diff options
Diffstat (limited to 'www-apps')
| -rw-r--r-- | www-apps/Manifest.gz | bin | 13446 -> 13447 bytes | |||
| -rw-r--r-- | www-apps/nextcloud/Manifest | 2 | ||||
| -rw-r--r-- | www-apps/nextcloud/nextcloud-28.0.2.ebuild | 2 | ||||
| -rw-r--r-- | www-apps/phpsysinfo/Manifest | 3 | ||||
| -rw-r--r-- | www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch | 44 | ||||
| -rw-r--r-- | www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild (renamed from www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild) | 4 |
6 files changed, 51 insertions, 4 deletions
diff --git a/www-apps/Manifest.gz b/www-apps/Manifest.gz Binary files differindex 64c7d44f92ab..5d4981cede30 100644 --- a/www-apps/Manifest.gz +++ b/www-apps/Manifest.gz diff --git a/www-apps/nextcloud/Manifest b/www-apps/nextcloud/Manifest index 70244eb61985..ad03ab5e89d3 100644 --- a/www-apps/nextcloud/Manifest +++ b/www-apps/nextcloud/Manifest @@ -15,6 +15,6 @@ EBUILD nextcloud-27.1.5.ebuild 1081 BLAKE2B 9de7eba7a07b0731af59f66fed8081fe18e4 EBUILD nextcloud-27.1.6.ebuild 1073 BLAKE2B ef3f21eb27f7e15344ccbe0a2c82c096890bed105305bf9501790c7267c74f55ad96bb13ba9f1f8996f4df93619b7186fccd78dd1671163fd701da980198bf91 SHA512 0390ae53f04f50b03d0841d0eb5c426743146fc4d8730b96ab90b8b950be07ad2261ff6e7a8b2055d0319ea5d6959144db29bba430a00a26f7faa207d4e2f8a7 EBUILD nextcloud-27.1.7.ebuild 1073 BLAKE2B ef3f21eb27f7e15344ccbe0a2c82c096890bed105305bf9501790c7267c74f55ad96bb13ba9f1f8996f4df93619b7186fccd78dd1671163fd701da980198bf91 SHA512 0390ae53f04f50b03d0841d0eb5c426743146fc4d8730b96ab90b8b950be07ad2261ff6e7a8b2055d0319ea5d6959144db29bba430a00a26f7faa207d4e2f8a7 EBUILD nextcloud-28.0.1.ebuild 1081 BLAKE2B 9de7eba7a07b0731af59f66fed8081fe18e43479df29b2d9fa93fd50c059b9955d6374e0ce94be9f3ab06ee6aa992cfa5e1e3161864a4da29889b0c549e8a094 SHA512 fdc3a214852f8bcf151d579de62c5785030f9233b1a765185b4d74b7f0ba08871d1bb9b41fd7161557e52cd85af6f765ad94589cbb9ab613df60ed11ed11ab38 -EBUILD nextcloud-28.0.2.ebuild 1073 BLAKE2B ef3f21eb27f7e15344ccbe0a2c82c096890bed105305bf9501790c7267c74f55ad96bb13ba9f1f8996f4df93619b7186fccd78dd1671163fd701da980198bf91 SHA512 0390ae53f04f50b03d0841d0eb5c426743146fc4d8730b96ab90b8b950be07ad2261ff6e7a8b2055d0319ea5d6959144db29bba430a00a26f7faa207d4e2f8a7 +EBUILD nextcloud-28.0.2.ebuild 1072 BLAKE2B f21a6c9bdd864e47f1033b25c893d2d549b20d62fd9357912a30bfe0e2a2214f15f53f0dabdba95c5013f5858625be45c3b5031f8cd560bfb242118d5dd18d8b SHA512 6c6bcb3a3dcbbbdceff0ea05e12f1a4a7009312f4db784178ff2da6f3cb17fc5571c7e72cd43e8c0d3f969a80fc3fbdc6f152ff66ee6efd0de3ce7bc6bd8ce38 EBUILD nextcloud-28.0.3.ebuild 1073 BLAKE2B ef3f21eb27f7e15344ccbe0a2c82c096890bed105305bf9501790c7267c74f55ad96bb13ba9f1f8996f4df93619b7186fccd78dd1671163fd701da980198bf91 SHA512 0390ae53f04f50b03d0841d0eb5c426743146fc4d8730b96ab90b8b950be07ad2261ff6e7a8b2055d0319ea5d6959144db29bba430a00a26f7faa207d4e2f8a7 MISC metadata.xml 640 BLAKE2B 4ce4ae51dac409d3c717970c85af4af8a76be4dde1c5df1fd3bd0e2ef6226ac3bee01bea7e906cfffe9b62cee9c357bfde892d350ce5514c84e3c7def3df0082 SHA512 517bfb2880eb61dc3ce00fecfb7512d69166806a6e2b330e659681ef49f84d9445646105194ebf07b1d1f6a915e1e4a6696dbd01a987150fc7a631fb8f65ac98 diff --git a/www-apps/nextcloud/nextcloud-28.0.2.ebuild b/www-apps/nextcloud/nextcloud-28.0.2.ebuild index c4a46ad7ae66..4f716823001e 100644 --- a/www-apps/nextcloud/nextcloud-28.0.2.ebuild +++ b/www-apps/nextcloud/nextcloud-28.0.2.ebuild @@ -10,7 +10,7 @@ HOMEPAGE="https://nextcloud.com/" SRC_URI="https://download.nextcloud.com/server/releases/${P}.tar.bz2" LICENSE="AGPL-3" -KEYWORDS="~amd64 ~arm ~arm64 ~x86" +KEYWORDS="amd64 ~arm ~arm64 ~x86" IUSE="+curl +imagemagick mysql postgres +sqlite" REQUIRED_USE="|| ( mysql postgres sqlite )" diff --git a/www-apps/phpsysinfo/Manifest