pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q2]: pkgsrc/databases/sqlitemanager Pullup ticket #2461 - ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/825e46da973d
branches:  pkgsrc-2008Q2
changeset: 544208:825e46da973d
user:      tron <tron%pkgsrc.org@localhost>
date:      Fri Jul 25 09:53:55 2008 +0000

description:
Pullup ticket #2461 - requested by tonnerre

Revisions pulled up:
databases/sqlitemanager/Makefile                1.8
databases/sqlitemanager/PLIST                   1.3
databases/sqlitemanager/distinfo                1.3
databases/sqlitemanager/patches/patch-aa        1.1
databases/sqlitemanager/patches/patch-ab        1.1
databases/sqlitemanager/patches/patch-ac        1.1
databases/sqlitemanager/patches/patch-ad        1.1
databases/sqlitemanager/patches/patch-ae        1.1
databases/sqlitemanager/patches/patch-af        1.1
databases/sqlitemanager/patches/patch-ag        1.1
databases/sqlitemanager/patches/patch-ah        1.1
databases/sqlitemanager/patches/patch-ai        1.1
databases/sqlitemanager/patches/patch-aj        1.1
databases/sqlitemanager/patches/patch-ak        1.1
---
    Module Name:        pkgsrc
    Committed By:       tonnerre
    Date:               Fri Jul 25 00:53:58 UTC 2008

    Modified Files:
        pkgsrc/databases/sqlitemanager: Makefile PLIST distinfo
    Added Files:
        pkgsrc/databases/sqlitemanager/patches: patch-aa patch-ab
    patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj
            patch-ak

    Log Message:
    Fix two SQLitemanager vulnerabilities (arbitrary remote file inclusion
    and directory traversal), CVE-2007-1232 an CVE-2008-0516. Update to
    1.2.0 in order to make this possible at all. Also remove manu as
    maintainer as he suggested in mail.

diffstat:

 databases/sqlitemanager/Makefile         |  10 ++++---
 databases/sqlitemanager/PLIST            |  42 +++++++++++++++++++++++++++++++-
 databases/sqlitemanager/distinfo         |  19 +++++++++++---
 databases/sqlitemanager/patches/patch-aa |  12 +++++++++
 databases/sqlitemanager/patches/patch-ab |  14 ++++++++++
 databases/sqlitemanager/patches/patch-ac |  14 ++++++++++
 databases/sqlitemanager/patches/patch-ad |  14 ++++++++++
 databases/sqlitemanager/patches/patch-ae |  14 ++++++++++
 databases/sqlitemanager/patches/patch-af |  14 ++++++++++
 databases/sqlitemanager/patches/patch-ag |  12 +++++++++
 databases/sqlitemanager/patches/patch-ah |  21 ++++++++++++++++
 databases/sqlitemanager/patches/patch-ai |  14 ++++++++++
 databases/sqlitemanager/patches/patch-aj |  14 ++++++++++
 databases/sqlitemanager/patches/patch-ak |  22 ++++++++++++++++
 14 files changed, 227 insertions(+), 9 deletions(-)

diffs (truncated from 413 to 300 lines):

diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/Makefile
--- a/databases/sqlitemanager/Makefile  Fri Jul 25 09:49:05 2008 +0000
+++ b/databases/sqlitemanager/Makefile  Fri Jul 25 09:53:55 2008 +0000
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.7 2008/05/26 02:13:16 joerg Exp $
+# $NetBSD: Makefile,v 1.7.4.1 2008/07/25 09:53:55 tron Exp $
 #
 
-DISTNAME=              SQLiteManager-1.0.4
-PKGREVISION=           2
+DISTNAME=              SQLiteManager-1.2.0
 CATEGORIES=            databases
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=sqlitemanager/}
 
-MAINTAINER=            manu%NetBSD.org@localhost
+MAINTAINER=            pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=              http://sourceforge.net/projects/silsm/
 COMMENT=               Web frontend for managing SQLite databases
 
