diff options
| author |   Tobias Scherbaum <dertobi123@gentoo.org> | 2008-11-28 15:55:14 +0000 |
|---|---|---|
| committer | Tobias Scherbaum <dertobi123@gentoo.org> | 2008-11-28 15:55:14 +0000 |
| commit | 1a3a18b4f145be8518baa900bc3f6883e793ea07 (patch) | |
| tree | a10edf8cccf75bc7f2c02ed09c24f1bd8f993a00 /dev-php/smarty | |
| parent | Version bump; latex-related fixes (diff) | |
| download | gentoo-2-1a3a18b4f145be8518baa900bc3f6883e793ea07.tar.gz gentoo-2-1a3a18b4f145be8518baa900bc3f6883e793ea07.tar.bz2 gentoo-2-1a3a18b4f145be8518baa900bc3f6883e793ea07.zip | |
Revision bump for security bug #243856
(Portage version: 2.2_rc16/cvs/Linux 2.6.25-gentoo-r7 x86_64)
Diffstat (limited to 'dev-php/smarty')
| -rw-r--r-- | dev-php/smarty/ChangeLog | 9 | ||||
| -rw-r--r-- | dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch | 30 | ||||
| -rw-r--r-- | dev-php/smarty/smarty-2.6.14.ebuild | 46 | ||||
| -rw-r--r-- | dev-php/smarty/smarty-2.6.18.ebuild | 46 | ||||
| -rw-r--r-- | dev-php/smarty/smarty-2.6.20-r1.ebuild (renamed from dev-php/smarty/smarty-2.6.20.ebuild) | 11 |
5 files changed, 47 insertions, 95 deletions
diff --git a/dev-php/smarty/ChangeLog b/dev-php/smarty/ChangeLog index 7bc2cfc974b1..3ab3647cb948 100644 --- a/dev-php/smarty/ChangeLog +++ b/dev-php/smarty/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-php/smarty # Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/ChangeLog,v 1.81 2008/09/04 16:51:27 dertobi123 Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/ChangeLog,v 1.82 2008/11/28 15:55:14 dertobi123 Exp $ + +*smarty-2.6.20-r1 (28 Nov 2008) + + 28 Nov 2008; Tobias Scherbaum <dertobi123@gentoo.org> + +files/smarty-2.6.20-CVE-2008-4810.patch, -smarty-2.6.14.ebuild, + -smarty-2.6.18.ebuild, -smarty-2.6.20.ebuild, +smarty-2.6.20-r1.ebuild: + Revision bump for security bug #243856 *smarty-2.6.20 (04 Sep 2008) diff --git a/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch b/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch new file mode 100644 index 000000000000..c453ec7e34e7 --- /dev/null +++ b/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch @@ -0,0 +1,30 @@ +------------------------------------------------------------------------ +r2784 | Uwe.Tews | 2008-09-18 23:03:32 +0200 (Thu, 18 Sep 2008) | 1 line + + - fix function injection security hole closed (U.Tews) +------------------------------------------------------------------------ +r2796 | monte.ohrt | 2008-09-22 17:29:16 +0200 (Mon, 22 Sep 2008) | 3 lines + +revert patch for secuity hole, update site url + + +------------------------------------------------------------------------ +r2797 | monte.ohrt | 2008-09-22 21:26:32 +0200 (Mon, 22 Sep 2008) | 3 lines + +patch for security, php executed in templates + + +------------------------------------------------------------------------ +Index: Smarty_Compiler.class.php +=================================================================== +--- Smarty-2.6.20.orig/libs/Smarty_Compiler.class.php (revision 2781) ++++ Smarty-2.6.20/libs/Smarty_Compiler.class.php (revision 2797) +@@ -1705,6 +1705,8 @@ + } + // replace double quoted literal string with single quotes + $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); ++ // escape dollar sign if not printing a var ++ $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return); + return $_return; + } + diff --git a/dev-php/smarty/smarty-2.6.14.ebuild b/dev-php/smarty/smarty-2.6.14.ebuild deleted file mode 100644 index 60eb51bdc857..000000000000 --- a/dev-php/smarty/smarty-2.6.14.ebuild +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.14.ebuild,v 1.10 2007/03/18 15:42:03 chtekk Exp $ - -inherit php-lib-r1 - -KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86" - -MY_P="Smarty-${PV}" - -DESCRIPTION="A