commit: b2bd76209626746148e1bde1950d47788dc839c3 Author: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> AuthorDate: Fri Mar 27 17:03:31 2020 +0000 Commit: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> CommitDate: Fri Mar 27 17:03:53 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2bd7620
www-apps/piwigo: drop security vulnerable version Upstream released 2.10.2, with all fixes included Bug: https://bugs.gentoo.org/714926 Package-Manager: Portage-2.3.96, Repoman-2.3.21 Signed-off-by: Bernard Cafarelli <voyageur <AT> gentoo.org> www-apps/piwigo/Manifest | 1 - www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch | 94 ---------------------- .../files/piwigo-2.10.1-php7.4_deprecation.patch | 56 ------------- .../piwigo/files/piwigo-2.10.1-php7.4_notice.patch | 41 ---------- www-apps/piwigo/piwigo-2.10.1-r1.ebuild | 49 ----------- 5 files changed, 241 deletions(-) diff --git a/www-apps/piwigo/Manifest b/www-apps/piwigo/Manifest index a2413d8004b..99de152d320 100644 --- a/www-apps/piwigo/Manifest +++ b/www-apps/piwigo/Manifest @@ -1,2 +1 @@ -DIST piwigo-2.10.1.zip 17155920 BLAKE2B 2f25d6c4488d9208bd37ad98b2ddfa302d23600442165d5513c8b21c72d017c17ef1c10357009110ba79259ee5a4f0a9495a423235c98cd8d5003ba83bd9b980 SHA512 9ca1119db13f312d16a7a3f04564562b26abd45b6ee731cd2280192fff14384add077a3a14a139f7b5301008c6c702a302de76a3a23873b835ec8417127aa77f DIST piwigo-2.10.2.zip 17391322 BLAKE2B 9982b398b8f3ead6bb5e70b34508d868e2a7440c1fe2d066f659d1a04e90f3239af0b63c2bcdc2fa250edab216acd155d5201d2634c30b275008f25bd0a5e7d0 SHA512 b75359a5ca1fd863de766eaf46dee64fc36482162fd1013bb95fd98553ae1135f9eafd584929a8d0f4dd074e9231978e84917e557de328786c6060098ab3734b diff --git a/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch b/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch deleted file mode 100644 index 101777393cf..00000000000 --- a/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 619849ff8b39f536e9ce40687c07589f8b262278 Mon Sep 17 00:00:00 2001 -From: plegall <p...@piwigo.org> -Date: Fri, 7 Feb 2020 17:05:56 +0100 -Subject: [PATCH] fixes #1150 prevent HTML code in group name - -It avoids any stored XSS between administrators and it's totally useless to have HTML code in the group name. ---- - admin/group_list.php | 14 +++++++++++++- - admin/themes/default/template/group_list.tpl | 8 +++----- - 2 files changed, 16 insertions(+), 6 deletions(-) - -diff --git a/admin/group_list.php b/admin/group_list.php -index ba9c89fef..7e7a3bd9f 100644 ---- a/admin/group_list.php -+++ b/admin/group_list.php -@@ -45,6 +45,11 @@ - { - $page['errors'][] = l10n('The name of a group must not contain " or \' or be empty.'); - } -+ else -+ { -+ $_POST['groupname'] = strip_tags($_POST['groupname']); -+ } -+ - if (count($page['errors']) == 0) - { - // is the group not already existing ? -@@ -107,7 +112,7 @@ - $group_names = array_from_query($query, 'name'); - foreach($groups as $group) - { -- $_POST['rename_'.$group] = stripslashes($_POST['rename_'.$group]); -+ $_POST['rename_'.$group] = strip_tags(stripslashes($_POST['rename_'.$group])); - - if (in_array($_POST['rename_'.$group], $group_names)) - { -@@ -181,6 +186,8 @@ - - if ($action=="merge" and count($groups) > 1) - { -+ $_POST['merge'] = strip_tags($_POST['merge']); -+ - // is the group not already existing ? - $query = ' - SELECT COUNT(*) -@@ -268,6 +275,11 @@ - { - break; - } -+ else -+ { -+ $_POST['duplicate_'.$group.''] = strip_tags(stripslashes($_POST['duplicate_'.