For details, please check https://github.com/splitbrain/dokuwiki/issues/1056 In Gentoo, I am hoping for: * Stabilization of 20140929c * Masking or removal of both 20140505c and 20140929b * Packaging of 20140505d Best, Sebastian
This is the complete diff between both releases (20140525 and 20140929), so I'd suggest marking the new version stable, if you can get it to install (to make sure I don't miss anything while copying the ebuild from my overlay to the tree). Only in /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/data/pages: playground diff -ur /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/doku.php /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/doku.php --- /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/doku.php 2014-12-03 14:38:43.000000000 +0000 +++ /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/doku.php 2015-02-24 19:51:46.000000000 +0000 @@ -9,7 +9,7 @@ */ // update message version -$updateVersion = 44.3; +$updateVersion = 44.4; // xdebug_start_profiling(); diff -ur /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/lib/plugins/acl/remote.php /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/lib/plugins/acl/remote.php --- /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/lib/plugins/acl/remote.php 2014-12-03 14:38:43.000000000 +0000 +++ /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/lib/plugins/acl/remote.php 2015-02-24 19:51:46.000000000 +0000 @@ -17,12 +17,39 @@ ); } - function addAcl($scope, $user, $level){ + /** + * Add a new entry to ACL config + * + * @param string $scope + * @param string $user + * @param int $level see also inc/auth.php + * @throws RemoteAccessDeniedException + * @return bool + */ + public function addAcl($scope, $user, $level){ + if(!auth_isadmin()) { + throw new RemoteAccessDeniedException('You are not allowed to access ACLs, superuser permission is required', 114); + } + + /** @var admin_plugin_acl $apa */ $apa = plugin_load('admin', 'acl'); return $apa->_acl_add($scope, $user, $level); } - function delAcl($scope, $user){ + /** + * Remove an entry from ACL config + * + * @param string $scope + * @param string $user + * @throws RemoteAccessDeniedException + * @return bool + */ + public function delAcl($scope, $user){ + if(!auth_isadmin()) { + throw new RemoteAccessDeniedException('You are not allowed to access ACLs, superuser permission is required', 114); + } + + /** @var admin_plugin_acl $apa */ $apa = plugin_load('admin', 'acl'); return $apa->_acl_del($scope, $user); } diff -ur /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/VERSION /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/VERSION --- /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/VERSION 2014-12-03 14:38:43.000000000 +0000 +++ /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/VERSION 2015-02-24 19:51:46.000000000 +0000 @@ -1 +1 @@ -2014-05-05c "Ponder Stibbons" +2014-05-05d "Ponder Stibbons" 21:03 < irker860> gentoo-x86: jmbsvicetto www-apps/dokuwiki: Add 20140525d release - bug 541918 (CVE-2015-2172). @security: We're ready to call arch teams to stabilize the unaffected versions (20140525d and 20140929c).
This bug is old. Two stable versions are in the tree 20140929d and 20140929d-r1.
I don't see any of the affected versions in the tree.
Affected packages long gone from tree.