pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/databases/sqlitemanager Pullup ticket #2461 - ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/825e46da973d
branches: pkgsrc-2008Q2
changeset: 544208:825e46da973d
user: tron <tron%pkgsrc.org@localhost>
date: Fri Jul 25 09:53:55 2008 +0000
description:
Pullup ticket #2461 - requested by tonnerre
Revisions pulled up:
databases/sqlitemanager/Makefile 1.8
databases/sqlitemanager/PLIST 1.3
databases/sqlitemanager/distinfo 1.3
databases/sqlitemanager/patches/patch-aa 1.1
databases/sqlitemanager/patches/patch-ab 1.1
databases/sqlitemanager/patches/patch-ac 1.1
databases/sqlitemanager/patches/patch-ad 1.1
databases/sqlitemanager/patches/patch-ae 1.1
databases/sqlitemanager/patches/patch-af 1.1
databases/sqlitemanager/patches/patch-ag 1.1
databases/sqlitemanager/patches/patch-ah 1.1
databases/sqlitemanager/patches/patch-ai 1.1
databases/sqlitemanager/patches/patch-aj 1.1
databases/sqlitemanager/patches/patch-ak 1.1
---
Module Name: pkgsrc
Committed By: tonnerre
Date: Fri Jul 25 00:53:58 UTC 2008
Modified Files:
pkgsrc/databases/sqlitemanager: Makefile PLIST distinfo
Added Files:
pkgsrc/databases/sqlitemanager/patches: patch-aa patch-ab
patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj
patch-ak
Log Message:
Fix two SQLitemanager vulnerabilities (arbitrary remote file inclusion
and directory traversal), CVE-2007-1232 an CVE-2008-0516. Update to
1.2.0 in order to make this possible at all. Also remove manu as
maintainer as he suggested in mail.
diffstat:
databases/sqlitemanager/Makefile | 10 ++++---
databases/sqlitemanager/PLIST | 42 +++++++++++++++++++++++++++++++-
databases/sqlitemanager/distinfo | 19 +++++++++++---
databases/sqlitemanager/patches/patch-aa | 12 +++++++++
databases/sqlitemanager/patches/patch-ab | 14 ++++++++++
databases/sqlitemanager/patches/patch-ac | 14 ++++++++++
databases/sqlitemanager/patches/patch-ad | 14 ++++++++++
databases/sqlitemanager/patches/patch-ae | 14 ++++++++++
databases/sqlitemanager/patches/patch-af | 14 ++++++++++
databases/sqlitemanager/patches/patch-ag | 12 +++++++++
databases/sqlitemanager/patches/patch-ah | 21 ++++++++++++++++
databases/sqlitemanager/patches/patch-ai | 14 ++++++++++
databases/sqlitemanager/patches/patch-aj | 14 ++++++++++
databases/sqlitemanager/patches/patch-ak | 22 ++++++++++++++++
14 files changed, 227 insertions(+), 9 deletions(-)
diffs (truncated from 413 to 300 lines):
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/Makefile
--- a/databases/sqlitemanager/Makefile Fri Jul 25 09:49:05 2008 +0000
+++ b/databases/sqlitemanager/Makefile Fri Jul 25 09:53:55 2008 +0000
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.7 2008/05/26 02:13:16 joerg Exp $
+# $NetBSD: Makefile,v 1.7.4.1 2008/07/25 09:53:55 tron Exp $
#
-DISTNAME= SQLiteManager-1.0.4
-PKGREVISION= 2
+DISTNAME= SQLiteManager-1.2.0
CATEGORIES= databases
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sqlitemanager/}
-MAINTAINER= manu%NetBSD.org@localhost
+MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://sourceforge.net/projects/silsm/
COMMENT= Web frontend for managing SQLite databases
@@ -20,6 +19,9 @@
PKG_USERS_VARS+= APACHE_USER
+post-patch:
+ ${FIND} ${WRKSRC} -name "*.orig" -exec ${RM} -f {} \;
+
do-install:
${INSTALL_DATA_DIR} ${DESTDIR}${PREFIX}/share
${INSTALL_DATA_DIR} ${DESTDIR}${PREFIX}/share/sqlitemanager
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/PLIST
