Revision bump for security bug #243856

Package-Manager: portage-2.2_rc16/cvs/Linux 2.6.25-gentoo-r7 x86_64

6 files changed, 50 insertions, 101 deletions

diff --git a/dev-php/smarty/ChangeLog b/dev-php/smarty/ChangeLog
index 7bc2cfc974b1..3ab3647cb948 100644
--- a/dev-php/smarty/ChangeLog
+++ b/dev-php/smarty/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-php/smarty
 # Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/ChangeLog,v 1.81 2008/09/04 16:51:27 dertobi123 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/ChangeLog,v 1.82 2008/11/28 15:55:14 dertobi123 Exp $
+
+*smarty-2.6.20-r1 (28 Nov 2008)
+
+  28 Nov 2008; Tobias Scherbaum <dertobi123@gentoo.org>
+  +files/smarty-2.6.20-CVE-2008-4810.patch, -smarty-2.6.14.ebuild,
+  -smarty-2.6.18.ebuild, -smarty-2.6.20.ebuild, +smarty-2.6.20-r1.ebuild:
+  Revision bump for security bug #243856
 
 *smarty-2.6.20 (04 Sep 2008)
 
diff --git a/dev-php/smarty/Manifest b/dev-php/smarty/Manifest
index 5fef2202405a..3dfe9525e2e9 100644
--- a/dev-php/smarty/Manifest
+++ b/dev-php/smarty/Manifest
@@ -1,10 +1,7 @@
-DIST Smarty-2.6.14.tar.gz 144986 RMD160 2fe39d4c74035ce3c8ba026cb6a1daaf73023f07 SHA1 88e14efacac936c565d6f3230f327233791ff32b SHA256 aa78a87eb6d505aa652beb7d5e68cc11374bd55081797df102aedb1a4ab38c2a
-DIST Smarty-2.6.18.tar.gz 153299 RMD160 007c37fc8ab90756e35d00a45792e0ccfb5843da SHA1 ac623f06952bfc762fcbedb23f0ddb551c0b013d SHA256 14830bffb17e0490f671f9ae3372e97c7182db261af19eea39c046139f177bf7
+AUX smarty-2.6.20-CVE-2008-4810.patch 1236 RMD160 8cb13e0e46ae9ab3baeddae91f504eec41ed1344 SHA1 8def7e75a4966d3137cce03a52a86914158a0cb2 SHA256 4c72d371cab118d971c19f15aaaef19c2b1e298352131fc625b8be13f04a009e
 DIST Smarty-2.6.19.tar.gz 157834 RMD160 782f0cf444d2bcb5b1ca5b797a39e48f910a83ba SHA1 eed917a53bdc4b0f0e506b41676f39689d9b18c5 SHA256 8012ad7e502f49d797862b275c3e64cdc0823ac797cbca909ba37bc72b70a70e
 DIST Smarty-2.6.20.tar.gz 158109 RMD160 6aaa1b2c348db2c57b6eefc7df25e22f0785cc7e SHA1 012ea05a4d29960ea365de9a10ab5161292a2918 SHA256 33969fa776b40832d3141a71c0f46e648b30c5647d2e8d9713888b8f2b1bf9e7
-EBUILD smarty-2.6.14.ebuild 1579 RMD160 b814eca4d8b7114bdb68c6655a15f310e3b6cd51 SHA1 82365dfa4d89fb3846d481162ea4fadcf164739e SHA256 0bbcc4e5e230f158490721af4caef7904215cc1fd012ec7298291009c31fb208
-EBUILD smarty-2.6.18.ebuild 1579 RMD160 49f2b03d301fc86b02d0e150fb44fdceee38f058 SHA1 541c72cc6e8637096cec2f9d52622108b04bb4d1 SHA256 921b9a02bd0327a54523f8e6bab36a5e921c3ef1f3c8689da9b3974aca56ec3b
 EBUILD smarty-2.6.19.ebuild 1362 RMD160 71125c21c2cc3f880f22a4027110c39fc870a1aa SHA1 42d0fff58205fbab9cfc32f31b4b72e1afc772c7 SHA256 e960a61d8a39427ec6e39d2bb40bbb855084a23cb53372eaab5602914ea6c15b
-EBUILD smarty-2.6.20.ebuild 1367 RMD160 dfc6db844fddc4aedb928c8496e4450c29773f73 SHA1 ce0000644299914a91abe6364efa0d3bd77191b1 SHA256 56b821f4ce679479f055483d8f1dfb296f4a11e557e84a971f4be5ed65261b82
-MISC ChangeLog 10069 RMD160 684faac844a1a14f51c02b7f3a75e63f0f074d2f SHA1 594c96e7374e6682a72510242aad54363cdf72d0 SHA256 b3f96794efa75aaa8ab2717b986cab6f6850cd7ce4250336ea7cc0382a6100ff
