commit: 2b46d37e6fd1b061384d4fe6ad46ac54afd0a775 Author: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> AuthorDate: Sat Feb 29 20:53:46 2020 +0000 Commit: Bernard Cafarelli <voyageur <AT> gentoo <DOT> org> CommitDate: Sat Feb 29 20:53:46 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b46d37e
www-apps/piwigo: backport fix for CVE-2020-8089 Drop old vulnerable version Also backport some PHP 7.4 compatibility fixes Bug: https://bugs.gentoo.org/709324 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Bernard Cafarelli <voyageur <AT> gentoo.org> www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch | 94 ++++++++++++++++++++++ .../files/piwigo-2.10.1-php7.4_deprecation.patch | 56 +++++++++++++ .../piwigo/files/piwigo-2.10.1-php7.4_notice.patch | 41 ++++++++++ ...iwigo-2.10.1.ebuild => piwigo-2.10.1-r1.ebuild} | 7 +- 4 files changed, 197 insertions(+), 1 deletion(-) diff --git a/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch b/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch new file mode 100644 index 00000000000..101777393cf --- /dev/null +++ b/www-apps/piwigo/files/piwigo-2.10.1-css_vuln.patch @@ -0,0 +1,94 @@ +From 619849ff8b39f536e9ce40687c07589f8b262278 Mon Sep 17 00:00:00 2001 +From: plegall <p...@piwigo.org> +Date: Fri, 7 Feb 2020 17:05:56 +0100 +Subject: [PATCH] fixes #1150 prevent HTML code in group name + +It avoids any stored XSS between administrators and it's totally useless to have HTML code in the group name. +--- + admin/group_list.php | 14 +++++++++++++- + admin/themes/default/template/group_list.tpl | 8 +++----- + 2 files changed, 16 insertions(+), 6 deletions(-) + +diff --git a/admin/group_list.php b/admin/group_list.php +index ba9c89fef..7e7a3bd9f 100644 +--- a/admin/group_list.php ++++ b/admin/group_list.php +@@ -45,6 +45,11 @@ + { + $page['errors'][] = l10n('The name of a group must not contain " or \' or be empty.'); + } ++ else ++ { ++ $_POST['groupname'] = strip_tags($_POST['groupname']); ++ } ++ + if (count($page['errors']) == 0) + { + // is the group not already existing ? +@@ -107,7 +112,7 @@ + $group_names = array_from_query($query, 'name'); + foreach($groups as $group) + { +- $_POST['rename_'.$group] = stripslashes($_POST['rename_'.$group]); ++ $_POST['rename_'.$group] = strip_tags(stripslashes($_POST['rename_'.$group])); + + if (in_array($_POST['rename_'.$group], $group_names)) + { +@@ -181,6 +186,8 @@ + + if ($action=="merge" and count($groups) > 1) + { ++ $_POST['merge'] = strip_tags($_POST['merge']); ++ + // is the group not already existing ? + $query = ' + SELECT COUNT(*) +@@ -268,6 +275,11 @@ + { + break; + } ++ else ++ { ++ $_POST['duplicate_'.$group.''] = strip_tags(stripslashes($_POST['duplicate_'.$group.''])); ++ } ++ + // is the group not already existing ? + $query = ' + SELECT COUNT(*) +diff --git a/admin/themes/default/template/group_list.tpl b/admin/themes/default/template/group_list.tpl +index b14ff1725..6f0291f3c 100644 +--- a/admin/themes/default/template/group_list.tpl ++++ b/admin/themes/default/template/group_list.tpl +@@ -128,7 +128,7 @@ $(document).ready(function() { + {if not empty($groups)} + {foreach from=$groups item=group} + <p group_id="{$group.ID}" class="grp_action"> +- <input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}" onfocus="this.value=(this.value=='{$group.NAME}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$group.NAME}' : this.value;"> ++ <input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}"> + </p> + {/foreach} + {/if} +@@ -137,9 +137,8 @@ $(document).ready(function() { + <!-- merge --> + <div id="action_merge" class="bulkAction"> + <p id="two_to_select">{'Please select at least two groups'|@translate}</p> +- {assign var='mergeDefaultValue' value='Type here the name of the new group'|@translate} + <p id="two_atleast"> +- <input type="text" class="large" name="merge" value="{$mergeDefaultValue}" onfocus="this.value=(this.value=='{$mergeDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$mergeDefaultValue}' : this.value;"> ++ <input type="text" class="large" name="merge" value="" placeholder="{'Type here the name of the new group'|translate}"> + </p> + </div> + +@@ -150,11 +149,10 @@ $(document).ready(function() { + + <!-- duplicate --> + <div id="action_duplicate" class="bulkAction"> +- {assign var='duplicateDefaultValue' value='Type here the name of the new group'|@translate} + {if not empty($groups)} + {foreach from=$groups item=group} + <p group_id="{$group.ID}" class="grp_action"> +- {$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="{$duplicateDefaultValue}" onfocus="this.value=(this.value=='{$duplicateDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$duplicateDefaultValue}' : this.value;"> ++ {$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="" placeholder="{'Type here the name of the new group'|@translate}"> + </p> + {/foreach} + {/if} diff --git a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch new file mode 100644 index 00000000000..45d57279950 --- /dev/null +++ b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_deprecation.patch @@ -0,0 +1,56 @@ +From 6f49712b57a4cbe362c0f3d3a1e67267d298fe8b Mon Sep 17 00:00:00 2001 +From: Tomas Krizek <tomas.kri...@mailbox.org> +Date: Tue, 3 Dec 2019 21:56:44 +0100 +Subject: [PATCH] include/functions_cookie: use proper brackets for offset + access + +Fixes #1134 +--- + admin/site_update.php | 6 +++--- + include/functions_cookie.inc.php | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/admin/site_update.php b/admin/site_update.php +index 791a8d59e..e8fc78093 100644 +--- a/admin/site_update.php ++++ b/admin/site_update.php +@@ -257,7 +257,7 @@ + else + { + $insert['uppercats'] = $insert['id']; +- $insert{'rank'} = $next_rank['NULL']++; ++ $insert['rank'] = $next_rank['NULL']++; + $insert['global_rank'] = $insert['rank']; + } + +@@ -268,7 +268,7 @@ + ); + + // add the new category to $db_categories and $db_fulldirs array +- $db_categories[$insert{'id'}] = ++ $db_categories[$insert['id']] = + array( + 'id' => $insert['id'], + 'parent' => (isset($parent)) ? $parent : Null, +@@ -278,7 +278,7 @@ + 'global_rank' => $insert['global_rank'] + ); + $db_fulldirs[$fulldir] = $insert['id']; +- $next_rank[$insert{'id'}] = 1; ++ $next_rank[$insert['id']] = 1; + } + else + { +diff --git a/include/functions_cookie.inc.php b/include/functions_cookie.inc.php +index be9853d27..0eb159eb7 100644 +--- a/include/functions_cookie.inc.php ++++ b/include/functions_cookie.inc.php +@@ -54,7 +54,7 @@ function cookie_path() + $scr = substr($scr,0,strrpos( $scr,'/')); + + // add a trailing '/' if needed +- if ((strlen($scr) == 0) or ($scr{strlen($scr)-1} !== '/')) ++ if ((strlen($scr) == 0) or ($scr[strlen($scr)-1] !== '/')) + { + $scr .= '/'; + } diff --git a/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch new file mode 100644 index 00000000000..71b7c1a8e83 --- /dev/null +++ b/www-apps/piwigo/files/piwigo-2.10.1-php7.4_notice.patch @@ -0,0 +1,41 @@ +From f1d1b55d82e9f2d77c5b54422bced31f44370ce0 Mon Sep 17 00:00:00 2001 +From: Ben <b...@ewft.org> +Date: Sun, 19 Jan 2020 18:28:16 +0100 +Subject: [PATCH] Fix PHP-7.4 Issue + +PHP-7.4 Issue = "Trying to access array offset on value of type null" in functions_category.inc.php +--- + include/functions_category.inc.php | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php +index 22997ee2f..64925a0c8 100644 +--- a/include/functions_category.inc.php ++++ b/include/functions_category.inc.php +@@ -103,6 +103,8 @@ function get_categories_menu() + $result = pwg_query($query); + $cats = array(); + $selected_category = isset($page['category']) ? $page['category'] : null; ++ $selected_category_id = isset($selected_category['id']) ? $selected_category['id'] : null; ++ $selected_category_id_uppercat = isset($selected_category['id_uppercat']) ? $selected_category['id_uppercat'] : null; + while ($row = pwg_db_fetch_assoc($result)) + { + $child_date_last = @$row['max_date_last']> @$row['date_last']; +@@ -122,8 +124,8 @@ function get_categories_menu() + ), + 'URL' => make_index_url(array('category' => $row)), + 'LEVEL' => substr_count($row['global_rank'], '.') + 1, +- 'SELECTED' => $selected_category['id'] == $row['id'] ? true : false, +- 'IS_UPPERCAT' => $selected_category['id_uppercat'] == $row['id'] ? true : false, ++ 'SELECTED' => $selected_category_id == $row['id'] ? true : false, ++ 'IS_UPPERCAT' => $selected_category_id_uppercat == $row['id'] ? true : false, + ) + ); + if ($conf['index_new_icon']) +@@ -602,4 +604,4 @@ function remove_computed_category(&$cats, $cat) + unset($cats[$cat['cat_id']]); + } + +-?> +\ No newline at end of file ++?> diff --git a/www-apps/piwigo/piwigo-2.10.1.ebuild b/www-apps/piwigo/piwigo-2.10.1-r1.ebuild similarity index 86% rename from www-apps/piwigo/piwigo-2.10.1.ebuild rename to www-apps/piwigo/piwigo-2.10.1-r1.ebuild index 208eb4ede24..84e1dab03f3 100644 --- a/www-apps/piwigo/piwigo-2.10.1.ebuild +++ b/www-apps/piwigo/piwigo-2.10.1-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -22,6 +22,11 @@ BDEPEND="app-arch/unzip" REQUIRED_USE="|| ( gd imagemagick )" +PATCHES=( + "${FILESDIR}"/${P}-css_vuln.patch + "${FILESDIR}"/${P}-php7.4_deprecation.patch + "${FILESDIR}"/${P}-php7.4_notice.patch + ) S=${WORKDIR}/${PN} src_install() {
