Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 102377

Summary: www-apps/tikiwiki XML-RPC Vulnerabilities round 2
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: duncan, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-13 07:34:44 UTC
see bug #102324
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-14 22:04:59 UTC
Now instead see bug #102576 
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-08-21 08:22:25 UTC
AFAICT Tikiwiki can now be made to use the official PEAR module.

1.8.5 needs :
http://cvs.sourceforge.net/viewcvs.py/tikiwiki/tiki/commxmlrpc.php?r1=1.10.2.4&r2=1.10.2.5

1.9.0 needs :
http://cvs.sourceforge.net/viewcvs.py/tikiwiki/tiki/commxmlrpc.php?r1=1.14.2.1&r2=1.14.2.2

web-apps : please bump
Comment 3 Renat Lumpau (RETIRED) gentoo-dev 2005-08-21 09:41:11 UTC
bumped
Comment 4 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-21 10:48:13 UTC
ppc, please mark stable, thanks.
Comment 5 Robert R. Richter 2005-08-21 11:08:05 UTC
error trying to install 1.8.5-r2

Calculating world dependencies ...done!
>>> emerge (1 of 1) www-apps/tikiwiki-1.8.5-r2 to /
>>> md5 files   ;-) tikiwiki-1.8.5-r2.ebuild
>>> md5 files   ;-) tikiwiki-1.8.5-r1.ebuild
>>> md5 files   ;-) tikiwiki-1.9.0.ebuild
>>> md5 files   ;-) tikiwiki-1.9.0-r1.ebuild
>>> md5 files   ;-) files/tikiwiki-1.8.5-xmlrpc.patch
>>> md5 files   ;-) files/digest-tikiwiki-1.8.5-r2
>>> md5 files   ;-) files/digest-tikiwiki-1.8.5-r1
>>> md5 files   ;-) files/digest-tikiwiki-1.9.0
>>> md5 files   ;-) files/digest-tikiwiki-1.9.0-r1
>>> md5 files   ;-) files/postinstall-en.txt
>>> md5 files   ;-) files/xmlrpc2-1.8.5.patch
>>> md5 files   ;-) files/xmlrpc2-1.9.0.patch
>>> md5 src_uri ;-) tikiwiki-1.8.5.tar.bz2
 * You already have something installed in /var/www/localhost/htdocs/tikiwiki
 * Are you trying to install over the top of something I cannot upgrade?
 * 
 * I can upgrade the contents of /var/www/localhost/htdocs/tikiwiki
 * 
>>> Unpacking source...
>>> Unpacking tikiwiki-1.8.5.tar.bz2 to /var/tmp/portage/tikiwiki-1.8.5-r2/work
 * Applying xmlrpc2-1.8.5.patch ...

 * Failed Patch: xmlrpc2-1.8.5.patch !
 *  ( /usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8.5.patch )
 * 
 * Include in your bugreport the contents of:
 * 
 *   /var/tmp/portage/tikiwiki-1.8.5-r2/temp/xmlrpc2-1.8.5.patch-16290.out


!!! ERROR: www-apps/tikiwiki-1.8.5-r2 failed.
!!! Function epatch, Line 359, Exitcode 0
!!! Failed Patch: xmlrpc2-1.8.5.patch!
!!! If you need support, post the topmost build error, NOT this status message.

more /var/tmp/portage/tikiwiki-1.8.5-r2/temp/xmlrpc2-1.8.5.patch-16290.out
***** xmlrpc2-1.8.5.patch *****

===============================

PATCH COMMAND:  patch -p0 -g0 --no-backup-if-mismatch <
/usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8
.5.patch

===============================
can't find file to patch at input line 8
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v
|retrieving revision 1.10.2.4
|retrieving revision 1.10.2.5
|diff -u -r1.10.2.4 -r1.10.2.5
|--- tikiwiki/tiki/commxmlrpc.php       2005/01/01 00:04:43     1.10.2.4
|+++ tikiwiki/tiki/commxmlrpc.php       2005/08/18 21:39:19     1.10.2.5
--------------------------
No file to patch.  Skipping patch.
5 out of 5 hunks ignored
===============================

PATCH COMMAND:  patch -p1 -g0 --no-backup-if-mismatch <
/usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8
.5.patch

