diff options
author | spz <spz@pkgsrc.org> | 2020-10-21 21:51:28 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2020-10-21 21:51:28 +0000 |
commit | 03a60b4d98ad7e849fcc4fbf873582bc03f8d199 (patch) | |
tree | 642828e9cd6069b42126d659abafd9965235a03c | |
parent | 3baf060c8643fa56f183e26061e2ce1861ede592 (diff) | |
download | pkgsrc-03a60b4d98ad7e849fcc4fbf873582bc03f8d199.tar.gz |
Pullup ticket #6339 - requested by taca
www/contao35: security patch
Revisions pulled up:
- www/contao35/Makefile 1.48
- www/contao35/distinfo 1.37
- www/contao35/patches/patch-system_modules_core_library_Contao_Input.php 1.1
- www/contao35/patches/patch-system_modules_news_dca_tl__news.php 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 06:31:02 UTC 2020
Modified Files:
pkgsrc/www/contao35: Makefile distinfo
Added Files:
pkgsrc/www/contao35/patches:
patch-system_modules_core_library_Contao_Input.php
patch-system_modules_news_dca_tl__news.php
Log Message:
www/contao35: add two fixes
* Add fix for CVE-2020-25768.
* Fix time range problem on positive timezone.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/contao35/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php \
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
-rw-r--r-- | www/contao35/Makefile | 3 | ||||
-rw-r--r-- | www/contao35/distinfo | 4 | ||||
-rw-r--r-- | www/contao35/patches/patch-system_modules_core_library_Contao_Input.php | 26 | ||||
-rw-r--r-- | www/contao35/patches/patch-system_modules_news_dca_tl__news.php | 15 |
4 files changed, 46 insertions, 2 deletions
diff --git a/www/contao35/Makefile b/www/contao35/Makefile index b500feba511..2c964385ab4 100644 --- a/www/contao35/Makefile +++ b/www/contao35/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.47 2019/12/16 16:30:14 taca Exp $ +# $NetBSD: Makefile,v 1.47.8.1 2020/10/21 21:51:28 spz Exp $ # DISTNAME= contao-${CT_PKGVER} PKGNAME= ${PHP_PKG_PREFIX}-contao${CT_VER}-${CT_PKGVER} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_GITHUB:=contao/} GITHUB_PROJECT= core diff --git a/www/contao35/distinfo b/www/contao35/distinfo index 59a43d9b914..fc005849466 100644 --- a/www/contao35/distinfo +++ b/www/contao35/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.36 2019/04/14 09:23:06 taca Exp $ +$NetBSD: distinfo,v 1.36.12.1 2020/10/21 21:51:28 spz Exp $ SHA1 (contao-3.5.40.tar.gz) = 67ee42c5232142bf7b7f9f86635f9a5dc7c3536d RMD160 (contao-3.5.40.tar.gz) = b8fdb80da8b96fd7820f972f5b33418fadcadf81 SHA512 (contao-3.5.40.tar.gz) = 54a2e00fdca1bd3a11464d5c74113cbb74b7d39fc368dc6de7608a4a8dd7fe5464d9840b0ecd37ca2ee7df6cf0ac004a0e2903c79e06c7509787a6700814d598 Size (contao-3.5.40.tar.gz) = 11204594 bytes +SHA1 (patch-system_modules_core_library_Contao_Input.php) = 07cb28f17ea7b028070bc039ea47c05ca790beb0 +SHA1 (patch-system_modules_news_dca_tl__news.php) = 13cee5a492f8ae63fe478b5e8bd9b5af477aa9ac diff --git a/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php b/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php new file mode 100644 index 00000000000..0807afedd5f --- /dev/null +++ b/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php @@ -0,0 +1,26 @@ +$NetBSD: patch-system_modules_core_library_Contao_Input.php,v 1.1.2.2 2020/10/21 21:51:28 spz Exp $ + +Apply fix for CVE-2020-25768. + +--- system/modules/core/library/Contao/Input.php.orig 2019-04-11 11:11:34.000000000 +0000 ++++ system/modules/core/library/Contao/Input.php +@@ -765,7 +765,18 @@ class Input + */ + public static function encodeInsertTags($varValue) + { +- return str_replace(array('{{', '}}'), array('{{', '}}'), $varValue); ++ // Recursively encode insert tags ++ if (\is_array($varValue)) ++ { ++ foreach ($varValue as $k=>$v) ++ { ++ $varValue[$k] = static::encodeInsertTags($v); ++ } ++ ++ return $varValue; ++ } ++ ++ return str_replace(array('{{', '}}'), array('{{', '}}'), (string) $varValue); + } + + diff --git a/www/contao35/patches/patch-system_modules_news_dca_tl__news.php b/www/contao35/patches/patch-system_modules_news_dca_tl__news.php new file mode 100644 index 00000000000..2fb800e67fb --- /dev/null +++ b/www/contao35/patches/patch-system_modules_news_dca_tl__news.php @@ -0,0 +1,15 @@ +$NetBSD: patch-system_modules_news_dca_tl__news.php,v 1.1.2.2 2020/10/21 21:51:28 spz Exp $ + +Fix time range problem on positive timezone. + +--- system/modules/news/dca/tl_news.php.orig 2019-04-11 11:11:34.000000000 +0000 ++++ system/modules/news/dca/tl_news.php +@@ -228,7 +228,7 @@ $GLOBALS['TL_DCA']['tl_news'] = array + 'exclude' => true, + 'inputType' => 'text', + 'eval' => array('rgxp'=>'time', 'doNotCopy'=>true, 'tl_class'=>'w50'), +- 'sql' => "int(10) unsigned NOT NULL default '0'" ++ 'sql' => "int(10) NOT NULL default '0'" + ), + 'subheadline' => array + ( |