summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'dev-php')
-rw-r--r--dev-php/smarty/ChangeLog9
-rw-r--r--dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch30
-rw-r--r--dev-php/smarty/smarty-2.6.14.ebuild46
-rw-r--r--dev-php/smarty/smarty-2.6.18.ebuild46
-rw-r--r--dev-php/smarty/smarty-2.6.20-r1.ebuild (renamed from dev-php/smarty/smarty-2.6.20.ebuild)11
5 files changed, 47 insertions, 95 deletions
diff --git a/dev-php/smarty/ChangeLog b/dev-php/smarty/ChangeLog
index 7bc2cfc974b1..3ab3647cb948 100644
--- a/dev-php/smarty/ChangeLog
+++ b/dev-php/smarty/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for dev-php/smarty
# Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/ChangeLog,v 1.81 2008/09/04 16:51:27 dertobi123 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/ChangeLog,v 1.82 2008/11/28 15:55:14 dertobi123 Exp $
+
+*smarty-2.6.20-r1 (28 Nov 2008)
+
+ 28 Nov 2008; Tobias Scherbaum <dertobi123@gentoo.org>
+ +files/smarty-2.6.20-CVE-2008-4810.patch, -smarty-2.6.14.ebuild,
+ -smarty-2.6.18.ebuild, -smarty-2.6.20.ebuild, +smarty-2.6.20-r1.ebuild:
+ Revision bump for security bug #243856
*smarty-2.6.20 (04 Sep 2008)
diff --git a/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch b/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch
new file mode 100644
index 000000000000..c453ec7e34e7
--- /dev/null
+++ b/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch
@@ -0,0 +1,30 @@
+------------------------------------------------------------------------
+r2784 | Uwe.Tews | 2008-09-18 23:03:32 +0200 (Thu, 18 Sep 2008) | 1 line
+
+ - fix function injection security hole closed (U.Tews)
+------------------------------------------------------------------------
+r2796 | monte.ohrt | 2008-09-22 17:29:16 +0200 (Mon, 22 Sep 2008) | 3 lines
+
+revert patch for secuity hole, update site url
+
+
+------------------------------------------------------------------------
+r2797 | monte.ohrt | 2008-09-22 21:26:32 +0200 (Mon, 22 Sep 2008) | 3 lines
+
+patch for security, php executed in templates
+
+
+------------------------------------------------------------------------
+Index: Smarty_Compiler.class.php
+===================================================================
+--- Smarty-2.6.20.orig/libs/Smarty_Compiler.class.php (revision 2781)
++++ Smarty-2.6.20/libs/Smarty_Compiler.class.php (revision 2797)
+@@ -1705,6 +1705,8 @@
+ }
+ // replace double quoted literal string with single quotes
+ $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
++ // escape dollar sign if not printing a var
++ $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
+ return $_return;
+ }
+
diff --git a/dev-php/smarty/smarty-2.6.14.ebuild b/dev-php/smarty/smarty-2.6.14.ebuild
deleted file mode 100644
index 60eb51bdc857..000000000000
--- a/dev-php/smarty/smarty-2.6.14.ebuild
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.14.ebuild,v 1.10 2007/03/18 15:42:03 chtekk Exp $
-
-inherit php-lib-r1
-
-KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86"
-
-MY_P="Smarty-${PV}"
-
-DESCRIPTION="A template engine for PHP."
-HOMEPAGE="http://smarty.php.net/"
-SRC_URI="http://smarty.php.net/distributions/${MY_P}.tar.gz"
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="doc"
-
-DEPEND=""
-RDEPEND=""
-PDEPEND="doc? ( dev-php/smarty-docs )"
-
-S="${WORKDIR}/${MY_P}"
-
-need_php_by_category
-
-src_install() {
- dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO
-
- php-lib-r1_src_install ./libs `find ./libs -type f -print | sed -e "s|./libs||g"`
-}
-
-pkg_postinst() {
- elog "${PHP_LIB_NAME} has been installed in /usr/share/php/${PHP_LIB_NAME}/."