@@ -20,6 +19,9 @@
 
 PKG_USERS_VARS+=       APACHE_USER
 
+post-patch:
+       ${FIND} ${WRKSRC} -name "*.orig" -exec ${RM} -f {} \;
+
 do-install:
        ${INSTALL_DATA_DIR} ${DESTDIR}${PREFIX}/share
        ${INSTALL_DATA_DIR} ${DESTDIR}${PREFIX}/share/sqlitemanager
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/PLIST
--- a/databases/sqlitemanager/PLIST     Fri Jul 25 09:49:05 2008 +0000
+++ b/databases/sqlitemanager/PLIST     Fri Jul 25 09:53:55 2008 +0000
@@ -1,8 +1,11 @@
-@comment $NetBSD: PLIST,v 1.2 2006/06/16 10:58:08 rillig Exp $
+@comment $NetBSD: PLIST,v 1.2.20.1 2008/07/25 09:53:55 tron Exp $
+share/sqlitemanager/include/JSCookMenu.js
 share/sqlitemanager/include/ParsingQuery.class.php
 share/sqlitemanager/include/SQLite.i18n.php
 share/sqlitemanager/include/SQLiteAuth.class.php
+share/sqlitemanager/include/SQLiteAutoConnect.class.php
 share/sqlitemanager/include/SQLiteDbConnect.class.php
+share/sqlitemanager/include/SQLiteDbOperation.class.php
 share/sqlitemanager/include/SQLiteDbOption.class.php
 share/sqlitemanager/include/SQLiteExport.class.php
 share/sqlitemanager/include/SQLiteFunctionProperties.class.php
@@ -17,19 +20,28 @@
 share/sqlitemanager/include/common.lib.php
 share/sqlitemanager/include/config.db
 share/sqlitemanager/include/config.inc.php
+share/sqlitemanager/include/config3.db
 share/sqlitemanager/include/dbproperties.php
 share/sqlitemanager/include/defined.inc.php
 share/sqlitemanager/include/function.js
 share/sqlitemanager/include/functproperties.php
 share/sqlitemanager/include/grab_global.php
+share/sqlitemanager/include/index.html
 share/sqlitemanager/include/sql.class.php
 share/sqlitemanager/include/sql.php
+share/sqlitemanager/include/sqlite.class.php
+share/sqlitemanager/include/sqlite2.class.php
+share/sqlitemanager/include/sqlite3.class.php
+share/sqlitemanager/include/sqlite_fulltextsearch.class.php
+share/sqlitemanager/include/sqlite_fulltextsearchex.class.php
 share/sqlitemanager/include/tableproperties.php
 share/sqlitemanager/include/triggerproperties.php
+share/sqlitemanager/include/user_defined.inc.php
 share/sqlitemanager/include/viewproperties.php
 share/sqlitemanager/index.php
 share/sqlitemanager/lang/brazilian_portuguese.inc.php
 share/sqlitemanager/lang/croatian.inc.php
+share/sqlitemanager/lang/danish.inc.php
 share/sqlitemanager/lang/dutch.inc.php
 share/sqlitemanager/lang/english.inc.php
 share/sqlitemanager/lang/french.inc.php
@@ -37,7 +49,9 @@
 share/sqlitemanager/lang/italian.inc.php
 share/sqlitemanager/lang/japanese.inc.php
 share/sqlitemanager/lang/polish.inc.php
+share/sqlitemanager/lang/simplified_chinese.inc.php
 share/sqlitemanager/lang/spanish.inc.php
+share/sqlitemanager/lang/traditional_chinese.inc.php
 share/sqlitemanager/left.php
 share/sqlitemanager/main.php
 share/sqlitemanager/test.sqlite
@@ -47,12 +61,22 @@
 share/sqlitemanager/theme/default/define.php
 share/sqlitemanager/theme/default/left.css
 share/sqlitemanager/theme/default/main.css
+share/sqlitemanager/theme/default/menu/arrow.png
+share/sqlitemanager/theme/default/menu/blank.png
+share/sqlitemanager/theme/default/menu/index.html
+share/sqlitemanager/theme/default/menu/spacer.png
+share/sqlitemanager/theme/default/menu/theme.css
+share/sqlitemanager/theme/default/menu/theme.js
+share/sqlitemanager/theme/default/pics/HTML_off.png
+share/sqlitemanager/theme/default/pics/HTML_on.png
 share/sqlitemanager/theme/default/pics/arrow_ltr.gif
 share/sqlitemanager/theme/default/pics/asc_order.png
 share/sqlitemanager/theme/default/pics/browse.png
 share/sqlitemanager/theme/default/pics/browse2.png
 share/sqlitemanager/theme/default/pics/browse_off.png
 share/sqlitemanager/theme/default/pics/database.png
+share/sqlitemanager/theme/default/pics/database2.png
+share/sqlitemanager/theme/default/pics/database3.png
 share/sqlitemanager/theme/default/pics/database_link.png
