summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorryoon <ryoon>2011-12-26 19:05:32 +0000
committerryoon <ryoon>2011-12-26 19:05:32 +0000
commit5d33637981ea8f7cf1295c496f045c8387a3a955 (patch)
tree39d34935753ceb9818fb894d1366c722349f370d
parent94e20d7939064f615b578eec0835917d079877fa (diff)
downloadpkgsrc-5d33637981ea8f7cf1295c496f045c8387a3a955.tar.gz
Fix security bug, http://dev.tiki.org/item4059, patch from upstream SVN.
Bump PKGREVISION.
-rw-r--r--www/php-tiki6/Makefile4
-rw-r--r--www/php-tiki6/distinfo5
-rw-r--r--www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php22
3 files changed, 28 insertions, 3 deletions
diff --git a/www/php-tiki6/Makefile b/www/php-tiki6/Makefile
index 3f24c0d2218..f0caff982c5 100644
--- a/www/php-tiki6/Makefile
+++ b/www/php-tiki6/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2011/12/25 03:35:39 ryoon Exp $
+# $NetBSD: Makefile,v 1.7 2011/12/26 19:05:32 ryoon Exp $
#
DISTNAME= tiki-6.5
PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/tiki-/tiki6-/}
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tikiwiki/}
EXTRACT_SUFX= .tar.bz2
@@ -35,6 +36,7 @@ FILES_SUBST+= WWWGRP=${APACHE_GROUP} WWWOWN=${APACHE_USER} \
do-install:
${RM} ${WRKSRC}/*orig
+ ${RM} ${WRKSRC}/lib/wiki-plugins/*orig
cd ${WRKSRC} && sh setup.sh -u ${APACHE_USER} -g ${APACHE_GROUP} -n
cd ${WRKSRC} && pax -rw -pmp * \
${DESTDIR}${PREFIX}/${TIKIDIR}
diff --git a/www/php-tiki6/distinfo b/www/php-tiki6/distinfo
index c94d2d65315..d47e9c28fa4 100644
--- a/www/php-tiki6/distinfo
+++ b/www/php-tiki6/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.2 2011/12/25 01:29:01 ryoon Exp $
+$NetBSD: distinfo,v 1.3 2011/12/26 19:05:32 ryoon Exp $
SHA1 (tiki-6.5.tar.bz2) = 645fd9c64e9ab998247749fcde90776359e07a69
RMD160 (tiki-6.5.tar.bz2) = b2e985c2884e40502b59532c950c075de90a613c
Size (tiki-6.5.tar.bz2) = 18366043 bytes
-SHA1 (patch-setup.sh) = b0e7c905700b97bdcb8b040679d477b4865fefc7
+SHA1 (patch-lib_wiki-plugins_wikiplugin__snarf.php) = cd34e0a5a031a91b304c16ac2fd2e5ec12dcc541
+SHA1 (patch-setup.sh) = 554104a64ab2b91e2b80a67702c2f5f19937e5b3
diff --git a/www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php b/www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php
new file mode 100644
index 00000000000..8300cf5ef9e
--- /dev/null
+++ b/www/php-tiki6/patches/patch-lib_wiki-plugins_wikiplugin__snarf.php
@@ -0,0 +1,22 @@
+$NetBSD: patch-lib_wiki-plugins_wikiplugin__snarf.php,v 1.1 2011/12/26 19:05:32 ryoon Exp $
+
+* Fix security bug, http://dev.tiki.org/item4059 .
+
+--- lib/wiki-plugins/wikiplugin_snarf.php.orig 2011-07-14 22:36:39.000000000 +0000
++++ lib/wiki-plugins/wikiplugin_snarf.php
+@@ -178,8 +178,13 @@ function wikiplugin_snarf($data, $params
+ }
+
+ // If the user specified a more specialized regex
+- if ( isset($params['regex']) && isset($params['regexres']) && preg_match('/^(.)(.)+\1[^e]*$/', $params['regex']) ) {
+- $snarf = preg_replace( $params['regex'], $params['regexres'], $snarf );
++ if (isset($params['regex']) && isset($params['regexres'])) {
++ // fixes http://dev.tiki.org/item4059
++ $params['regex'] = str_replace("\0", "", $params['regex']);
++
++ if (preg_match('/^(.)(.)+\1[^e]*$/', $params['regex'])) {
++ $snarf = preg_replace($params['regex'], $params['regexres'], $snarf);
++ }
+ }
+
+ if ( $data == '' ) $data = NULL;