4 files changed, 140 insertions, 18 deletions
diff --git a/www-apps/webdavcgi/Manifest b/www-apps/webdavcgi/Manifest
index 70751c9f11d5..e186eda4973c 100644
--- a/www-apps/webdavcgi/Manifest
+++ b/www-apps/webdavcgi/Manifest
@@ -1,5 +1,6 @@
-AUX apache-webdavcgi-1.1-example.conf 2621 BLAKE2B 0ef587bc87f08043c5503db0bf04259daf1c047a653203ba1794ce247d340fec722b91334f9a8b2d1af32bddc9b8e3cf1d31118d869816e8d20e46208362e4c1 SHA512 36e440c8274a46c3e415291f08eb1263694bcb512c9c5bfe6b58f8c24b4d665672788500fc31d87b104c4a654458572798a2e92ab913bd4a438e39b4e90e6ac8
+AUX apache-webdavcgi-1.1-example.conf 2613 BLAKE2B 0c6a1cc621b6d1d8ea07fdc6dd11d2ecffaa9f141641ecd696bd440a6978f141f38626d00d6ae84eddaf8c762f95c86c75c9c91a149d63c8db46dee5c8f1b1dc SHA512 54c338d68b18ed91c8a55b9eeb840c0d1f37fc75404f81dfeb351998d3294a04fd04762963c319ce37adee957bc5ad0117363323caf47252e37e934233460aed
 AUX webdav-1.1.conf 4450 BLAKE2B 29c7dcfdc623938d90a060e4e86d70d82bceb03aba95da72c323415dfc501de975a23cacda18929126f219f540da4b015fe6871e02a551ac25b7017268bf7d58 SHA512 4e867f9d8de4eb3f864ddc0671bf048d1a8daa9e01c830045a7adb5ac712c46925f0ed60d5aeba9acb3f9c3fd259411af23c41476f06d38f3d8f3cb2027c51c8
-DIST webdavcgi-1.1.1.tar.bz2 11623234 BLAKE2B a5a2b67f2666ce4180e5ed145045b8552e6e988967d99bad518d72a67a417ce600619b11af9171aa291bb4b98ec0b0c8c3ce56511d65c4e8b8c92932e8da418f SHA512 660b3e54d72c5b96c1fb329d8e0838b1dbf68e1671af3880f7e096bfdfe559909cf3e1e3069fe4877e0ffbd67d24dc4a38c3db8baaae6d62db05bde31cea789f
-EBUILD webdavcgi-1.1.1.ebuild 5736 BLAKE2B 46d043b9252bdf52f75696ee6476489ebf8bde2a208f81d121b504bb4bd1e8b347bb2ae85ab650bb19e2dd6f47779387afb331219fa4e6d7e448699f5469a89d SHA512 e4fb54e0f2fee21772eae95816a4b9fca5179a5231606f904db5f61d50ecab7d1ad6922dc87d022dc199b8af5ff7b642148cc662c1413c73ae378648cc94ac8e
+AUX webdavcgi-1.1.2-fix-unescaped-braces.patch 4681 BLAKE2B fcb31cbbbcb12aba3113693a603373301160997822be2172b02fafd0be97fea0c25a8bcad7196ffce08ea4f437c27a94f808822c49e4a12589dffac9cbe472f0 SHA512 4cc4bf31acd200365777d8b6ec3bdbc2325c81191a4f71308203a38cd0e918861c2432a50b3c11fdd04323ca3403f42541a3bc2aa6a6c1625fc841a836bf7606
+DIST webdavcgi-1.1.2.tar.gz 16844485 BLAKE2B 1a9f1b0b5b4520badaca1992ba51760a6a1b250edeb3debe6bdcb962fb43c3c660a837882bccfa645a466e967c726569113665ff3a3c0f4db88e573299a30582 SHA512 cddd8461bfb16b5d50a9a2bbe270d3b09e973e74d07b2f54a16473c48dbaaab7d561becf223405a03ef6ce45502bf9684e41dc8e9977b0af788d700693946826
+EBUILD webdavcgi-1.1.2.ebuild 6535 BLAKE2B 681db50e69128d224dfca6079236d1e1dbcbf9e90c61948546d7d7e7e5f18ea28a5478ed80ed471f14e39e697a49b2cc9490498464baa30a1b1aa7bbb0d2d5db SHA512 10ce76759f406c07308ef24438da31e856d31fe653f754189bc19e301be573cbd0a1d73ff6c56a45d417d657a7bd1ee2858c7ed60d8eae880a3cf73cb67787b5
 MISC metadata.xml 1040 BLAKE2B fb1efea181e0b46f16e8086c4e183af13f61d4113d9957cb3b9e8ded4894c13e8559989c543cc9bdd326083805d7357c64c8ffc80518ed8fe12945c947cefbb0 SHA512 af3c8574f9b2c376194b27190dd6e1acf2e7a1e01f1becf41b84de395d96e6a6c739ebfb969c772104c8bdac3de4a8e725ad95a10e8a40902595602692bdcddb
diff --git a/www-apps/webdavcgi/files/apache-webdavcgi-1.1-example.conf b/www-apps/webdavcgi/files/apache-webdavcgi-1.1-example.conf