--- a/databases/sqlitemanager/PLIST Fri Jul 25 09:49:05 2008 +0000
+++ b/databases/sqlitemanager/PLIST Fri Jul 25 09:53:55 2008 +0000
@@ -1,8 +1,11 @@
-@comment $NetBSD: PLIST,v 1.2 2006/06/16 10:58:08 rillig Exp $
+@comment $NetBSD: PLIST,v 1.2.20.1 2008/07/25 09:53:55 tron Exp $
+share/sqlitemanager/include/JSCookMenu.js
share/sqlitemanager/include/ParsingQuery.class.php
share/sqlitemanager/include/SQLite.i18n.php
share/sqlitemanager/include/SQLiteAuth.class.php
+share/sqlitemanager/include/SQLiteAutoConnect.class.php
share/sqlitemanager/include/SQLiteDbConnect.class.php
+share/sqlitemanager/include/SQLiteDbOperation.class.php
share/sqlitemanager/include/SQLiteDbOption.class.php
share/sqlitemanager/include/SQLiteExport.class.php
share/sqlitemanager/include/SQLiteFunctionProperties.class.php
@@ -17,19 +20,28 @@
share/sqlitemanager/include/common.lib.php
share/sqlitemanager/include/config.db
share/sqlitemanager/include/config.inc.php
+share/sqlitemanager/include/config3.db
share/sqlitemanager/include/dbproperties.php
share/sqlitemanager/include/defined.inc.php
share/sqlitemanager/include/function.js
share/sqlitemanager/include/functproperties.php
share/sqlitemanager/include/grab_global.php
+share/sqlitemanager/include/index.html
share/sqlitemanager/include/sql.class.php
share/sqlitemanager/include/sql.php
+share/sqlitemanager/include/sqlite.class.php
+share/sqlitemanager/include/sqlite2.class.php
+share/sqlitemanager/include/sqlite3.class.php
+share/sqlitemanager/include/sqlite_fulltextsearch.class.php
+share/sqlitemanager/include/sqlite_fulltextsearchex.class.php
share/sqlitemanager/include/tableproperties.php
share/sqlitemanager/include/triggerproperties.php
+share/sqlitemanager/include/user_defined.inc.php
share/sqlitemanager/include/viewproperties.php
share/sqlitemanager/index.php
share/sqlitemanager/lang/brazilian_portuguese.inc.php
share/sqlitemanager/lang/croatian.inc.php
+share/sqlitemanager/lang/danish.inc.php
share/sqlitemanager/lang/dutch.inc.php
share/sqlitemanager/lang/english.inc.php
share/sqlitemanager/lang/french.inc.php
@@ -37,7 +49,9 @@
share/sqlitemanager/lang/italian.inc.php
share/sqlitemanager/lang/japanese.inc.php
share/sqlitemanager/lang/polish.inc.php
+share/sqlitemanager/lang/simplified_chinese.inc.php
share/sqlitemanager/lang/spanish.inc.php
+share/sqlitemanager/lang/traditional_chinese.inc.php
share/sqlitemanager/left.php
share/sqlitemanager/main.php
share/sqlitemanager/test.sqlite
@@ -47,12 +61,22 @@
share/sqlitemanager/theme/default/define.php
share/sqlitemanager/theme/default/left.css
share/sqlitemanager/theme/default/main.css
+share/sqlitemanager/theme/default/menu/arrow.png
+share/sqlitemanager/theme/default/menu/blank.png
+share/sqlitemanager/theme/default/menu/index.html
+share/sqlitemanager/theme/default/menu/spacer.png
+share/sqlitemanager/theme/default/menu/theme.css
+share/sqlitemanager/theme/default/menu/theme.js
+share/sqlitemanager/theme/default/pics/HTML_off.png
+share/sqlitemanager/theme/default/pics/HTML_on.png
share/sqlitemanager/theme/default/pics/arrow_ltr.gif
share/sqlitemanager/theme/default/pics/asc_order.png
share/sqlitemanager/theme/default/pics/browse.png
share/sqlitemanager/theme/default/pics/browse2.png
share/sqlitemanager/theme/default/pics/browse_off.png
share/sqlitemanager/theme/default/pics/database.png
+share/sqlitemanager/theme/default/pics/database2.png
+share/sqlitemanager/theme/default/pics/database3.png
share/sqlitemanager/theme/default/pics/database_link.png
share/sqlitemanager/theme/default/pics/delete_table.png
share/sqlitemanager/theme/default/pics/delete_table_off.png
@@ -69,6 +93,7 @@
share/sqlitemanager/theme/default/pics/encrypted.png
share/sqlitemanager/theme/default/pics/encrypted_off.png
share/sqlitemanager/theme/default/pics/end.gif
+share/sqlitemanager/theme/default/pics/fulltext.png
share/sqlitemanager/theme/default/pics/functions.png
share/sqlitemanager/theme/default/pics/index.png
share/sqlitemanager/theme/default/pics/index_off.png
@@ -77,6 +102,7 @@
share/sqlitemanager/theme/default/pics/left.gif
share/sqlitemanager/theme/default/pics/minus.png
share/sqlitemanager/theme/default/pics/nobrowse.png
+share/sqlitemanager/theme/default/pics/nofulltext.png
share/sqlitemanager/theme/default/pics/plus.png
share/sqlitemanager/theme/default/pics/primaire.png
share/sqlitemanager/theme/default/pics/primaire_off.png
@@ -95,6 +121,13 @@
share/sqlitemanager/theme/green/define.php
share/sqlitemanager/theme/green/left.css
share/sqlitemanager/theme/green/main.css
+share/sqlitemanager/theme/green/menu/arrow.png
+share/sqlitemanager/theme/green/menu/blank.png
+share/sqlitemanager/theme/green/menu/index.html
+share/sqlitemanager/theme/green/menu/spacer.png
+share/sqlitemanager/theme/green/menu/theme.css
+share/sqlitemanager/theme/green/menu/theme.js
+share/sqlitemanager/theme/green/pics/bg.png
share/sqlitemanager/theme/green/pics/bg_left.png
share/sqlitemanager/theme/green/pics/bg_th.png
share/sqlitemanager/theme/green/pics/bg_title.png
@@ -102,6 +135,8 @@
share/sqlitemanager/theme/green/pics/browse2.png
share/sqlitemanager/theme/green/pics/browse_off.png
share/sqlitemanager/theme/green/pics/database.png
+share/sqlitemanager/theme/green/pics/database2.png
+share/sqlitemanager/theme/green/pics/database3.png
share/sqlitemanager/theme/green/pics/database_link.png
share/sqlitemanager/theme/green/pics/delete_table.png
share/sqlitemanager/theme/green/pics/delete_table_off.png
@@ -109,6 +144,7 @@
share/sqlitemanager/theme/green/pics/deletecol_off.png
share/sqlitemanager/theme/green/pics/deleterow.png
share/sqlitemanager/theme/green/pics/deleterow_off.png
+share/sqlitemanager/theme/green/pics/down.gif
share/sqlitemanager/theme/green/pics/edit.png
share/sqlitemanager/theme/green/pics/edit_off.png
share/sqlitemanager/theme/green/pics/edittrash.png
@@ -116,6 +152,7 @@
share/sqlitemanager/theme/green/pics/functions.png
share/sqlitemanager/theme/green/pics/index.png
share/sqlitemanager/theme/green/pics/index_off.png
+share/sqlitemanager/theme/green/pics/input.png
share/sqlitemanager/theme/green/pics/insertrow.png
share/sqlitemanager/theme/green/pics/insertrow_off.png
share/sqlitemanager/theme/green/pics/primaire.png
@@ -128,14 +165,17 @@
share/sqlitemanager/theme/green/pics/triggers.png
share/sqlitemanager/theme/green/pics/unique.png
share/sqlitemanager/theme/green/pics/unique_off.png
+share/sqlitemanager/theme/green/pics/up.gif
share/sqlitemanager/theme/green/pics/views.png
share/sqlitemanager/theme/jall/define.php
share/sqlitemanager/theme/jall/left.css
share/sqlitemanager/theme/jall/main.css
@dirrm share/sqlitemanager/theme/jall
@dirrm share/sqlitemanager/theme/green/pics
+@dirrm share/sqlitemanager/theme/green/menu
@dirrm share/sqlitemanager/theme/green
@dirrm share/sqlitemanager/theme/default/pics
+@dirrm share/sqlitemanager/theme/default/menu