$group.''])); -+ } -+ - // is the group not already existing ? - $query = ' - SELECT COUNT(*) -diff --git a/admin/themes/default/template/group_list.tpl b/admin/themes/default/template/group_list.tpl -index b14ff1725..6f0291f3c 100644 ---- a/admin/themes/default/template/group_list.tpl -+++ b/admin/themes/default/template/group_list.tpl -@@ -128,7 +128,7 @@ $(document).ready(function() { - {if not empty($groups)} - {foreach from=$groups item=group} - <p group_id="{$group.ID}" class="grp_action"> -- <input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}" onfocus="this.value=(this.value=='{$group.NAME}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$group.NAME}' : this.value;"> -+ <input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}"> - </p> - {/foreach} - {/if} -@@ -137,9 +137,8 @@ $(document).ready(function() { - <!-- merge --> - <div id="action_merge" class="bulkAction"> - <p id="two_to_select">{'Please select at least two groups'|@translate}</p> -- {assign var='mergeDefaultValue' value='Type here the name of the new group'|@translate} - <p id="two_atleast"> -- <input type="text" class="large" name="merge" value="{$mergeDefaultValue}" onfocus="this.value=(this.value=='{$mergeDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$mergeDefaultValue}' : this.value;"> -+ <input type="text" class="large" name="merge" value="" placeholder="{'Type here the name of the new group'|translate}"> - </p> - </div> - -@@ -150,11 +149,10 @@ $(document).ready(function() { - - <!-- duplicate --> - <div id="action_duplicate" class="bulkAction"> -- {assign var='duplicateDefaultValue' value='Type here the name of the new group'|@translate} - {if not empty($groups)} - {foreach from=$groups item=group} - <p group_id="{$group.ID}" class="grp_action"> -- {$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="{$duplicateDefaultValue}" onfocus="this.value=(this.value=='{$duplicateDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$duplicateDefaultValue}' : this.value;"> -+ {$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="" placeholder="{'Type here the name of the new group'|@translate}"> - </p> - {/foreach} - {/if} diff --git a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch deleted file mode 100644 index 45d57279950..00000000000 --- a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 6f49712b57a4cbe362c0f3d3a1e67267d298fe8b Mon Sep 17 00:00:00 2001 -From: Tomas Krizek <tomas.kri...@mailbox.org> -Date: Tue, 3 Dec 2019 21:56:44 +0100 -Subject: [PATCH] include/functions_cookie: use proper brackets for offset - access - -Fixes #1134 ---- - admin/site_update.php | 6 +++--- - include/functions_cookie.inc.php | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/admin/site_update.php b/admin/site_update.php -index 791a8d59e..e8fc78093 100644 ---- a/admin/site_update.php -+++ b/admin/site_update.php -@@ -257,7 +257,7 @@ - else - { - $insert['uppercats'] = $insert['id']; -- $insert{'rank'} = $next_rank['NULL']++; -+ $insert['rank'] = $next_rank['NULL']++; - $insert['global_rank'] = $insert['rank']; - } - -@@ -268,7 +268,7 @@ - ); - - // add the new category to $db_categories and $db_fulldirs array -- $db_categories[$insert{'id'}] = -+ $db_categories[$insert['id']] = - array( - 'id' => $insert['id'], - 'parent' => (isset($parent)) ? $parent : Null, -@@ -278,7 +278,7 @@ - 'global_rank' => $insert['global_rank'] - ); - $db_fulldirs[$fulldir] = $insert['id']; -- $next_rank[$insert{'id'}] = 1; -+ $next_rank[$insert['id']] = 1; - } - else - { -diff --git a/include/functions_cookie.inc.php b/include/functions_cookie.inc.php -index be9853d27..0eb159eb7 100644 ---- a/include/functions_cookie.inc.php -+++ b/include/functions_cookie.inc.php -@@ -54,7 +54,7 @@ function cookie_path() - $scr = substr($scr,0,strrpos( $scr,'/')); - - // add a trailing '/' if needed -- if ((strlen($scr) == 0) or ($scr{strlen($scr)-1} !