index 4ee926fbd7c7..900e0ba5a2c4 100644
--- a/www-apps/webdavcgi/files/apache-webdavcgi-1.1-example.conf
+++ b/www-apps/webdavcgi/files/apache-webdavcgi-1.1-example.conf
@@ -30,9 +30,10 @@
 #
 # - The WEBDAVCONF environment variable has to point to your configuration
 #
-# For further informations and other configuration possibilities consult the
-# WebDAV CGI documentation which is located at http://webdavcgi.sourceforge.net
-# and the Apache HTTP server documentation at https://httpd.apache.org/docs/
+# For further information and other configuration possibilities consult the
+# WebDAV CGI documentation and Apache HTTP server documentation:
+# * https://danrohde.github.io/webdavcgi/doc.html
+# * https://httpd.apache.org/docs/
 #
     ScriptAlias /webdavcgi "/usr/libexec/webdavcgi-1.1/cgi-bin/webdavwrapper"
     ScriptAlias /webdav/logout "/usr/libexec/webdavcgi-1.1/cgi-bin/logout"
diff --git a/www-apps/webdavcgi/files/webdavcgi-1.1.2-fix-unescaped-braces.patch b/www-apps/webdavcgi/files/webdavcgi-1.1.2-fix-unescaped-braces.patch
new file mode 100644
index 000000000000..3b3262bfd088
--- /dev/null
+++ b/www-apps/webdavcgi/files/webdavcgi-1.1.2-fix-unescaped-braces.patch
@@ -0,0 +1,98 @@
+diff --git a/lib/perl/Requests/WebDAVRequest.pm b/lib/perl/Requests/WebDAVRequest.pm
+index 8d5b89e6..2b6ea4d9 100644
+--- a/lib/perl/Requests/WebDAVRequest.pm
++++ b/lib/perl/Requests/WebDAVRequest.pm
+@@ -134,7 +134,7 @@ sub get_prop_stat {
+     $fn .= $is_dir && $fn !~ /\/$/xms ? q{/} : q{};
+     foreach my $prop ( @{$props} ) {
+         my ( $xmlnsuri, $propname ) = ( 'DAV:', $prop );
+-        if ( $prop =~ /^{([^}]*)}(.*)$/xms ) {
++        if ( $prop =~ /^[{]([^}]*)[}](.*)$/xms ) {
+             ( $xmlnsuri, $propname ) = ( $1, $2 );
+         }
+ 
+diff --git a/lib/perl/WebDAV/Properties.pm b/lib/perl/WebDAV/Properties.pm
+index 2baf319b..a9ee2d73 100644
+--- a/lib/perl/WebDAV/Properties.pm
++++ b/lib/perl/WebDAV/Properties.pm
+@@ -139,7 +139,7 @@ sub set_property {
+     my $rfn = $self->resolve($fn);
+     my $ru  = $REQUEST_URI;
+     my ( $ns, $pn );
+-    if ( $propname =~ /^{([^}]+)}(.*)$/xms ) {
++    if ( $propname =~ /^[{]([^}]+)[}](.*)$/xms ) {
+         ( $ns, $pn ) = ( $1, $2 );
+     }
+ 
+@@ -186,7 +186,7 @@ sub set_property {
+         if (   $parref
+             && ref($parref) eq 'HASH'
+             && ( !${$parref}{xmlns} || ${$parref}{xmlns} eq q{} )
+-            && $n !~ /^{[^}]*}/xms )
++            && $n !~ /^[{][^}]*[}]/xms )
+         {
+             $n = '{}' . $n;
+         }
+diff --git a/lib/perl/WebDAV/XMLHelper.pm b/lib/perl/WebDAV/XMLHelper.pm
+index 10ec2ceb..c8116927 100644
+--- a/lib/perl/WebDAV/XMLHelper.pm
++++ b/lib/perl/WebDAV/XMLHelper.pm
+@@ -229,7 +229,7 @@ sub get_namespace_uri {
+ 
+ sub nonamespace {
+     my ($prop) = @_;
+-    $prop =~ s/^{[^}]*}//xms;
++    $prop =~ s/^[{][^}]*[}]//xms;
+     return $prop;
+ }
+ 
+diff --git a/lib/perl/WebInterface/Common.pm b/lib/perl/WebInterface/Common.pm
+index a4236fae..6fa904cf 100644
+--- a/lib/perl/WebInterface/Common.pm
++++ b/lib/perl/WebInterface/Common.pm
+@@ -562,7 +562,7 @@ sub _get_varref {
+         if ( defined $self->{$str} ) {