template engine for PHP." -HOMEPAGE="http://smarty.php.net/" -SRC_URI="http://smarty.php.net/distributions/${MY_P}.tar.gz" -LICENSE="LGPL-2.1" -SLOT="0" -IUSE="doc" - -DEPEND="" -RDEPEND="" -PDEPEND="doc? ( dev-php/smarty-docs )" - -S="${WORKDIR}/${MY_P}" - -need_php_by_category - -src_install() { - dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO - - php-lib-r1_src_install ./libs `find ./libs -type f -print | sed -e "s|./libs||g"` -} - -pkg_postinst() { - elog "${PHP_LIB_NAME} has been installed in /usr/share/php/${PHP_LIB_NAME}/." - elog "To use it in your scripts, either" - elog "1. define('SMARTY_DIR', \"/usr/share/php/${PHP_LIB_NAME}/\") in your scripts, or" - elog "2. add '/usr/share/php/${PHP_LIB_NAME}/' to the 'include_path' variable in your" - elog "php.ini file under /etc/php/SAPI (where SAPI is one of apache-php[45]," - elog "cgi-php[45] or cli-php[45])." - elog - elog "If you're upgrading from a previous version make sure to clear out your" - elog "templates_c and cache directories as some include paths have changed!" - elog - elog "The Smarty include directory has changed in 2.6.12 from /usr/share/php/Smarty/" - elog "to /usr/share/php/${PHP_LIB_NAME}/ you will need to change your SMARTY_DIR or" - elog "include_path accordingly." -} diff --git a/dev-php/smarty/smarty-2.6.18.ebuild b/dev-php/smarty/smarty-2.6.18.ebuild deleted file mode 100644 index d9c49257d936..000000000000 --- a/dev-php/smarty/smarty-2.6.18.ebuild +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.18.ebuild,v 1.7 2007/11/02 03:55:10 beandog Exp $ - -inherit php-lib-r1 - -KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86" - -MY_P="Smarty-${PV}" - -DESCRIPTION="A template engine for PHP." -HOMEPAGE="http://smarty.php.net/" -SRC_URI="http://smarty.php.net/distributions/${MY_P}.tar.gz" -LICENSE="LGPL-2.1" -SLOT="0" -IUSE="doc" - -DEPEND="" -RDEPEND="" -PDEPEND="doc? ( dev-php/smarty-docs )" - -S="${WORKDIR}/${MY_P}" - -need_php_by_category - -src_install() { - dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO - - php-lib-r1_src_install ./libs `find ./libs -type f -print | sed -e "s|./libs||g"` -} - -pkg_postinst() { - elog "${PHP_LIB_NAME} has been installed in /usr/share/php/${PHP_LIB_NAME}/." - elog "To use it in your scripts, either" - elog "1. define('SMARTY_DIR', \"/usr/share/php/${PHP_LIB_NAME}/\") in your scripts, or" - elog "2. add '/usr/share/php/${PHP_LIB_NAME}/' to the 'include_path' variable in your" - elog "php.ini file under /etc/php/SAPI (where SAPI is one of apache-php[45]," - elog "cgi-php[45] or cli-php[45])." - elog - elog "If you're upgrading from a previous version make sure to clear out your" - elog "templates_c and cache directories as some include paths have changed!" - elog - elog "The Smarty include directory has changed in 2.6.12 from /usr/share/php/Smarty/" - elog "to /usr/share/php/${PHP_LIB_NAME}/ you will need to change your SMARTY_DIR or" - elog "include_path accordingly." -} diff --git a/dev-php/smarty/smarty-2.6.20.ebuild b/dev-php/smarty/smarty-2.6.20-r1.ebuild index fd1f541b33a9..b7470b49642e 100644 --- a/dev-php/smarty/smarty-2.6.20.ebuild +++ b/dev-php/smarty/smarty-2.6.20-r1.ebuild @@ -1,8 +1,8 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.20.ebuild,v 1.1 2008/09/04 16:51:27 dertobi123 Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.20-r1.ebuild,v 1.1 2008/11/28 15:55:14 dertobi123 Exp $ -inherit php-lib-r1 +inherit php-lib-r1 eutils KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" @@ -23,6 +23,13 @@ S="${WORKDIR}/${MY_P}" need_php_by_category +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${P}-CVE-2008-4810.patch" +} + src_install() { dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO |