commit: cdd0ebd79e5f3cbcc7aa630fe6ffda67683f0bb9 Author: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> AuthorDate: Wed Sep 15 10:40:17 2021 +0000 Commit: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> CommitDate: Wed Sep 15 10:40:17 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cdd0ebd7
www-apps/owncloud: drop vulnerable version Bug: https://bugs.gentoo.org/812491 Package-Manager: Portage-3.0.23, Repoman-3.0.3 Signed-off-by: Bernard Cafarelli <voyageur <AT> gentoo.org> www-apps/owncloud/Manifest | 1 - .../owncloud-10.7.0-share_data_exposure.patch | 78 ---------------------- www-apps/owncloud/owncloud-10.7.0-r1.ebuild | 49 -------------- 3 files changed, 128 deletions(-) diff --git a/www-apps/owncloud/Manifest b/www-apps/owncloud/Manifest index caff0833560..12d19ceac59 100644 --- a/www-apps/owncloud/Manifest +++ b/www-apps/owncloud/Manifest @@ -1,2 +1 @@ -DIST owncloud-10.7.0.tar.bz2 24129028 BLAKE2B 47ce3584f8123cc0a315c7d88847df5844c951e354fcecd7a876ca01f0fa24823a86bdd950dd885f3bbb46f60d8a39271e31d43ac6dac8f3df506d6cdc531231 SHA512 ebb636b8ffd06d4ceb1dd0d50c15ab393b8c7bf2f0e23c61ba957add6ac4d4ba4cdefb9cda2c703f337c82a295e2c40a467a602227728e9506f9a150c9f2fd3c DIST owncloud-10.8.0.tar.bz2 24917781 BLAKE2B 909a8b51034fe07f83adcb3aff9c8eab790da40b115ecc715c4307ecb0364d5f65d75178d76ff27969b28a46f9585915412db235120dbb8600809057eea3c7f1 SHA512 47a23e5c2946e5d4c1d8c8e6d1b754e2a2bce436af532dbc7aa36c8031185fcc28b500fefa064e5290f2af68cbea823fa893acdb90307c9eddf53e126d282c96 diff --git a/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch b/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch deleted file mode 100644 index bab6ffed11e..00000000000 --- a/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch +++ /dev/null @@ -1,78 +0,0 @@ -From b552f84eedb5d2a113028d7859e82352699fb427 Mon Sep 17 00:00:00 2001 -From: JanAckermann <jackerm...@owncloud.com> -Date: Tue, 4 May 2021 11:51:29 +0200 -Subject: [PATCH 1/3] Throw generic exception to overcome, senstitive exception - data exposure - ---- - .../lib/Controllers/ShareController.php | 26 ++++++++++++------- - 1 file changed, 16 insertions(+), 10 deletions(-) - -diff --git a/apps/files_sharing/lib/Controllers/ShareController.php b/apps/files_sharing/lib/Controllers/ShareController.php -index da9832e105b..02bd3553067 100644 ---- a/apps/files_sharing/lib/Controllers/ShareController.php -+++ b/apps/files_sharing/lib/Controllers/ShareController.php -@@ -400,6 +400,7 @@ public function showShare($token, $path = '') { - * @param string $path - * @param string $downloadStartSecret - * @return NotFoundResponse|RedirectResponse|void -+ * @throws \Exception - */ - public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') { - \OC_User::setIncognitoMode(true); -@@ -530,16 +531,21 @@ public function downloadShare($token, $files = null, $path = '', $downloadStartS - } - - // download selected files -- if ($files !== null && $files !== '') { -- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well -- // after dispatching the request which results in a "Cannot modify header information" notice. -- OC_Files::get($originalSharePath, $files_list, $server_params); -- exit(); -- } else { -- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well -- // after dispatching the request which results in a "Cannot modify header information" notice. -- OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); -- exit(); -+ -+ try { -+ if ($files !== null && $files !== '') { -+ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well -+ // after dispatching the request which results in a "Cannot modify header information" notice. -+ OC_Files::get($originalSharePath, $files_list, $server_params); -+ exit(); -+ } else { -+ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well -+ // after dispatching the request which results in a "Cannot modify header information" notice. -+ OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); -+ exit(); -+ } -+ } catch (\Exception $e) { -+ throw new \Exception(); - } - } - } - -From a94f67a4857447e36e205043c55f29737a0bc57d Mon Sep 17 00:00:00 2001 -From: JanAckermann <jackerm...@owncloud.com> -Date: Tue, 4 May 2021 12:01:17 +0200 -Subject: [PATCH 2/3] enhanche if statement - ---- - lib/private/Files/Storage/Local.php | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php -index d5ae0e3794b..d499079da98 100644 ---- a/lib/private/Files/Storage/Local.php -+++ b/lib/private/Files/Storage/Local.php -@@ -384,7 +384,7 @@ public function getSourcePath($path) { - } - $pathToResolve = $fullPath; - $realPath = \realpath($pathToResolve); -- while ($realPath === false) { // for non existing files check the parent directory -+ while (!\is_string($realPath)) { // for non existing files check the parent directory - $pathToResolve = \dirname($pathToResolve); - $realPath = \realpath($pathToResolve); - } - diff --git a/www-apps/owncloud/owncloud-10.7.0-r1.ebuild b/www-apps/owncloud/owncloud-10.7.0-r1.ebuild deleted file mode 100644 index f379b0cf2d4..00000000000 --- a/www-apps/owncloud/owncloud-10.7.0-r1.ebuild +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit webapp - -DESCRIPTION="Web-based storage application where all your data is under your own control" -HOMEPAGE="https://owncloud.org"; -SRC_URI="https://download.owncloud.org/community/${P}.tar.bz2"; -LICENSE="AGPL-3" - -KEYWORDS="~amd64 ~arm ~x86" -IUSE="+curl mysql postgres +sqlite" -REQUIRED_USE="|| ( mysql postgres sqlite )" - -DEPEND="" -RDEPEND=">=dev-lang/php-7.0[curl?,filter,gd,hash(+),intl,json(+),mysql?,pdo,posix,postgres?,session,simplexml,sqlite?,xmlreader,xmlwriter,zip] - virtual/httpd-php" - -PATCHES=( "${FILESDIR}"/${P}-share_data_exposure.patch ) - -S=${WORKDIR}/${PN} - -pkg_setup() { - webapp_pkg_setup -} - -src_install() { - webapp_src_preinst - - insinto "${MY_HTDOCSDIR}" - doins -r . - dodir "${MY_HTDOCSDIR}"/data - - webapp_serverowned -R "${MY_HTDOCSDIR}"/apps - webapp_serverowned -R "${MY_HTDOCSDIR}"/data - webapp_serverowned -R "${MY_HTDOCSDIR}"/config - webapp_configfile "${MY_HTDOCSDIR}"/.htaccess - - webapp_src_install -} - -pkg_postinst() { - elog "Additional applications (calendar, ...) are no longer provided by default." - elog "You can install them after login via the applications management page" - elog "(check the recommended tab). No application data is lost." - webapp_pkg_postinst -}
