Summary: | www-apps/tikiwiki XML-RPC Vulnerabilities round 2 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | duncan, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-08-13 07:34:44 UTC
Now instead see bug #102576 AFAICT Tikiwiki can now be made to use the official PEAR module. 1.8.5 needs : http://cvs.sourceforge.net/viewcvs.py/tikiwiki/tiki/commxmlrpc.php?r1=1.10.2.4&r2=1.10.2.5 1.9.0 needs : http://cvs.sourceforge.net/viewcvs.py/tikiwiki/tiki/commxmlrpc.php?r1=1.14.2.1&r2=1.14.2.2 web-apps : please bump bumped ppc, please mark stable, thanks. error trying to install 1.8.5-r2 Calculating world dependencies ...done! >>> emerge (1 of 1) www-apps/tikiwiki-1.8.5-r2 to / >>> md5 files ;-) tikiwiki-1.8.5-r2.ebuild >>> md5 files ;-) tikiwiki-1.8.5-r1.ebuild >>> md5 files ;-) tikiwiki-1.9.0.ebuild >>> md5 files ;-) tikiwiki-1.9.0-r1.ebuild >>> md5 files ;-) files/tikiwiki-1.8.5-xmlrpc.patch >>> md5 files ;-) files/digest-tikiwiki-1.8.5-r2 >>> md5 files ;-) files/digest-tikiwiki-1.8.5-r1 >>> md5 files ;-) files/digest-tikiwiki-1.9.0 >>> md5 files ;-) files/digest-tikiwiki-1.9.0-r1 >>> md5 files ;-) files/postinstall-en.txt >>> md5 files ;-) files/xmlrpc2-1.8.5.patch >>> md5 files ;-) files/xmlrpc2-1.9.0.patch >>> md5 src_uri ;-) tikiwiki-1.8.5.tar.bz2 * You already have something installed in /var/www/localhost/htdocs/tikiwiki * Are you trying to install over the top of something I cannot upgrade? * * I can upgrade the contents of /var/www/localhost/htdocs/tikiwiki * >>> Unpacking source... >>> Unpacking tikiwiki-1.8.5.tar.bz2 to /var/tmp/portage/tikiwiki-1.8.5-r2/work * Applying xmlrpc2-1.8.5.patch ... * Failed Patch: xmlrpc2-1.8.5.patch ! * ( /usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8.5.patch ) * * Include in your bugreport the contents of: * * /var/tmp/portage/tikiwiki-1.8.5-r2/temp/xmlrpc2-1.8.5.patch-16290.out !!! ERROR: www-apps/tikiwiki-1.8.5-r2 failed. !!! Function epatch, Line 359, Exitcode 0 !!! Failed Patch: xmlrpc2-1.8.5.patch! !!! If you need support, post the topmost build error, NOT this status message. more /var/tmp/portage/tikiwiki-1.8.5-r2/temp/xmlrpc2-1.8.5.patch-16290.out ***** xmlrpc2-1.8.5.patch ***** =============================== PATCH COMMAND: patch -p0 -g0 --no-backup-if-mismatch < /usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8 .5.patch =============================== can't find file to patch at input line 8 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |=================================================================== |RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v |retrieving revision 1.10.2.4 |retrieving revision 1.10.2.5 |diff -u -r1.10.2.4 -r1.10.2.5 |--- tikiwiki/tiki/commxmlrpc.php 2005/01/01 00:04:43 1.10.2.4 |+++ tikiwiki/tiki/commxmlrpc.php 2005/08/18 21:39:19 1.10.2.5 -------------------------- No file to patch. Skipping patch. 5 out of 5 hunks ignored =============================== PATCH COMMAND: patch -p1 -g0 --no-backup-if-mismatch < /usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8 .5.patch =============================== can't find file to patch at input line 8 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |=================================================================== |RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v |retrieving revision 1.10.2.4 |retrieving revision 1.10.2.5 |diff -u -r1.10.2.4 -r1.10.2.5 |--- tikiwiki/tiki/commxmlrpc.php 2005/01/01 00:04:43 1.10.2.4 |+++ tikiwiki/tiki/commxmlrpc.php 2005/08/18 21:39:19 1.10.2.5 -------------------------- No file to patch. Skipping patch. 5 out of 5 hunks ignored =============================== PATCH COMMAND: patch -p2 -g0 --no-backup-if-mismatch < /usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8 .5.patch =============================== patching file commxmlrpc.php Hunk #1 FAILED at 1. 1 out of 5 hunks FAILED -- saving rejects to file commxmlrpc.php.rej =============================== PATCH COMMAND: patch -p3 -g0 --no-backup-if-mismatch < /usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8.5.patch =============================== missing header for unified diff at line 8 of patch can't find file to patch at input line 8 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |=================================================================== |RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v |retrieving revision 1.10.2.4 |retrieving revision 1.10.2.5 |diff -u -r1.10.2.4 -r1.10.2.5 |--- tikiwiki/tiki/commxmlrpc.php 2005/01/01 00:04:43 1.10.2.4 |+++ tikiwiki/tiki/commxmlrpc.php 2005/08/18 21:39:19 1.10.2.5 -------------------------- No file to patch. Skipping patch. 5 out of 5 hunks ignored =============================== PATCH COMMAND: patch -p4 -g0 --no-backup-if-mismatch < /usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8 .5.patch =============================== missing header for unified diff at line 8 of patch can't find file to patch at input line 8 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |=================================================================== |RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v |retrieving revision 1.10.2.4 |retrieving revision 1.10.2.5 |diff -u -r1.10.2.4 -r1.10.2.5 |--- tikiwiki/tiki/commxmlrpc.php 2005/01/01 00:04:43 1.10.2.4 |+++ tikiwiki/tiki/commxmlrpc.php 2005/08/18 21:39:19 1.10.2.5 -------------------------- No file to patch. Skipping patch. 5 out of 5 hunks ignored Portage 2.0.51.22-r2 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.5-r1, 2.6.12-gentoo-r6 i686) ================================================================= System uname: 2.6.12-gentoo-r6 i686 AMD Sempron(tm) 2600+ Gentoo Base System version 1.6.12 ccache version 2.3 [enabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -mmmx -msse -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -mmmx -msse -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X alsa apm avi berkdb bitmap-fonts bonobo cdr crypt cups dvd dvdread eds emboss encode esd fam flac foomaticdb fortran freetds gd gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml imagemagick imap imlib jpeg libg++ libwww mad maildir mikmod mmx motif mozilla mp3 mpeg mysql ncurses nls nptl nptlonly odbc ogg oggvorbis opengl oss pam pam-mysql pdflib perl png postgres python quicktime readline samba sasl sdl slang spell sqlite sse ssl svga tcltk tcpd tiff truetype truetype-fonts type1-fonts vorbis xml xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY apologies, those patches are borked. fixing atm ok, now we're set now, it's working ;) - thank you! Stable on ppc. GLSA 200508-14 1.8.6 and 1.9.1 are now in the tree. ppc - could you mark 1.8.6 stable so that we can rid of the old version? thanks |