+             return $self->{$str};
+         }
+-        if ($str=~/^(.*){(.*?)}/xms) {
++        if ($str=~/^(.*)[{](.*?)[}]/xms) {
+             $ref = $DefaultConfig::{$1}{$2};
+             return $ref;
+         }
+diff --git a/lib/perl/WebInterface/Extension/PropertiesViewer.pm b/lib/perl/WebInterface/Extension/PropertiesViewer.pm
+index 2f6223e8..be7ba438 100644
+--- a/lib/perl/WebInterface/Extension/PropertiesViewer.pm
++++ b/lib/perl/WebInterface/Extension/PropertiesViewer.pm
+@@ -157,7 +157,7 @@ sub _render_viewer {
+         my $title = create_xml( $r200{prop},        1 );
+         my $value = create_xml( $r200{prop}{$prop}, 1 );
+         my $namespace = get_namespace_uri($prop);
+-        if ( $prop =~ /^{([^}]*)}/xms ) {
++        if ( $prop =~ /^[{]([^}]*)[}]/xms ) {
+             $namespace = $1;
+         }
+         push @bgstyleclasses, shift @bgstyleclasses;
+diff --git a/lib/perl/WebInterface/View/Simple/RenderFileListTable.pm b/lib/perl/WebInterface/View/Simple/RenderFileListTable.pm
+index 44cfd894..972d431f 100644
+--- a/lib/perl/WebInterface/View/Simple/RenderFileListTable.pm
++++ b/lib/perl/WebInterface/View/Simple/RenderFileListTable.pm
+@@ -85,7 +85,7 @@ sub render_file_list_table {
+         unselectable => $self->is_unselectable($fn)        ? 'yes' : 'no',
+     );
+     $filelisttabletemplate =~
+-        s/[\$]{?(\w+)}?/exists $stdvars{$1} && defined $stdvars{$1}?$stdvars{$1}:"\$$1"/xmegs;
++        s/[\$][{]?(\w+)[}]?/exists $stdvars{$1} && defined $stdvars{$1}?$stdvars{$1}:"\$$1"/xmegs;
+     my %jsondata = (
+         content => $self->minify_html(
+             $self->render_template( $fn, $ru, $filelisttabletemplate )
+@@ -253,8 +253,8 @@ sub _render_file_list_entry {
+     my $displayname = $self->{cgi}->escapeHTML( $self->{backend}->getDisplayName($full) );
+     my $now = $self->{c}{_render_file_list_entry}{now}{$lang} //= DateTime->now( locale => $lang );
+     my $cct = $self->can_create_thumb($full);
+-    my $u   = $self->{c}{_render_file_list_entry}{uid}{$uid // 'unknown'} //= $uid && $uid=~/^\d+$/xms ? scalar getpwuid( $uid ) : $uid ? $uid : 'unknown';
+-    my $g   = $self->{c}{_render_file_list_entry}{gid}{$gid // 'unknown'} //= $gid && $gid=~/^\d+$/xms ? scalar getgrgid( $gid ) : $gid ? $gid : 'unknown';
++    my $u   = $self->{c}{_render_file_list_entry}{uid}{$uid // 'unknown'} //= $uid && $uid=~/^\d+$/xms ? scalar getpwuid( $uid ) // $uid: $uid ? $uid : 'unknown';
++    my $g   = $self->{c}{_render_file_list_entry}{gid}{$gid // 'unknown'} //= $gid && $gid=~/^\d+$/xms ? scalar getgrgid( $gid ) // $gid: $gid ? $gid : 'unknown';
+     my $icon = $self->{c}{_render_file_list_entry}{icon}{$mime}
+         //= $self->get_icon($mime);
+     my $enthumb = $self->{c}{_render_file_list_entry}{cookie}{thumbnails}
diff --git a/www-apps/webdavcgi/webdavcgi-1.1.1.ebuild b/www-apps/webdavcgi/webdavcgi-1.1.2.ebuild
index 54da3b6b4416..b9ddf2f7e102 100644
--- a/www-apps/webdavcgi/webdavcgi-1.1.1.ebuild
+++ b/www-apps/webdavcgi/webdavcgi-1.1.2.ebuild
@@ -1,20 +1,20 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
-inherit eutils toolchain-funcs versionator
+inherit toolchain-funcs
 
