diff options
| author |   Matti Bickel <mabi@gentoo.org> | 2012-06-11 15:12:54 +0000 |
|---|---|---|
| committer | Matti Bickel <mabi@gentoo.org> | 2012-06-11 15:12:54 +0000 |
| commit | 6c627b6acd4526f185a7153c8cc28ea1e8c28b3e (patch) | |
| tree | e1695d84030ddd18aed81045970b68bd548cd9fa /dev-php/jpgraph | |
| parent | Version bump. Ebuild by Arfrever. (diff) | |
| download | gentoo-2-6c627b6acd4526f185a7153c8cc28ea1e8c28b3e.tar.gz gentoo-2-6c627b6acd4526f185a7153c8cc28ea1e8c28b3e.tar.bz2 gentoo-2-6c627b6acd4526f185a7153c8cc28ea1e8c28b3e.zip | |
bump to fix security issue (bug #303745), also move jpgraph install path to /usr/share/php/jpgraph (losing the src part)
(Portage version: 2.2.0_alpha110/cvs/Linux x86_64)
Diffstat (limited to 'dev-php/jpgraph')
| -rw-r--r-- | dev-php/jpgraph/ChangeLog | 9 | ||||
| -rw-r--r-- | dev-php/jpgraph/files/cve-2009-4422.patch | 31 | ||||
| -rw-r--r-- | dev-php/jpgraph/jpgraph-3.0.7-r1.ebuild (renamed from dev-php/jpgraph/jpgraph-3.0.7.ebuild) | 14 |
3 files changed, 49 insertions, 5 deletions
diff --git a/dev-php/jpgraph/ChangeLog b/dev-php/jpgraph/ChangeLog index 5cc6699d194f..ffaa5e68abda 100644 --- a/dev-php/jpgraph/ChangeLog +++ b/dev-php/jpgraph/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-php5/jpgraph # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-php/jpgraph/ChangeLog,v 1.22 2012/01/28 14:04:18 mabi Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-php/jpgraph/ChangeLog,v 1.23 2012/06/11 15:12:54 mabi Exp $ + +*jpgraph-3.0.7-r1 (11 Jun 2012) + + 11 Jun 2012; Matti Bickel <mabi@gentoo.org> +files/cve-2009-4422.patch, + +jpgraph-3.0.7-r1.ebuild, -jpgraph-3.0.7.ebuild: + bump to fix security issue (bug #303745), also move jpgraph install path to + /usr/share/php/jpgraph (losing the src part) 28 Jan 2012; Matti Bickel <mabi@gentoo.org> jpgraph-3.0.7.ebuild: EAPI bump diff --git a/dev-php/jpgraph/files/cve-2009-4422.patch b/dev-php/jpgraph/files/cve-2009-4422.patch new file mode 100644 index 000000000000..b092d43c9006 --- /dev/null +++ b/dev-php/jpgraph/files/cve-2009-4422.patch @@ -0,0 +1,31 @@ +diff -ur jpgraph-3.0.7.orig/src/jpgraph.php jpgraph-3.0.7/src/jpgraph.php +--- jpgraph-3.0.7.orig/src/jpgraph.php 1970-01-01 10:13:08.000000000 +0100 ++++ jpgraph-3.0.7/src/jpgraph.php 2012-06-11 14:55:18.557995018 +0200 +@@ -1286,11 +1286,11 @@ + while( list($key,$value) = each($_GET) ) { + if( is_array($value) ) { + foreach ( $value as $k => $v ) { +- $urlarg .= '&'.$key.'%5B'.$k.'%5D='.urlencode($v); ++ $urlarg .= '&'.urlencode($key).'%5B'.$k.'%5D='.urlencode($v); + } + } + else { +- $urlarg .= '&'.$key.'='.urlencode($value); ++ $urlarg .= '&'.urlencode($key).'='.urlencode($value); + } + } + +@@ -1301,11 +1301,11 @@ + while( list($key,$value) = each($_POST) ) { + if( is_array($value) ) { + foreach ( $value as $k => $v ) { +- $urlarg .= '&'.$key.'%5B'.$k.'%5D='.urlencode($v); ++ $urlarg .= '&'.htmlentities($key).'%5B'.$k.'%5D='.htmlentities($v); + } + } + else { +- $urlarg .= '&'.$key.'='.urlencode($value); ++ $urlarg .= '&'.htmlentities($key).'='.htmlentities($value); + } + } + diff --git a/dev-php/jpgraph/jpgraph-3.0.7.ebuild b/dev-php/jpgraph/jpgraph-3.0.7-r1.ebuild index 56cc07980d29..9919f7eb2d09 100644 --- a/dev-php/jpgraph/jpgraph-3.0.7.ebuild +++ b/dev-php/jpgraph/jpgraph-3.0.7-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-php/jpgraph/jpgraph-3.0.7.ebuild,v 1.2 2012/01/28 14:04:18 mabi Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-php/jpgraph/jpgraph-3.0.7-r1.ebuild,v 1.1 2012/06/11 15:12:54 mabi Exp $ EAPI="4" @@ -13,7 +13,7 @@ HOMEPAGE="http://www.aditus.nu/jpgraph/" SRC_URI="http://hem.bredband.net/jpgraph2/${P}.tar.bz2" LICENSE="QPL-1.0" SLOT="0" -IUSE="truetype" +IUSE="truetype +examples" DEPEND="" RDEPEND="truetype? ( media-fonts/corefonts ) @@ -40,6 +40,10 @@ pkg_setup() { fi } +src_prepare() { + epatch "${FILESDIR}/cve-2009-4422.patch" +} + src_install() { # some patches to adapt the config to Gentoo einfo "Patching jpg-config.inc.php" @@ -66,14 +70,16 @@ src_install() { # patch 4: # disable READ_CACHE in jpgraph - sed -i "s|^define('READ_CACHE',true);|define('READ_CACHE',false);|" src/jpg-config.inc.php \ || die "sed failed in patch 4" # install php files einfo "Building list of files to install" insinto "/usr/share/php/${PN}" - doins -r src/ + doins -r src/* + + # remove unwanted examples + use examples || rm -rf "${D}/usr/share/php/${PN}/Examples" # install documentation einfo "Installing documentation" |