@dirrm share/sqlitemanager/theme/default
@dirrm share/sqlitemanager/theme/PMA
@dirrm share/sqlitemanager/theme
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/distinfo
--- a/databases/sqlitemanager/distinfo Fri Jul 25 09:49:05 2008 +0000
+++ b/databases/sqlitemanager/distinfo Fri Jul 25 09:53:55 2008 +0000
@@ -1,5 +1,16 @@
-$NetBSD: distinfo,v 1.2 2005/02/23 16:33:10 agc Exp $
+$NetBSD: distinfo,v 1.2.30.1 2008/07/25 09:53:56 tron Exp $
-SHA1 (SQLiteManager-1.0.4.tar.gz) = fd45b6c144c2971a6df5453d198d552c2b91ba98
-RMD160 (SQLiteManager-1.0.4.tar.gz) = 61d2c437b52bf8c93e0925165307e750a16b924a
-Size (SQLiteManager-1.0.4.tar.gz) = 136147 bytes
+SHA1 (SQLiteManager-1.2.0.tar.gz) = e3e9d0109c67d4dd2d19c6980270ea87206670f4
+RMD160 (SQLiteManager-1.2.0.tar.gz) = 1971cdc8db7f2719245c645e2f014c0ca3ded24b
+Size (SQLiteManager-1.2.0.tar.gz) = 700971 bytes
+SHA1 (patch-aa) = f88d3a98cb0f1e1902d91efdd9fbbbeae86ee2ff
+SHA1 (patch-ab) = 7af9f43b8a76a40320a050b3095554e3db23d180
+SHA1 (patch-ac) = 022330065c8a8abe4fa42f9a10ccc0c7a2e05bfa
+SHA1 (patch-ad) = ecbe26abc17434f884de4bde78f04b3f492ab5d6
+SHA1 (patch-ae) = b463599a74dda1be4aa11f16c87c13e3dd56ef0d
+SHA1 (patch-af) = e1ecec86999c78c25ca38d87e0b378c71e0d4fe2
+SHA1 (patch-ag) = f3caa136048428e53f44ea708ca786fe8be526f9
+SHA1 (patch-ah) = 630306b033e609af4dbb43cf02d409a3286c4be7
+SHA1 (patch-ai) = c3cbe5032674da69e491122c1d26d9503f50604a
+SHA1 (patch-aj) = 6855d0ee5e48e36c64bf99be04aba39cf9d8a641
+SHA1 (patch-ak) = b5fcc942c28026660a2e6fd034b08cda4258c805
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-aa Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-aa,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/confirm.php.orig 2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/confirm.php
+@@ -13,4 +13,7 @@
+ // ================================================
+
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ab Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ab,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/td.php.orig 2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/td.php
+@@ -12,6 +12,9 @@
+ // v.1.0, 2003-04-01
+ // ================================================
+
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ac Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/table.php.orig 2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/table.php
+@@ -12,6 +12,9 @@
+ // v.1.0, 2003-04-01
+ // ================================================
+
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ad Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ad,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/img.php.orig 2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/img.php
+@@ -12,6 +12,9 @@
+ // v.1.0, 2003-04-01
+ // ================================================
+
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ae Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ae,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/img_library.php.orig 2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/img_library.php
+@@ -15,6 +15,9 @@
+ // unset $spaw_imglib_include
+ unset($spaw_imglib_include);
+
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-af Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-af,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/a.php.orig 2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/a.php
Home |
Main Index |
Thread Index |
Old Index