diff options
Diffstat (limited to 'www-apps/owncloud')
| -rw-r--r-- | www-apps/owncloud/Manifest | 7 | ||||
| -rw-r--r-- | www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch | 78 | ||||
| -rw-r--r-- | www-apps/owncloud/owncloud-10.5.0.ebuild | 47 | ||||
| -rw-r--r-- | www-apps/owncloud/owncloud-10.7.0.ebuild (renamed from www-apps/owncloud/owncloud-10.6.0.ebuild) | 2 |
4 files changed, 83 insertions, 51 deletions
diff --git a/www-apps/owncloud/Manifest b/www-apps/owncloud/Manifest index 38c1cbef19ea..ac1957968288 100644 --- a/www-apps/owncloud/Manifest +++ b/www-apps/owncloud/Manifest @@ -1,5 +1,4 @@ -DIST owncloud-10.5.0.tar.bz2 23471398 BLAKE2B 6566df51474a22d36da868ab45a7cb679528aecc9a95e0ad20f06adda587563e16c98ee1e942a5fef62e633b132469a6a775d5893754f553aea8a33043daafc3 SHA512 b77183146ee27c97a7f472e1debaec6f5dad168f204a243a65f431cade28ed0551d0db88ff799776bfd26db60357a2216a35cd1b4af6e7e98fc933f325e4336c -DIST owncloud-10.6.0.tar.bz2 24569416 BLAKE2B f20890262551f2996d39566f63f79439921f41bfa3a82cecc5fdf771be93e403f5a273e76498421ec7e29a03f00326844003c3adb3f927f2c1c8fc82c26c23de SHA512 ec4de23b4cd0dc08dde66802285a00c817cc8ccc79237e4ae454af5fecba102fdc892ed24e62b246deebba536728d312f43dcfea9f2f490ba8847a54ac962885 -EBUILD owncloud-10.5.0.ebuild 1252 BLAKE2B dd9416b52088aa52cc04173536140cd8107c1aa3be3527ddd588d1f38449808b7656b95bf428769c6584f83f53ca3b19c454128b526563792d6a6e3a26ead32a SHA512 3345000e2391005d884272d488c00474058987fdc69b7c8d2c4399a97810cd180dd862a78437ee2f15654f18b28e49fcebeb1f9062da9ba15a72fabfe66fafe8 -EBUILD owncloud-10.6.0.ebuild 1252 BLAKE2B cc2efc5b7bc9121b94a034b017cf4f4da390fc1cd0fdf1106b94972c4584cbfccc220f679b6e5d41623294c373343f285158e81fc9381189610607eb86e27f32 SHA512 48268b8e9ed8dc56520b589b36b1749cbf9639080c0de876a3791e68c86421c1817ec956f6fedb4dfb4506aa7aec607fcc531ec31947e6d83aa256bd9d5724e2 +AUX owncloud-10.7.0-share_data_exposure.patch 3470 BLAKE2B 3a908d1909c776f2c8ccee17fda16fb91e199468b48b5359bd9ebf0bbb0f087d834cbddb54aba5b60af71afa01f1984ce580bb5b91aeeb0156a71f93ef65643b SHA512 2dfe05754cd6ea97a3bd014e7769d4106b90d6740e975778cd291bd7f74aa64c27d4b913847addec0c184e477bbdef07a09a59160dfc8c413e8af1229147e682 +DIST owncloud-10.7.0.tar.bz2 24129028 BLAKE2B 47ce3584f8123cc0a315c7d88847df5844c951e354fcecd7a876ca01f0fa24823a86bdd950dd885f3bbb46f60d8a39271e31d43ac6dac8f3df506d6cdc531231 SHA512 ebb636b8ffd06d4ceb1dd0d50c15ab393b8c7bf2f0e23c61ba957add6ac4d4ba4cdefb9cda2c703f337c82a295e2c40a467a602227728e9506f9a150c9f2fd3c +EBUILD owncloud-10.7.0.ebuild 1310 BLAKE2B 2ac6337614fa8d2d50fa54cd2335629b6a4f87cd917e915419ee4e7089b82d46dcbb0168628481d414bcccbaebb5b177a215b8be5789a5066e3833224dacad50 SHA512 b88e53ab8b631b6d0c7cc9958adfdb89a2f01616a564d7c1907de5d832991e3a38de1287a971f3c99d43fa3cde3cec7805292008b01d34ea99044b13b9ad9fb7 MISC metadata.xml 362 BLAKE2B 966b48f98107fc73bd40f9c602962f2c876c1be1f074943452cfb5bbf60eb1c2ca08153294ce4166442da85beebd41395ca9bbe9c98d7832665fa16419db374d SHA512 64c690c6fa8bc6861f673b465e0519d5c5e945d76b66a2d9e7422cbfaa967624e7da287626bd12edbf347f0d0b5296fb9719ede93d15f073542367f5fecf5e99 diff --git a/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch b/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch new file mode 100644 index 000000000000..bab6ffed11ed --- /dev/null +++ b/www-apps/owncloud/files/owncloud-10.7.0-share_data_exposure.patch @@ -0,0 +1,78 @@ +From b552f84eedb5d2a113028d7859e82352699fb427 Mon Sep 17 00:00:00 2001 +From: JanAckermann <jackermann@owncloud.com> +Date: Tue, 4 May 2021 11:51:29 +0200 +Subject: [PATCH 1/3] Throw generic exception to overcome, senstitive exception + data exposure + +--- + .../lib/Controllers/ShareController.php | 26 ++++++++++++------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +diff --git a/apps/files_sharing/lib/Controllers/ShareController.php b/apps/files_sharing/lib/Controllers/ShareController.php +index da9832e105b..02bd3553067 100644 +--- a/apps/files_sharing/lib/Controllers/ShareController.php ++++ b/apps/files_sharing/lib/Controllers/ShareController.php +@@ -400,6 +400,7 @@ public function showShare($token, $path = '') { + * @param string $path + * @param string $downloadStartSecret + * @return NotFoundResponse|RedirectResponse|void ++ * @throws \Exception + */ + public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') { + \OC_User::setIncognitoMode(true); +@@ -530,16 +531,21 @@ public function downloadShare($token, $files = null, $path = '', $downloadStartS + } + + // download selected files +- if ($files !