pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2018Q4]: pkgsrc/lang/pear Pullup ticket #5912 - requested by taca
details: https://anonhg.NetBSD.org/pkgsrc/rev/bcf3b62cb8ae
branches: pkgsrc-2018Q4
changeset: 408318:bcf3b62cb8ae
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Mon Feb 18 14:17:59 2019 +0000
description:
Pullup ticket #5912 - requested by taca
lang/pear: security fix
Revisions pulled up:
- lang/pear/Makefile 1.45-1.46
- lang/pear/distinfo 1.32-1.33
- lang/pear/patches/patch-.._Archive__Tar-1.4.5_Archive_Tar.php 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 3 14:06:58 UTC 2019
Modified Files:
pkgsrc/lang/pear: Makefile distinfo
Log Message:
lang/pear: update Archive_Tar pear package to 1.4.6
Update Archive_Tar pear package to 1.4.6.
Bump PKGREVISION.
1.4.4 (2018-12-20)
* Fix Bug #21058: Long symlinks are not supported [mrook]
* Fix Bug #23782: Prevent phar:// files from being extracted [mrook]
1.4.5 (2019-02-01)
* Fix Bug #23788: Relative symlinks are broken [mrook]
1.4.6 (2019-02-01)
* Improve path traversal detection for forward and backward slashes
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 7 13:40:57 UTC 2019
Modified Files:
pkgsrc/lang/pear: Makefile distinfo
Added Files:
pkgsrc/lang/pear/patches: patch-.._Archive__Tar-1.4.5_Archive_Tar.php
Log Message:
lang/pear: fix broken package with previous commit
Fix broken package with previous commit.
* Make Archive_Tar to 1.4.5 which I have the distfile.
* Upload Archive_Tar-1.4.5.tgz to MASTER_SITE_LOCAL.
* Add patch to update Archive/Tar.php to 1.4.6 from GitHub.
No PKGREVISION bump since it was broken.
diffstat:
lang/pear/Makefile | 5 +-
lang/pear/distinfo | 11 +++--
lang/pear/patches/patch-.._Archive__Tar-1.4.5_Archive_Tar.php | 20 +++++++++++
3 files changed, 29 insertions(+), 7 deletions(-)
diffs (70 lines):
diff -r b6c4ab46b773 -r bcf3b62cb8ae lang/pear/Makefile
--- a/lang/pear/Makefile Mon Feb 18 14:05:52 2019 +0000
+++ b/lang/pear/Makefile Mon Feb 18 14:17:59 2019 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.44 2018/12/15 16:48:05 taca Exp $
+# $NetBSD: Makefile,v 1.44.2.1 2019/02/18 14:17:59 bsiegert Exp $
#
DISTNAME= PEAR-1.10.7
PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/PEAR/pear/}
+PKGREVISION= 1
CATEGORIES= lang
MASTER_SITES= http://download.pear.php.net/package/
EXTRACT_SUFX= .tgz
@@ -33,7 +34,7 @@
DISTFILES+= ${PEAR_SRCS}
EXTRACT_ONLY+= ${PEAR_SRCS}
-ARCHIVE_SRCS= Archive_Tar-1.4.3${EXTRACT_SUFX}
+ARCHIVE_SRCS= Archive_Tar-1.4.5${EXTRACT_SUFX}
ARCHIVE_WRKSRC= ${WRKDIR}/${ARCHIVE_SRCS:S/${EXTRACT_SUFX}//}
DISTFILES+= ${ARCHIVE_SRCS}
EXTRACT_ONLY+= ${ARCHIVE_SRCS}
diff -r b6c4ab46b773 -r bcf3b62cb8ae lang/pear/distinfo
--- a/lang/pear/distinfo Mon Feb 18 14:05:52 2019 +0000