 share/sqlitemanager/theme/default/pics/delete_table.png
 share/sqlitemanager/theme/default/pics/delete_table_off.png
@@ -69,6 +93,7 @@
 share/sqlitemanager/theme/default/pics/encrypted.png
 share/sqlitemanager/theme/default/pics/encrypted_off.png
 share/sqlitemanager/theme/default/pics/end.gif
+share/sqlitemanager/theme/default/pics/fulltext.png
 share/sqlitemanager/theme/default/pics/functions.png
 share/sqlitemanager/theme/default/pics/index.png
 share/sqlitemanager/theme/default/pics/index_off.png
@@ -77,6 +102,7 @@
 share/sqlitemanager/theme/default/pics/left.gif
 share/sqlitemanager/theme/default/pics/minus.png
 share/sqlitemanager/theme/default/pics/nobrowse.png
+share/sqlitemanager/theme/default/pics/nofulltext.png
 share/sqlitemanager/theme/default/pics/plus.png
 share/sqlitemanager/theme/default/pics/primaire.png
 share/sqlitemanager/theme/default/pics/primaire_off.png
@@ -95,6 +121,13 @@
 share/sqlitemanager/theme/green/define.php
 share/sqlitemanager/theme/green/left.css
 share/sqlitemanager/theme/green/main.css
+share/sqlitemanager/theme/green/menu/arrow.png
+share/sqlitemanager/theme/green/menu/blank.png
+share/sqlitemanager/theme/green/menu/index.html
+share/sqlitemanager/theme/green/menu/spacer.png
+share/sqlitemanager/theme/green/menu/theme.css
+share/sqlitemanager/theme/green/menu/theme.js
+share/sqlitemanager/theme/green/pics/bg.png
 share/sqlitemanager/theme/green/pics/bg_left.png
 share/sqlitemanager/theme/green/pics/bg_th.png
 share/sqlitemanager/theme/green/pics/bg_title.png
@@ -102,6 +135,8 @@
 share/sqlitemanager/theme/green/pics/browse2.png
 share/sqlitemanager/theme/green/pics/browse_off.png
 share/sqlitemanager/theme/green/pics/database.png
+share/sqlitemanager/theme/green/pics/database2.png
+share/sqlitemanager/theme/green/pics/database3.png
 share/sqlitemanager/theme/green/pics/database_link.png
 share/sqlitemanager/theme/green/pics/delete_table.png
 share/sqlitemanager/theme/green/pics/delete_table_off.png
@@ -109,6 +144,7 @@
 share/sqlitemanager/theme/green/pics/deletecol_off.png
 share/sqlitemanager/theme/green/pics/deleterow.png
 share/sqlitemanager/theme/green/pics/deleterow_off.png
+share/sqlitemanager/theme/green/pics/down.gif
 share/sqlitemanager/theme/green/pics/edit.png
 share/sqlitemanager/theme/green/pics/edit_off.png
 share/sqlitemanager/theme/green/pics/edittrash.png
@@ -116,6 +152,7 @@
 share/sqlitemanager/theme/green/pics/functions.png
 share/sqlitemanager/theme/green/pics/index.png
 share/sqlitemanager/theme/green/pics/index_off.png
+share/sqlitemanager/theme/green/pics/input.png
 share/sqlitemanager/theme/green/pics/insertrow.png
 share/sqlitemanager/theme/green/pics/insertrow_off.png
 share/sqlitemanager/theme/green/pics/primaire.png
@@ -128,14 +165,17 @@
 share/sqlitemanager/theme/green/pics/triggers.png
 share/sqlitemanager/theme/green/pics/unique.png
 share/sqlitemanager/theme/green/pics/unique_off.png
+share/sqlitemanager/theme/green/pics/up.gif
 share/sqlitemanager/theme/green/pics/views.png
 share/sqlitemanager/theme/jall/define.php
 share/sqlitemanager/theme/jall/left.css
 share/sqlitemanager/theme/jall/main.css
 @dirrm share/sqlitemanager/theme/jall
 @dirrm share/sqlitemanager/theme/green/pics
+@dirrm share/sqlitemanager/theme/green/menu
 @dirrm share/sqlitemanager/theme/green
 @dirrm share/sqlitemanager/theme/default/pics
+@dirrm share/sqlitemanager/theme/default/menu
 @dirrm share/sqlitemanager/theme/default
 @dirrm share/sqlitemanager/theme/PMA
 @dirrm share/sqlitemanager/theme
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/distinfo
--- a/databases/sqlitemanager/distinfo  Fri Jul 25 09:49:05 2008 +0000
+++ b/databases/sqlitemanager/distinfo  Fri Jul 25 09:53:55 2008 +0000
@@ -1,5 +1,16 @@
-$NetBSD: distinfo,v 1.2 2005/02/23 16:33:10 agc Exp $
+$NetBSD: distinfo,v 1.2.30.1 2008/07/25 09:53:56 tron Exp $
 