b/www-apps/phpsysinfo/Manifest index bf1e5c1fea64..94a6c6d5ff8b 100644 --- a/www-apps/phpsysinfo/Manifest +++ b/www-apps/phpsysinfo/Manifest @@ -1,3 +1,4 @@ +AUX phpsysinfo-3.4.3-cve-2023-49006.patch 1369 BLAKE2B c1bee3c483a957ed25fb2fc27da00a26fc7e1bb77add38ca3195461ff8daf549e0da2bb8762805b23f30b5854d79034458dd9b58a258a22b0c0e0b5bbbae00eb SHA512 1b1ec3c989f00a1dd93ba0076de120387f28696737031977f452a9952a232e0b587fd4d7ea146303e78e8a3ab0e9ce6f3b2e1c32375002500a2742a9b06d89fd DIST phpsysinfo-3.4.3.tar.gz 1101922 BLAKE2B b4800af1bb6995f898681d80c95c87d7120146078b1a0f24d65c0217b6c6ea1d9dc9e9a8c54d9e4c1f41988ed68e28f263093af1217caf76af48b001da912136 SHA512 d0c5f0d36da6fa85dd299c8550633055fecc15e16f0f9a57e6765691a0c766da9893fd2be539492fb45b482165b1215ca9950b50f7bddfa84294833c06de27f7 -EBUILD phpsysinfo-3.4.3.ebuild 1672 BLAKE2B 2fbedd61353be469e35cb2c0d9b43389d27c59f3a086b5ab1573ddbd9486f06ba00652e6c9ba0b84f347efbfca3d3c11c7db06a3fc45c10fab40ba746a7c4599 SHA512 d18ecd55d7bd361414f9318c7fced091b804070104b7838ac8cf975893d5c02a05602f84e972beb74a64f8e9b9cd7fee5bbff0562bf30f239b1ca3084253ccb0 +EBUILD phpsysinfo-3.4.3-r1.ebuild 1732 BLAKE2B 73929eed473154993c6572820c55ee36d8c8744c3c2830ca755db11daa771c52beeb804c6631d659526f700bc43332c57c084fcbfd0daabfd2a79ee65dd20fab SHA512 a5d033ad59bd23de80827c6cf5fdfb090b4421a63ca02b7e223261ba551a4b01b1996872dedeff9bd7dd0a765a91feb71740b46ae6bd247d2d2a6bb36874880c MISC metadata.xml 536 BLAKE2B eeccf1567ef7a9cd2e4eaa17499074b52555896492a20f8dd4f982f9f73f855437127647699d875e9d6b9e3814dd7171d737461991ec6f8ab477a41fa0eb1558 SHA512 6334f650900c7a2d9e5b8458418d7a39915e169001ed665fb2700be1236904996da040dc52f41cba180d6e916e2e852d8013f47c188247abf661ce00e435bfaf diff --git a/www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch b/www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch new file mode 100644 index 000000000000..6bed16996d20 --- /dev/null +++ b/www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch @@ -0,0 +1,44 @@ +From 4f2cee505e4f2e9b369a321063ff2c5e0c34ba45 Mon Sep 17 00:00:00 2001 +From: namiltd <namiltd@users.noreply.github.com> +Date: Wed, 24 May 2023 10:39:48 +0200 +Subject: [PATCH] Disable JSONP data mode by default for security reasons + +--- + phpsysinfo.ini.new | 7 +++++++ + read_config.php | 5 +++++ + 2 files changed, 12 insertions(+) + +diff --git a/phpsysinfo.ini.new b/phpsysinfo.ini.new +index f2c90f24..25b67c26 100644 +--- a/phpsysinfo.ini.new ++++ b/phpsysinfo.ini.new +@@ -47,6 +47,13 @@ ADD_PATHS=false + ; + ALLOWED=false + ++; Enable JSONP data mode (e.g. /phpsysinfo/xml.php?plugin=complete&jsonp&callback=getData) ++; Disabled by default for security reasons. ++; - false : JSONP data mode disabled ++; - true : JSONP data mode enabled ++; ++;JSONP=false ++ + ; List of sudo commands + ; Example : SUDO_COMMANDS="iptables-save" //execute "sudo iptables-save" instead "iptables-save" + ; SUDO_COMMANDS=false //no sudo commands +diff --git a/read_config.php b/read_config.php +index 17d0683a..53fbf38e 100644 +--- a/read_config.php ++++ b/read_config.php +@@ -89,6 +89,11 @@ + } + } + ++ if (isset($_GET['jsonp']) && (!defined('PSI_JSONP') || !PSI_JSONP)) { ++ echo "JSONP data mode not enabled in phpsysinfo.ini."; ++ die(); ++ } ++ + /* default error handler */ + if (function_exists('errorHandlerPsi')) { + restore_error_handler(); diff --git a/www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild b/www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild index bfc4f8956f79..9c6a04a29c14 100644 --- a/www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild +++ b/www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -16,6 +16,8 @@ RDEPEND=" virtual/httpd-php " +PATCHES=( "${FILESDIR}/${PN}-3.4.3-cve-2023-49006.patch" ) + need_httpd_cgi src_install() { |