+EBUILD smarty-2.6.20-r1.ebuild 1467 RMD160 d16a0bbeb40790169e972e951c00121b58332b96 SHA1 81080a29d006d7fd74c41e57b2320a9734e5905f SHA256 f101139c5dfeaeae3bb153fbe779a9667a02af32bc49ae5197a11b24e8d2bc90
+MISC ChangeLog 10341 RMD160 99e4754e35aa682f142a23691d82fbbf0b415c16 SHA1 285ec9221d10f5b3b9f3d692a2b74234e5f4ae88 SHA256 576922c41e8fd41bbface70182e2ff64752b091ddb64c84cd26f2b7a79833952
 MISC metadata.xml 245 RMD160 df565b9cf8cf9c31c379eb608206b7cec9654aa0 SHA1 d36181f8dfc3befb36b1be53d34bbf52ef08644a SHA256 d05736004597d92391dc1b617e0f8f7a570f3094d1663329d29e0b96f410858d
diff --git a/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch b/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch
new file mode 100644
index 000000000000..c453ec7e34e7
--- /dev/null
+++ b/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch
@@ -0,0 +1,30 @@
+------------------------------------------------------------------------
+r2784 | Uwe.Tews | 2008-09-18 23:03:32 +0200 (Thu, 18 Sep 2008) | 1 line
+
+ - fix  function injection security hole closed (U.Tews)
+------------------------------------------------------------------------
+r2796 | monte.ohrt | 2008-09-22 17:29:16 +0200 (Mon, 22 Sep 2008) | 3 lines
+
+revert patch for secuity hole, update site url
+
+
+------------------------------------------------------------------------
+r2797 | monte.ohrt | 2008-09-22 21:26:32 +0200 (Mon, 22 Sep 2008) | 3 lines
+
+patch for security, php executed in templates
+
+
+------------------------------------------------------------------------
+Index: Smarty_Compiler.class.php
+===================================================================
+--- Smarty-2.6.20.orig/libs/Smarty_Compiler.class.php	(revision 2781)
++++ Smarty-2.6.20/libs/Smarty_Compiler.class.php	(revision 2797)
+@@ -1705,6 +1705,8 @@
+         }
+         // replace double quoted literal string with single quotes
+         $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
++        // escape dollar sign if not printing a var
++        $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
+         return $_return;
+     }
+ 
diff --git a/dev-php/smarty/smarty-2.6.14.ebuild b/dev-php/smarty/smarty-2.6.14.ebuild
deleted file mode 100644
index 60eb51bdc857..000000000000
--- a/dev-php/smarty/smarty-2.6.14.ebuild
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.14.ebuild,v 1.10 2007/03/18 15:42:03 chtekk Exp $
-
-inherit php-lib-r1
-
-KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86"
-
-MY_P="Smarty-${PV}"
-
-DESCRIPTION="A template engine for PHP."
-HOMEPAGE="http://smarty.php.net/"
-SRC_URI="http://smarty.php.net/distributions/${MY_P}.tar.gz"
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="doc"
-
-DEPEND=""
-RDEPEND=""
-PDEPEND="doc? ( dev-php/smarty-docs )"
-
-S="${WORKDIR}/${MY_P}"
-
-need_php_by_category
-
-src_install() {
-	dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO
-
-	php-lib-r1_src_install ./libs `find ./libs -type f -print | sed -e "s|./libs||g"`
-}
-
-pkg_postinst() {
-	elog "${PHP_LIB_NAME} has been installed in /usr/share/php/${PHP_LIB_NAME}/."
-	elog "To use it in your scripts, either"
-	elog "1. define('SMARTY_DIR', \"/usr/share/php/${PHP_LIB_NAME}/\") in your scripts, or"