===============================
can't find file to patch at input line 8
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v
|retrieving revision 1.10.2.4
|retrieving revision 1.10.2.5
|diff -u -r1.10.2.4 -r1.10.2.5
|--- tikiwiki/tiki/commxmlrpc.php       2005/01/01 00:04:43     1.10.2.4
|+++ tikiwiki/tiki/commxmlrpc.php       2005/08/18 21:39:19     1.10.2.5
--------------------------
No file to patch.  Skipping patch.
5 out of 5 hunks ignored
===============================

PATCH COMMAND:  patch -p2 -g0 --no-backup-if-mismatch <
/usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8
.5.patch

===============================
patching file commxmlrpc.php
Hunk #1 FAILED at 1.
1 out of 5 hunks FAILED -- saving rejects to file commxmlrpc.php.rej
===============================

PATCH COMMAND:  patch -p3 -g0 --no-backup-if-mismatch <
/usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8.5.patch

===============================
missing header for unified diff at line 8 of patch
can't find file to patch at input line 8
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v
|retrieving revision 1.10.2.4
|retrieving revision 1.10.2.5
|diff -u -r1.10.2.4 -r1.10.2.5
|--- tikiwiki/tiki/commxmlrpc.php       2005/01/01 00:04:43     1.10.2.4
|+++ tikiwiki/tiki/commxmlrpc.php       2005/08/18 21:39:19     1.10.2.5
--------------------------
No file to patch.  Skipping patch.
5 out of 5 hunks ignored
===============================

PATCH COMMAND:  patch -p4 -g0 --no-backup-if-mismatch <
/usr/portage/www-apps/tikiwiki/files/xmlrpc2-1.8
.5.patch

===============================
missing header for unified diff at line 8 of patch
can't find file to patch at input line 8
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /cvsroot/tikiwiki/tiki/commxmlrpc.php,v
|retrieving revision 1.10.2.4
|retrieving revision 1.10.2.5
|diff -u -r1.10.2.4 -r1.10.2.5
|--- tikiwiki/tiki/commxmlrpc.php       2005/01/01 00:04:43     1.10.2.4
|+++ tikiwiki/tiki/commxmlrpc.php       2005/08/18 21:39:19     1.10.2.5
--------------------------
No file to patch.  Skipping patch.
5 out of 5 hunks ignored

Portage 2.0.51.22-r2 (default-linux/x86/2005.0, gcc-3.3.5-20050130,
glibc-2.3.5-r1, 2.6.12-gentoo-r6 i686)
=================================================================
System uname: 2.6.12-gentoo-r6 i686 AMD Sempron(tm) 2600+
Gentoo Base System version 1.6.12
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp -mmmx -msse -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/bind
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -mmmx -msse -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X alsa apm avi berkdb bitmap-fonts bonobo cdr crypt cups dvd dvdread
eds emboss encode esd fam flac foomaticdb fortran freetds gd gdbm gif gnome gpm
gstreamer gtk gtk2 gtkhtml imagemagick imap imlib jpeg libg++ libwww mad maildir
mikmod mmx motif mozilla mp3 mpeg mysql ncurses nls nptl nptlonly odbc ogg
oggvorbis opengl oss pam pam-mysql pdflib perl png postgres python quicktime
readline samba sasl sdl slang spell sqlite sse ssl svga tcltk tcpd tiff truetype
truetype-fonts type1-fonts vorbis xml xml2 xmms xv zlib userland_GNU
kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Comment 6 Renat Lumpau (RETIRED) gentoo-dev 2005-08-21 11:44:48 UTC
apologies, those patches are borked. fixing atm
Comment 7 Renat Lumpau (RETIRED) gentoo-dev 2005-08-21 12:06:19 UTC
ok, now we're set
Comment 8 Robert R. Richter 2005-08-21 15:31:06 UTC
now, it's working ;) - thank you!
Comment 9 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-22 13:19:59 UTC
Stable on ppc.
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-08-24 12:58:24 UTC
GLSA 200508-14
Comment 11 Renat Lumpau (RETIRED) gentoo-dev 2005-08-24 15:42:09 UTC
1.8.6 and 1.9.1 are now in the tree. ppc - could you mark 1.8.6 stable so that
we can rid of the old version? thanks