Your message dated Wed, 25 Feb 2009 15:22:05 +0000
with message-id <[email protected]>
and subject line Bug#491980: fixed in websvn 2.1.0-1
has caused the Debian Bug report #491980,
regarding websvn: fails to display paths with ~ or other special characters
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
491980: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491980
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: websvn
Version: 1.61-20
Severity: normal
Tags: patch
Hello,
Browsing a path that has a ~ in it doesn't work with the version of
websvn in etch, because the ~ in the path gets escaped with a backslash.
I suspect this is the case for other special characters as well, since
the issue is that websvn filters the path through the escapeshellcmd()
function.
I have attached a patch that disables this filtering. (Upstream did
this as well, in r374, so this problem doesn't exist in the version in
unstable. It would be nice to see this in an etch update, though.)
Thanks,
John
This patch fixes the problem where paths with '~' in them cannot be displayed,
because PHP would try to escape the '~' with a '\'. See also r374 in the
upstream repository.
Index: websvn-1.61/include/setup.inc
===================================================================
--- websvn-1.61.orig/include/setup.inc 2008-07-22 16:14:42.000000000 -0600
+++ websvn-1.61/include/setup.inc 2008-07-22 16:15:12.000000000 -0600
@@ -291,7 +291,6 @@
else
$path = html_entity_decode(@$_REQUEST["path"], ENT_COMPAT, $config->outputEnc);
-$path = escapeshellcmd($path);
$rev = (int)@$_REQUEST["rev"];
$showchanged = (@$_REQUEST["sc"] == 1)?1:0;
--- End Message ---
--- Begin Message ---
Source: websvn
Source-Version: 2.1.0-1
We believe that the bug you reported is fixed in the latest version of
websvn, which is due to be installed in the Debian FTP archive:
websvn_2.1.0-1.diff.gz
to pool/main/w/websvn/websvn_2.1.0-1.diff.gz
websvn_2.1.0-1.dsc
to pool/main/w/websvn/websvn_2.1.0-1.dsc
websvn_2.1.0-1_all.deb
to pool/main/w/websvn/websvn_2.1.0-1_all.deb
websvn_2.1.0.orig.tar.gz
to pool/main/w/websvn/websvn_2.1.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Chifflier <[email protected]> (supplier of updated websvn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 25 Feb 2009 14:31:08 +0100
Source: websvn
Binary: websvn
Architecture: source all
Version: 2.1.0-1
Distribution: unstable
Urgency: low
Maintainer: Pierre Chifflier <[email protected]>
Changed-By: Pierre Chifflier <[email protected]>
Description:
websvn - interface for Subversion repositories written in PHP
Closes: 491980 508488 512191
Changes:
websvn (2.1.0-1) unstable; urgency=low
.
* New Upstream Version (Closes: #491980)
* Drop following patches, merged upstream:
10_security_dir_transversal.patch
11_security_css.patch
12_security_known_path_cve_2009_0240.patch
* New patch:
20_use_global_geshi.patch
21_fix_conf_file.patch
* Acknowledge NMU (Thanks Emilio) Closes: #512191, #508488
- References: CVE-2009-0240
* Add Homepage field
* Fix lintian warnings:
W: websvn: maintainer-script-ignores-errors config
W: websvn: spelling-error-in-description subversion Subversion
W: websvn source: patch-system-but-direct-changes-in-diff .pc/.version
W: websvn source: debhelper-but-no-misc-depends websvn
Checksums-Sha1:
03fffd1d6f486dccd142faa1c0914ac3016b13d8 1013 websvn_2.1.0-1.dsc
55eef34a33271109a9781b392d1684cdfc65a07c 572038 websvn_2.1.0.orig.tar.gz
2d9144f7e29430d9a1a388c7b16f67e7b6112f36 21642 websvn_2.1.0-1.diff.gz
6614dcd929221e989b6af8181564b80a504e740b 195470 websvn_2.1.0-1_all.deb
Checksums-Sha256:
398d4a68b1ce899ce8ada4845abd1293441c9e037cc7eefecfe3df84e95c256c 1013
websvn_2.1.0-1.dsc
d201eaf8dcf962c8402c2fdd1a798a5b5d4a9700b20c0dadfd83397ffe15afa6 572038
websvn_2.1.0.orig.tar.gz
b79f9e30630b7f134128b0f4291204f3cdca28ab73eacb81b4991d54f49c7e11 21642
websvn_2.1.0-1.diff.gz
e7c963e40cd675560a27e3f626c162fbe851dfce761920f75daf1c604bd1652a 195470
websvn_2.1.0-1_all.deb
Files:
6ec940992036352a450a6637975e91d0 1013 devel optional websvn_2.1.0-1.dsc
0973edc5ca348424104147846b7d7152 572038 devel optional websvn_2.1.0.orig.tar.gz
2a78f4edb3620c4ab29b99c2c6f5f81d 21642 devel optional websvn_2.1.0-1.diff.gz
99077bb8d1e2afb2aa5a4df357a2883d 195470 devel optional websvn_2.1.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJpVNetwVrWo1fQMsRAvfJAJ0c8dw9SdMGDZ4nKqtwTbAMDA5MgwCg5nMH
Kcf8DrKsZQrOBr+48ev8ZZE=
=401Y
-----END PGP SIGNATURE-----
--- End Message ---
