 
cgit v1.2.3-65-gdbad