-SHA1 (SQLiteManager-1.0.4.tar.gz) = fd45b6c144c2971a6df5453d198d552c2b91ba98
-RMD160 (SQLiteManager-1.0.4.tar.gz) = 61d2c437b52bf8c93e0925165307e750a16b924a
-Size (SQLiteManager-1.0.4.tar.gz) = 136147 bytes
+SHA1 (SQLiteManager-1.2.0.tar.gz) = e3e9d0109c67d4dd2d19c6980270ea87206670f4
+RMD160 (SQLiteManager-1.2.0.tar.gz) = 1971cdc8db7f2719245c645e2f014c0ca3ded24b
+Size (SQLiteManager-1.2.0.tar.gz) = 700971 bytes
+SHA1 (patch-aa) = f88d3a98cb0f1e1902d91efdd9fbbbeae86ee2ff
+SHA1 (patch-ab) = 7af9f43b8a76a40320a050b3095554e3db23d180
+SHA1 (patch-ac) = 022330065c8a8abe4fa42f9a10ccc0c7a2e05bfa
+SHA1 (patch-ad) = ecbe26abc17434f884de4bde78f04b3f492ab5d6
+SHA1 (patch-ae) = b463599a74dda1be4aa11f16c87c13e3dd56ef0d
+SHA1 (patch-af) = e1ecec86999c78c25ca38d87e0b378c71e0d4fe2
+SHA1 (patch-ag) = f3caa136048428e53f44ea708ca786fe8be526f9
+SHA1 (patch-ah) = 630306b033e609af4dbb43cf02d409a3286c4be7
+SHA1 (patch-ai) = c3cbe5032674da69e491122c1d26d9503f50604a
+SHA1 (patch-aj) = 6855d0ee5e48e36c64bf99be04aba39cf9d8a641
+SHA1 (patch-ak) = b5fcc942c28026660a2e6fd034b08cda4258c805
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-aa  Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-aa,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/confirm.php.orig      2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/confirm.php
+@@ -13,4 +13,7 @@
+ // ================================================
+ 
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ab  Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ab,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/td.php.orig   2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/td.php
+@@ -12,6 +12,9 @@
+ // v.1.0, 2003-04-01
+ // ================================================
+ 
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ac  Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/table.php.orig        2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/table.php
+@@ -12,6 +12,9 @@
+ // v.1.0, 2003-04-01
+ // ================================================
+ 
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ad  Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ad,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/img.php.orig  2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/img.php
+@@ -12,6 +12,9 @@
+ // v.1.0, 2003-04-01
+ // ================================================
+ 
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-ae  Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ae,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/img_library.php.orig  2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/img_library.php
+@@ -15,6 +15,9 @@
+ // unset $spaw_imglib_include
+ unset($spaw_imglib_include);
+ 
++// Prevent remote file inclusion
++if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
++
+ // include wysiwyg config
+ include '../config/spaw_control.config.php';
+ include $spaw_root.'class/util.class.php';
diff -r d32183330a87 -r 825e46da973d databases/sqlitemanager/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/sqlitemanager/patches/patch-af  Fri Jul 25 09:53:55 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-af,v 1.1.2.2 2008/07/25 09:53:56 tron Exp $
+
+--- spaw/dialogs/a.php.orig    2006-04-18 13:25:53.000000000 +0200
++++ spaw/dialogs/a.php



Home | Main Index | Thread Index | Old Index