- elog "To use it in your scripts, either"
- elog "1. define('SMARTY_DIR', \"/usr/share/php/${PHP_LIB_NAME}/\") in your scripts, or"
- elog "2. add '/usr/share/php/${PHP_LIB_NAME}/' to the 'include_path' variable in your"
- elog "php.ini file under /etc/php/SAPI (where SAPI is one of apache-php[45],"
- elog "cgi-php[45] or cli-php[45])."
- elog
- elog "If you're upgrading from a previous version make sure to clear out your"
- elog "templates_c and cache directories as some include paths have changed!"
- elog
- elog "The Smarty include directory has changed in 2.6.12 from /usr/share/php/Smarty/"
- elog "to /usr/share/php/${PHP_LIB_NAME}/ you will need to change your SMARTY_DIR or"
- elog "include_path accordingly."
-}
diff --git a/dev-php/smarty/smarty-2.6.18.ebuild b/dev-php/smarty/smarty-2.6.18.ebuild
deleted file mode 100644
index d9c49257d936..000000000000
--- a/dev-php/smarty/smarty-2.6.18.ebuild
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.18.ebuild,v 1.7 2007/11/02 03:55:10 beandog Exp $
-
-inherit php-lib-r1
-
-KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86"
-
-MY_P="Smarty-${PV}"
-
-DESCRIPTION="A template engine for PHP."
-HOMEPAGE="http://smarty.php.net/"
-SRC_URI="http://smarty.php.net/distributions/${MY_P}.tar.gz"
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="doc"
-
-DEPEND=""
-RDEPEND=""
-PDEPEND="doc? ( dev-php/smarty-docs )"
-
-S="${WORKDIR}/${MY_P}"
-
-need_php_by_category
-
-src_install() {
- dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO
-
- php-lib-r1_src_install ./libs `find ./libs -type f -print | sed -e "s|./libs||g"`
-}
-
-pkg_postinst() {
- elog "${PHP_LIB_NAME} has been installed in /usr/share/php/${PHP_LIB_NAME}/."
- elog "To use it in your scripts, either"
- elog "1. define('SMARTY_DIR', \"/usr/share/php/${PHP_LIB_NAME}/\") in your scripts, or"
- elog "2. add '/usr/share/php/${PHP_LIB_NAME}/' to the 'include_path' variable in your"
- elog "php.ini file under /etc/php/SAPI (where SAPI is one of apache-php[45],"
- elog "cgi-php[45] or cli-php[45])."
- elog
- elog "If you're upgrading from a previous version make sure to clear out your"
- elog "templates_c and cache directories as some include paths have changed!"
- elog
- elog "The Smarty include directory has changed in 2.6.12 from /usr/share/php/Smarty/"
- elog "to /usr/share/php/${PHP_LIB_NAME}/ you will need to change your SMARTY_DIR or"
- elog "include_path accordingly."
-}
diff --git a/dev-php/smarty/smarty-2.6.20.ebuild b/dev-php/smarty/smarty-2.6.20-r1.ebuild
index fd1f541b33a9..b7470b49642e 100644
--- a/dev-php/smarty/smarty-2.6.20.ebuild
+++ b/dev-php/smarty/smarty-2.6.20-r1.ebuild
@@ -1,8 +1,8 @@
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.20.ebuild,v 1.1 2008/09/04 16:51:27 dertobi123 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.20-r1.ebuild,v 1.1 2008/11/28 15:55:14 dertobi123 Exp $
-inherit php-lib-r1
+inherit php-lib-r1 eutils
KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
@@ -23,6 +23,13 @@ S="${WORKDIR}/${MY_P}"
need_php_by_category
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}/${P}-CVE-2008-4810.patch"
+}
+
src_install() {
dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO