pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2020Q3] pkgsrc/www/contao35
Module Name: pkgsrc
Committed By: spz
Date: Wed Oct 21 21:51:28 UTC 2020
Modified Files:
pkgsrc/www/contao35 [pkgsrc-2020Q3]: Makefile distinfo
Added Files:
pkgsrc/www/contao35/patches [pkgsrc-2020Q3]:
patch-system_modules_core_library_Contao_Input.php
patch-system_modules_news_dca_tl__news.php
Log Message:
Pullup ticket #6339 - requested by taca
www/contao35: security patch
Revisions pulled up:
- www/contao35/Makefile 1.48
- www/contao35/distinfo 1.37
- www/contao35/patches/patch-system_modules_core_library_Contao_Input.php 1.1
- www/contao35/patches/patch-system_modules_news_dca_tl__news.php 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 4 06:31:02 UTC 2020
Modified Files:
pkgsrc/www/contao35: Makefile distinfo
Added Files:
pkgsrc/www/contao35/patches:
patch-system_modules_core_library_Contao_Input.php
patch-system_modules_news_dca_tl__news.php
Log Message:
www/contao35: add two fixes
* Add fix for CVE-2020-25768.
* Fix time range problem on positive timezone.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/contao35/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php \
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.47.8.1 pkgsrc/www/contao35/Makefile
cvs rdiff -u -r1.36 -r1.36.12.1 pkgsrc/www/contao35/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php \
pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/contao35/Makefile
diff -u pkgsrc/www/contao35/Makefile:1.47 pkgsrc/www/contao35/Makefile:1.47.8.1
--- pkgsrc/www/contao35/Makefile:1.47 Mon Dec 16 16:30:14 2019
+++ pkgsrc/www/contao35/Makefile Wed Oct 21 21:51:28 2020
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.47 2019/12/16 16:30:14 taca Exp $
+# $NetBSD: Makefile,v 1.47.8.1 2020/10/21 21:51:28 spz Exp $
#
DISTNAME= contao-${CT_PKGVER}
PKGNAME= ${PHP_PKG_PREFIX}-contao${CT_VER}-${CT_PKGVER}
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_GITHUB:=contao/}
GITHUB_PROJECT= core
Index: pkgsrc/www/contao35/distinfo
diff -u pkgsrc/www/contao35/distinfo:1.36 pkgsrc/www/contao35/distinfo:1.36.12.1
--- pkgsrc/www/contao35/distinfo:1.36 Sun Apr 14 09:23:06 2019
+++ pkgsrc/www/contao35/distinfo Wed Oct 21 21:51:28 2020
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.36 2019/04/14 09:23:06 taca Exp $
+$NetBSD: distinfo,v 1.36.12.1 2020/10/21 21:51:28 spz Exp $
SHA1 (contao-3.5.40.tar.gz) = 67ee42c5232142bf7b7f9f86635f9a5dc7c3536d
RMD160 (contao-3.5.40.tar.gz) = b8fdb80da8b96fd7820f972f5b33418fadcadf81
SHA512 (contao-3.5.40.tar.gz) = 54a2e00fdca1bd3a11464d5c74113cbb74b7d39fc368dc6de7608a4a8dd7fe5464d9840b0ecd37ca2ee7df6cf0ac004a0e2903c79e06c7509787a6700814d598
Size (contao-3.5.40.tar.gz) = 11204594 bytes
+SHA1 (patch-system_modules_core_library_Contao_Input.php) = 07cb28f17ea7b028070bc039ea47c05ca790beb0
+SHA1 (patch-system_modules_news_dca_tl__news.php) = 13cee5a492f8ae63fe478b5e8bd9b5af477aa9ac
Added files:
Index: pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php
diff -u /dev/null pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php:1.1.2.2
--- /dev/null Wed Oct 21 21:51:28 2020
+++ pkgsrc/www/contao35/patches/patch-system_modules_core_library_Contao_Input.php Wed Oct 21 21:51:28 2020
@@ -0,0 +1,26 @@
+$NetBSD: patch-system_modules_core_library_Contao_Input.php,v 1.1.2.2 2020/10/21 21:51:28 spz Exp $
+
+Apply fix for CVE-2020-25768.
+
+--- system/modules/core/library/Contao/Input.php.orig 2019-04-11 11:11:34.000000000 +0000
++++ system/modules/core/library/Contao/Input.php
+@@ -765,7 +765,18 @@ class Input
+ */
+ public static function encodeInsertTags($varValue)
+ {
+- return str_replace(array('{{', '}}'), array('{{', '}}'), $varValue);
++ // Recursively encode insert tags
++ if (\is_array($varValue))
++ {
++ foreach ($varValue as $k=>$v)
++ {
++ $varValue[$k] = static::encodeInsertTags($v);
++ }
++
++ return $varValue;
++ }
++
++ return str_replace(array('{{', '}}'), array('{{', '}}'), (string) $varValue);
+ }
+
+
Index: pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php
diff -u /dev/null pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php:1.1.2.2
--- /dev/null Wed Oct 21 21:51:28 2020
+++ pkgsrc/www/contao35/patches/patch-system_modules_news_dca_tl__news.php Wed Oct 21 21:51:28 2020
@@ -0,0 +1,15 @@
+$NetBSD: patch-system_modules_news_dca_tl__news.php,v 1.1.2.2 2020/10/21 21:51:28 spz Exp $
+
+Fix time range problem on positive timezone.
+
+--- system/modules/news/dca/tl_news.php.orig 2019-04-11 11:11:34.000000000 +0000
++++ system/modules/news/dca/tl_news.php
+@@ -228,7 +228,7 @@ $GLOBALS['TL_DCA']['tl_news'] = array
+ 'exclude' => true,
+ 'inputType' => 'text',
+ 'eval' => array('rgxp'=>'time', 'doNotCopy'=>true, 'tl_class'=>'w50'),
+- 'sql' => "int(10) unsigned NOT NULL default '0'"
++ 'sql' => "int(10) NOT NULL default '0'"
+ ),
+ 'subheadline' => array
+ (
Home |
Main Index |
Thread Index |
Old Index