== '/')) -+ if ((strlen($scr) == 0) or ($scr[strlen($scr)-1] !== '/')) - { - $scr .= '/'; - } diff --git a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch deleted file mode 100644 index 71b7c1a8e83..00000000000 --- a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch +++ /dev/null @@ -1,41 +0,0 @@ -From f1d1b55d82e9f2d77c5b54422bced31f44370ce0 Mon Sep 17 00:00:00 2001 -From: Ben <b...@ewft.org> -Date: Sun, 19 Jan 2020 18:28:16 +0100 -Subject: [PATCH] Fix PHP-7.4 Issue - -PHP-7.4 Issue = "Trying to access array offset on value of type null" in functions_category.inc.php ---- - include/functions_category.inc.php | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php -index 22997ee2f..64925a0c8 100644 ---- a/include/functions_category.inc.php -+++ b/include/functions_category.inc.php -@@ -103,6 +103,8 @@ function get_categories_menu() - $result = pwg_query($query); - $cats = array(); - $selected_category = isset($page['category']) ? $page['category'] : null; -+ $selected_category_id = isset($selected_category['id']) ? $selected_category['id'] : null; -+ $selected_category_id_uppercat = isset($selected_category['id_uppercat']) ? $selected_category['id_uppercat'] : null; - while ($row = pwg_db_fetch_assoc($result)) - { - $child_date_last = @$row['max_date_last']> @$row['date_last']; -@@ -122,8 +124,8 @@ function get_categories_menu() - ), - 'URL' => make_index_url(array('category' => $row)), - 'LEVEL' => substr_count($row['global_rank'], '.') + 1, -- 'SELECTED' => $selected_category['id'] == $row['id'] ? true : false, -- 'IS_UPPERCAT' => $selected_category['id_uppercat'] == $row['id'] ? true : false, -+ 'SELECTED' => $selected_category_id == $row['id'] ? true : false, -+ 'IS_UPPERCAT' => $selected_category_id_uppercat == $row['id'] ? true : false, - ) - ); - if ($conf['index_new_icon']) -@@ -602,4 +604,4 @@ function remove_computed_category(&$cats, $cat) - unset($cats[$cat['cat_id']]); - } - --?> -\ No newline at end of file -+?> diff --git a/www-apps/piwigo/piwigo-2.10.1-r1.ebuild b/www-apps/piwigo/piwigo-2.10.1-r1.ebuild deleted file mode 100644 index 84e1dab03f3..00000000000 --- a/www-apps/piwigo/piwigo-2.10.1-r1.ebuild +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit webapp - -DESCRIPTION="a photo gallery software for the web" -HOMEPAGE="http://piwigo.org/"; -SRC_URI="http://piwigo.org/download/dlcounter.php?code=${PV} -> ${P}.zip" - -LICENSE="GPL-2" -KEYWORDS="~amd64 ~x86" -IUSE="+exif +gd imagemagick" - -DEPEND="" -RDEPEND=" - imagemagick? ( virtual/imagemagick-tools ) - dev-lang/php[ctype,exif?,gd?,filter,iconv,json,mysqli] - >=virtual/mysql-5.0 - virtual/httpd-php" -BDEPEND="app-arch/unzip" - -REQUIRED_USE="|| ( gd imagemagick )" - -PATCHES=( - "${FILESDIR}"/${P}-css_vuln.patch - "${FILESDIR}"/${P}-php7.4_deprecation.patch - "${FILESDIR}"/${P}-php7.4_notice.patch - ) -S=${WORKDIR}/${PN} - -src_install() { - webapp_src_preinst - - insinto "${MY_HTDOCSDIR}" - doins -r . - - # Local configuration, and parts that can be updated - webapp_serverowned "${MY_HTDOCSDIR}"/_data - webapp_serverowned -R "${MY_HTDOCSDIR}"/galleries - webapp_serverowned -R "${MY_HTDOCSDIR}"/language - webapp_serverowned -R "${MY_HTDOCSDIR}"/local - webapp_serverowned -R "${MY_HTDOCSDIR}"/plugins - webapp_serverowned -R "${MY_HTDOCSDIR}"/template-extension - webapp_serverowned -R "${MY_HTDOCSDIR}"/themes - webapp_serverowned "${MY_HTDOCSDIR}"/upload - - webapp_src_install -}