== null && $files !== '') { +- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well +- // after dispatching the request which results in a "Cannot modify header information" notice. +- OC_Files::get($originalSharePath, $files_list, $server_params); +- exit(); +- } else { +- // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well +- // after dispatching the request which results in a "Cannot modify header information" notice. +- OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); +- exit(); ++ ++ try { ++ if ($files !== null && $files !== '') { ++ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well ++ // after dispatching the request which results in a "Cannot modify header information" notice. ++ OC_Files::get($originalSharePath, $files_list, $server_params); ++ exit(); ++ } else { ++ // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well ++ // after dispatching the request which results in a "Cannot modify header information" notice. ++ OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); ++ exit(); ++ } ++ } catch (\Exception $e) { ++ throw new \Exception(); + } + } + } + +From a94f67a4857447e36e205043c55f29737a0bc57d Mon Sep 17 00:00:00 2001 +From: JanAckermann <jackermann@owncloud.com> +Date: Tue, 4 May 2021 12:01:17 +0200 +Subject: [PATCH 2/3] enhanche if statement + +--- + lib/private/Files/Storage/Local.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php +index d5ae0e3794b..d499079da98 100644 +--- a/lib/private/Files/Storage/Local.php ++++ b/lib/private/Files/Storage/Local.php +@@ -384,7 +384,7 @@ public function getSourcePath($path) { + } + $pathToResolve = $fullPath; + $realPath = \realpath($pathToResolve); +- while ($realPath === false) { // for non existing files check the parent directory ++ while (!\is_string($realPath)) { // for non existing files check the parent directory + $pathToResolve = \dirname($pathToResolve); + $realPath = \realpath($pathToResolve); + } + diff --git a/www-apps/owncloud/owncloud-10.5.0.ebuild b/www-apps/owncloud/owncloud-10.5.0.ebuild deleted file mode 100644 index 97ad6449db05..000000000000 --- a/www-apps/owncloud/owncloud-10.5.0.ebuild +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit webapp - -DESCRIPTION="Web-based storage application where all your data is under your own control" -HOMEPAGE="https://owncloud.org" -SRC_URI="https://download.owncloud.org/community/${P}.tar.bz2" -LICENSE="AGPL-3" - -KEYWORDS="~amd64 ~arm ~x86" -IUSE="+curl mysql postgres +sqlite" -REQUIRED_USE="|| ( mysql postgres sqlite )" - -DEPEND="" -RDEPEND=">=dev-lang/php-7.0[curl?,filter,gd,hash(+),intl,json,mysql?,pdo,posix,postgres?,session,simplexml,sqlite?,xmlreader,xmlwriter,zip] - virtual/httpd-php" - -S=${WORKDIR}/${PN} - -pkg_setup() { - webapp_pkg_setup -} - -src_install() { - webapp_src_preinst - - insinto "${MY_HTDOCSDIR}" - doins -r . - dodir "${MY_HTDOCSDIR}"/data - - webapp_serverowned -R "${MY_HTDOCSDIR}"/apps - webapp_serverowned -R "${MY_HTDOCSDIR}"/data - webapp_serverowned -R "${MY_HTDOCSDIR}"/config - webapp_configfile "${MY_HTDOCSDIR}"/.htaccess - - webapp_src_install -} - -pkg_postinst() { - elog "Additional applications (calendar, ...) are no longer provided by default." - elog "You can install them after login via the applications management page" - elog "(check the recommended tab). No application data is lost." - webapp_pkg_postinst -} diff --git a/www-apps/owncloud/owncloud-10.6.0.ebuild b/www-apps/owncloud/owncloud-10.7.0.ebuild index cecbee423d8e..0b560a4d0fee 100644 --- a/www-apps/owncloud/owncloud-10.6.0.ebuild +++ b/www-apps/owncloud/owncloud-10.7.0.ebuild @@ -18,6 +18,8 @@ DEPEND="" RDEPEND=">=dev-lang/php-7.0[curl?,filter,gd,hash(+),intl,json,mysql?,pdo,posix,postgres?,session,simplexml,sqlite?,xmlreader,xmlwriter,zip] virtual/httpd-php" +PATCHES=( "${FILESDIR}"/${P}-share_data_exposure.patch ) + S=${WORKDIR}/${PN} pkg_setup() { |