 DESCRIPTION="A Perl CGI for accessing and sharing files, or calendar/addressbooks via WebDAV."
-HOMEPAGE="http://webdavcgi.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+HOMEPAGE="https://danrohde.github.io/webdavcgi/"
+SRC_URI="https://github.com/DanRohde/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="GPL-3+"
 
 # Provide slotting on minor versions. WebDAV CGI is a web application which
 # can be shared by multiple instances and thus major updates shouldn't be
 # enforced to all users/instances at the same time.
-SLOT="$(get_version_component_range 1-2)"
+SLOT="$(ver_cut 1-2)"
 
 KEYWORDS="~amd64"
 IUSE="afs git kerberos ldap mysql pdf postgres rcs samba +sqlite +suid"
@@ -27,6 +27,7 @@ RDEPEND="afs? ( net-fs/openafs )
 	dev-perl/DateTime
 	dev-perl/DateTime-Format-Human-Duration
 	dev-perl/File-Copy-Link
+	dev-perl/IO-Compress-Brotli
 	dev-perl/JSON
 	dev-perl/List-MoreUtils
 	dev-perl/MIME-tools
@@ -55,6 +56,16 @@ REQUIRED_USE="|| ( mysql postgres sqlite )"
 
 CGIBINDIR="cgi-bin"
 
+PATCHES=(
+	# Fix unescaped braces, which adresses #674772 and #658470
+	#
+	# The patch originates from
+	# https://github.com/DanRohde/webdavcgi/commit/04e79b7ecbaf3aae5ab813cd4fc0a009c72b1580
+	# and can be remove as soon as this ebuild gets bumped to 1.1.3 which
+	# already includes the change.
+	"${FILESDIR}/${P}-fix-unescaped-braces.patch"
+)
+
 src_compile() {
 	if use suid; then
 		WEBDAVWRAPPERS="webdavwrapper" # Standard UID/GID wrapper
@@ -146,7 +157,7 @@ src_install() {
 	dodoc CHANGELOG
 	dodoc etc/webdav.conf.complete
 	dodoc "${FILESDIR}/${APACHEEXAMPLECONFIG}"
-	dodoc -r "doc/"
+	dodoc -r "docs/"
 }
 
 pkg_postinst() {
@@ -162,23 +173,34 @@ pkg_postinst() {
 	elog "The WebDAV CGI config is located at ${WEBDAVCONFIG}."
 	elog
 	elog "An example Apache HTTP server configuration snippet is available in"
-	elog "${ROOT%/}/usr/share/doc/${PF} in the file ${APACHEEXAMPLECONFIG}"
+	elog "${EROOT}/usr/share/doc/${PF} in the file ${APACHEEXAMPLECONFIG}"
 	elog
 	elog "An important note to systemd user's running the Apache HTTP server:"
+	elog ""
 	elog "The default apache2.service will be started with private file system"
-	elog "namespaces for /var/tmp and /tmp enabled (PrivateTmp=true)."
+	elog "namespaces for /var/tmp and /tmp enabled (PrivateTmp=true) and with"
+	elog "restricted privileges and securebits flags (NoNewPrivileges=true"
+	elog "SecureBits=noroot-locked)"
+	elog ""
 	elog "This means that you either need to disable PrivateTmp, relocate the"
 	elog "directories starting with /var/tmp within ${WEBDAVCONFIG}"
 	elog "or pre-create the directory structure with a user defined systemd"
 	elog "companion unit using the JoinsNamespaceOf directive."
+	elog ""
+	elog "For those using the setuid/guid webdavwrapper, additional systemd"
+	elog "execution environment relaxation is required."
 	elog
-	elog "To disable the private file system namespace, override the existing"
-	elog "service:"
+	elog "To override the existing systemd service unit:"
 	elog "systemctl edit apache2.service"
+	elog ""
 	elog "[Service]"
+	elog "# Disable private file system namespaces"
 	elog "PrivateTmp=false"
+	elog "# Uncomment the following if you're using the setuid/guid webdavwrapper"
+	elog "#NoNewPrivileges=false"
+	elog "#SecureBits="
 
 	einfo
 	einfo "Detailed installation and configuration instructions can be found at"
-	einfo "http://webdavcgi.sourceforge.net/"
+	einfo "https://danrohde.github.io/webdavcgi/doc.html"
 }