head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q1:1.1.0.10 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.8 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2009.05.21.14.34.36; author tonnerre; state dead; branches; next 1.1; 1.1 date 2008.07.25.00.53.58; author tonnerre; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.07.25.00.53.58; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.07.25.09.53.56; author tron; state Exp; branches; next ; desc @@ 1.2 log @Remove package sqlitemanager which is unmaintained upstream, full of security problems and has spent its last half year in eol-packages. @ text @$NetBSD: patch-aj,v 1.1 2008/07/25 00:53:58 tonnerre Exp $ --- spaw/class/lang.class.php.orig 2006-04-18 13:25:53.000000000 +0200 +++ spaw/class/lang.class.php @@@@ -12,6 +12,9 @@@@ // v.1.0, 2003-03-20 // ================================================ +// Prevent remote file inclusion +if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file"); + class SPAW_Lang { // current language @ 1.1 log @Fix two SQLitemanager vulnerabilities (arbitrary remote file inclusion and directory traversal), CVE-2007-1232 an CVE-2008-0516. Update to 1.2.0 in order to make this possible at all. Also remove manu as maintainer as he suggested in mail. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-aj was added on branch pkgsrc-2008Q2 on 2008-07-25 09:53:56 +0000 @ text @d1 14 @ 1.1.2.2 log @Pullup ticket #2461 - requested by tonnerre Revisions pulled up: databases/sqlitemanager/Makefile 1.8 databases/sqlitemanager/PLIST 1.3 databases/sqlitemanager/distinfo 1.3 databases/sqlitemanager/patches/patch-aa 1.1 databases/sqlitemanager/patches/patch-ab 1.1 databases/sqlitemanager/patches/patch-ac 1.1 databases/sqlitemanager/patches/patch-ad 1.1 databases/sqlitemanager/patches/patch-ae 1.1 databases/sqlitemanager/patches/patch-af 1.1 databases/sqlitemanager/patches/patch-ag 1.1 databases/sqlitemanager/patches/patch-ah 1.1 databases/sqlitemanager/patches/patch-ai 1.1 databases/sqlitemanager/patches/patch-aj 1.1 databases/sqlitemanager/patches/patch-ak 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Fri Jul 25 00:53:58 UTC 2008 Modified Files: pkgsrc/databases/sqlitemanager: Makefile PLIST distinfo Added Files: pkgsrc/databases/sqlitemanager/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak Log Message: Fix two SQLitemanager vulnerabilities (arbitrary remote file inclusion and directory traversal), CVE-2007-1232 an CVE-2008-0516. Update to 1.2.0 in order to make this possible at all. Also remove manu as maintainer as he suggested in mail. @ text @a0 14 $NetBSD: patch-aj,v 1.1 2008/07/25 00:53:58 tonnerre Exp $ --- spaw/class/lang.class.php.orig 2006-04-18 13:25:53.000000000 +0200 +++ spaw/class/lang.class.php @@@@ -12,6 +12,9 @@@@ // v.1.0, 2003-03-20 // ================================================ +// Prevent remote file inclusion +if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file"); + class SPAW_Lang { // current language @