+++ b/lang/pear/distinfo Mon Feb 18 14:17:59 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.31 2018/12/15 16:48:05 taca Exp $
+$NetBSD: distinfo,v 1.31.2.1 2019/02/18 14:17:59 bsiegert Exp $
-SHA1 (pear20151210/Archive_Tar-1.4.3.tgz) = 947d43997ca0c0074b2f154b6487b41aec0e4aa7
-RMD160 (pear20151210/Archive_Tar-1.4.3.tgz) = 792fa16c1db820465687a12d79750520e05f4ae5
-SHA512 (pear20151210/Archive_Tar-1.4.3.tgz) = 62e60d59266c5d19b131f769f4d71d4cee6bf8964b0c6610c4f1381500ced582865bff26c608479b2678dda1e7407ba39a7ec84b31fed13e3875f1947ce5bd6c
-Size (pear20151210/Archive_Tar-1.4.3.tgz) = 20682 bytes
+SHA1 (pear20151210/Archive_Tar-1.4.5.tgz) = 1697a5baa9666174b64c48fcdd1b9c4d311100fa
+RMD160 (pear20151210/Archive_Tar-1.4.5.tgz) = c2a81c901a4b38f46d7035f3b169296f9969b592
+SHA512 (pear20151210/Archive_Tar-1.4.5.tgz) = 7a7e16e37b0c7112a77333ed2c4d0a0ae57cc1e971191c79b1858227b46f967aee915757a81bdfef3a9487a53b81a99bfbe84f78a346671fe44ac9f1f203a358
+Size (pear20151210/Archive_Tar-1.4.5.tgz) = 20919 bytes
SHA1 (pear20151210/Console_Getopt-1.4.1.tgz) = 1db5b48e15547be532a9c836cd7ef448a3758ddc
RMD160 (pear20151210/Console_Getopt-1.4.1.tgz) = 54d397e321a0168a33a92c98cf39f9f6456d49ea
SHA512 (pear20151210/Console_Getopt-1.4.1.tgz) = e66a78077593ade78a40c59297a24242b0177d21b0e02b08d4fb5e25d8a57a96353c50a9dcc968f60af7458d40443061e0c1cdb11ad3180c7ffed8f0b314b089
@@ -20,3 +20,4 @@
RMD160 (pear20151210/XML_Util-1.4.3.tgz) = 55308486e8a32d7bcb775c286d487b1db4a3f00b
SHA512 (pear20151210/XML_Util-1.4.3.tgz) = c21a7cef90743e124c4bc8e0453b634de8f6a6b0aac060acc1a17f481a2eb8757d322b05c69151280b7651cea927b2c64b7d49b9fd815dcdc606d0472d967310
Size (pear20151210/XML_Util-1.4.3.tgz) = 18842 bytes
+SHA1 (patch-.._Archive__Tar-1.4.5_Archive_Tar.php) = fa693b0c8d89b550952fc4a43a7319b87053c821
diff -r b6c4ab46b773 -r bcf3b62cb8ae lang/pear/patches/patch-.._Archive__Tar-1.4.5_Archive_Tar.php
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/pear/patches/patch-.._Archive__Tar-1.4.5_Archive_Tar.php Mon Feb 18 14:17:59 2019 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-.._Archive__Tar-1.4.5_Archive_Tar.php,v 1.1.2.2 2019/02/18 14:18:00 bsiegert Exp $
+
+* Fix from Archive_Tar-1.4.6.
+
+--- ../Archive_Tar-1.4.5/Archive/Tar.php.orig 2019-01-02 21:45:20.000000000 +0000
++++ ../Archive_Tar-1.4.5/Archive/Tar.php
+@@ -1770,11 +1770,8 @@ class Archive_Tar extends PEAR
+ if (strpos($file, 'phar://') === 0) {
+ return true;
+ }
+- if (strpos($file, DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR) !== false) {
+- return true;
+- }
+- if (strpos($file, '..' . DIRECTORY_SEPARATOR) === 0) {
+- return true;
++ if (strpos($file, '../') !== false || strpos($file, '..\\') !== false) {
++ return true;
+ }
+ return false;
+ }
Home |
Main Index |
Thread Index |
Old Index