-	elog "2. add '/usr/share/php/${PHP_LIB_NAME}/' to the 'include_path' variable in your"
-	elog "php.ini file under /etc/php/SAPI (where SAPI is one of apache-php[45],"
-	elog "cgi-php[45] or cli-php[45])."
-	elog
-	elog "If you're upgrading from a previous version make sure to clear out your"
-	elog "templates_c and cache directories as some include paths have changed!"
-	elog
-	elog "The Smarty include directory has changed in 2.6.12 from /usr/share/php/Smarty/"
-	elog "to /usr/share/php/${PHP_LIB_NAME}/ you will need to change your SMARTY_DIR or"
-	elog "include_path accordingly."
-}
diff --git a/dev-php/smarty/smarty-2.6.18.ebuild b/dev-php/smarty/smarty-2.6.18.ebuild
deleted file mode 100644
index d9c49257d936..000000000000
--- a/dev-php/smarty/smarty-2.6.18.ebuild
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.18.ebuild,v 1.7 2007/11/02 03:55:10 beandog Exp $
-
-inherit php-lib-r1
-
-KEYWORDS="alpha amd64 hppa ppc ~ppc64 sparc x86"
-
-MY_P="Smarty-${PV}"
-
-DESCRIPTION="A template engine for PHP."
-HOMEPAGE="http://smarty.php.net/"
-SRC_URI="http://smarty.php.net/distributions/${MY_P}.tar.gz"
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="doc"
-
-DEPEND=""
-RDEPEND=""
-PDEPEND="doc? ( dev-php/smarty-docs )"
-
-S="${WORKDIR}/${MY_P}"
-
-need_php_by_category
-
-src_install() {
-	dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO
-
-	php-lib-r1_src_install ./libs `find ./libs -type f -print | sed -e "s|./libs||g"`
-}
-
-pkg_postinst() {
-	elog "${PHP_LIB_NAME} has been installed in /usr/share/php/${PHP_LIB_NAME}/."
-	elog "To use it in your scripts, either"
-	elog "1. define('SMARTY_DIR', \"/usr/share/php/${PHP_LIB_NAME}/\") in your scripts, or"
-	elog "2. add '/usr/share/php/${PHP_LIB_NAME}/' to the 'include_path' variable in your"
-	elog "php.ini file under /etc/php/SAPI (where SAPI is one of apache-php[45],"
-	elog "cgi-php[45] or cli-php[45])."
-	elog
-	elog "If you're upgrading from a previous version make sure to clear out your"
-	elog "templates_c and cache directories as some include paths have changed!"
-	elog
-	elog "The Smarty include directory has changed in 2.6.12 from /usr/share/php/Smarty/"
-	elog "to /usr/share/php/${PHP_LIB_NAME}/ you will need to change your SMARTY_DIR or"
-	elog "include_path accordingly."
-}
diff --git a/dev-php/smarty/smarty-2.6.20.ebuild b/dev-php/smarty/smarty-2.6.20-r1.ebuild
index fd1f541b33a9..b7470b49642e 100644
--- a/dev-php/smarty/smarty-2.6.20.ebuild
+++ b/dev-php/smarty/smarty-2.6.20-r1.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.20.ebuild,v 1.1 2008/09/04 16:51:27 dertobi123 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-php/smarty/smarty-2.6.20-r1.ebuild,v 1.1 2008/11/28 15:55:14 dertobi123 Exp $
 
-inherit php-lib-r1
+inherit php-lib-r1 eutils
 
 KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
 
@@ -23,6 +23,13 @@ S="${WORKDIR}/${MY_P}"
 
 need_php_by_category
 
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}/${P}-CVE-2008-4810.patch"
+}
+
 src_install() {
 	dodoc-php BUGS ChangeLog FAQ NEWS QUICK_START README RELEASE_NOTES TODO