diff options
author | tron <tron@pkgsrc.org> | 2008-06-26 19:44:35 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2008-06-26 19:44:35 +0000 |
commit | bc226cb95c12fd167439bd0399e3d50a27f70efe (patch) | |
tree | 60527e8e12207639ac693811cee15a196e7e5ee6 | |
parent | 6c32ab4b9b785033628e4a093ce167af854de294 (diff) | |
download | pkgsrc-bc226cb95c12fd167439bd0399e3d50a27f70efe.tar.gz |
Pullup ticket #2435 - requested by adrianp
Security patch for horde
Manually add backport of the following fix:
- http://lists.horde.org/archives/announce/2008/000415.html
-rw-r--r-- | www/horde/Makefile | 4 | ||||
-rw-r--r-- | www/horde/distinfo | 3 | ||||
-rw-r--r-- | www/horde/patches/patch-ab | 17 |
3 files changed, 22 insertions, 2 deletions
diff --git a/www/horde/Makefile b/www/horde/Makefile index baf98ed5af8..5212f856ddb 100644 --- a/www/horde/Makefile +++ b/www/horde/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.53 2008/03/08 17:36:53 adrianp Exp $ +# $NetBSD: Makefile,v 1.53.2.1 2008/06/26 19:44:35 tron Exp $ DISTNAME= horde-3.1.7 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= http://ftp.horde.org/pub/horde/ \ ftp://ftp.horde.org/pub/horde/ @@ -107,6 +108,7 @@ SUBST_MESSAGE.files= Fixing configuration files. do-build: ${RM} ${WRKSRC}/lib/Horde/Auth/login.php.orig + ${RM} ${WRKSRC}/services/obrowser/index.php.orig ${CP} ${FILESDIR}/horde.conf.dist ${WRKSRC}/horde.conf.dist ${CP} ${WRKSRC}/config/conf.xml ${WRKSRC}/config/conf.xml.dist ${FIND} ${WRKSRC} -name .htaccess -print | ${XARGS} ${RM} -f diff --git a/www/horde/distinfo b/www/horde/distinfo index e073f92a38b..934a28eca10 100644 --- a/www/horde/distinfo +++ b/www/horde/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.20 2008/03/08 17:36:53 adrianp Exp $ +$NetBSD: distinfo,v 1.20.2.1 2008/06/26 19:44:35 tron Exp $ SHA1 (horde-3.1.7.tar.gz) = b6666b35330082e0627b82fa30754751a082c115 RMD160 (horde-3.1.7.tar.gz) = b0b8783c6955c59070dbb9db0ec4fe788b0dc220 Size (horde-3.1.7.tar.gz) = 5288106 bytes SHA1 (patch-aa) = 9edb110586805d5efd84541b9d3821889967e785 +SHA1 (patch-ab) = 38fb9fb6126f546ac9821bda3731866c8daa957c diff --git a/www/horde/patches/patch-ab b/www/horde/patches/patch-ab new file mode 100644 index 00000000000..d900b7a9e93 --- /dev/null +++ b/www/horde/patches/patch-ab @@ -0,0 +1,17 @@ +$NetBSD: patch-ab,v 1.4.14.1 2008/06/26 19:44:35 tron Exp $ + +--- services/obrowser/index.php.orig 2007-01-02 13:55:16.000000000 +0000 ++++ services/obrowser/index.php +@@ -90,10 +90,10 @@ foreach ($list as $path => $values) { + if (!empty($values['browseable'])) { + $url = Horde::applicationUrl('services/obrowser/'); + $url = Util::addParameter($url, 'path', $path); +- $row['name'] = Horde::link($url) . $values['name'] . '</a>'; ++ $row['name'] = Horde::link($url) . htmlspecialchars($values['name']) . '</a>'; + } else { + $js = "return chooseObject('" . addslashes($path) . "');"; +- $row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . $values['name'] . '</a>'; ++ $row['name'] = Horde::link('#', sprintf(_("Choose %s"), $values['name']), '', '', $js) . htmlspecialchars($values['name']) . '</a>'; + } + + $rows[] = $row; |