From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Dec 7 03:10:11 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F450106566B for ; Tue, 7 Dec 2010 03:10:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BDC5F8FC14 for ; Tue, 7 Dec 2010 03:10:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oB73AA8h065203 for ; Tue, 7 Dec 2010 03:10:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oB73AAoD065202; Tue, 7 Dec 2010 03:10:10 GMT (envelope-from gnats) Resent-Date: Tue, 7 Dec 2010 03:10:10 GMT Resent-Message-Id: <201012070310.oB73AAoD065202@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Bo-Yi Wu Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE0C4106564A for ; Tue, 7 Dec 2010 03:09:20 +0000 (UTC) (envelope-from appleboy@freebsd.ee.ccu.edu.tw) Received: from freebsd.ee.ccu.edu.tw (freebsd.ee.ccu.edu.tw [140.123.107.202]) by mx1.freebsd.org (Postfix) with ESMTP id 14D638FC1C for ; Tue, 7 Dec 2010 03:09:19 +0000 (UTC) Received: from freebsd.ee.ccu.edu.tw (localhost [127.0.0.1]) by freebsd.ee.ccu.edu.tw (8.14.3/8.14.3) with ESMTP id oB739ChV008607; Tue, 7 Dec 2010 11:09:12 +0800 (CST) (envelope-from appleboy@freebsd.ee.ccu.edu.tw) Received: (from root@localhost) by freebsd.ee.ccu.edu.tw (8.14.3/8.14.3/Submit) id oB739CXF008606; Tue, 7 Dec 2010 11:09:12 +0800 (CST) (envelope-from appleboy) Message-Id: <201012070309.oB739CXF008606@freebsd.ee.ccu.edu.tw> Date: Tue, 7 Dec 2010 11:09:12 +0800 (CST) From: Bo-Yi Wu To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: glarkin@FreeBSD.org Subject: ports/152878: [PATCH] www/codeigniter: update to 1.7.3 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bo-Yi Wu List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Dec 2010 03:10:11 -0000 >Number: 152878 >Category: ports >Synopsis: [PATCH] www/codeigniter: update to 1.7.3 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Dec 07 03:10:10 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Bo-Yi Wu >Release: FreeBSD 7.1-RELEASE-p13 i386 >Organization: >Environment: System: FreeBSD freebsd.ee.ccu.edu.tw 7.1-RELEASE-p13 FreeBSD 7.1-RELEASE-p13 #0: Mon Jul 12 17:44:51 UTC 2010 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: Version 1.7.3 is a security maintenance release, including a previously patched file Upload class, and a new security fix to prevent possible directory traversal in certain circumstances. There are no other significant changes. Remove patched file Upload class. >How-To-Repeat: >Fix: --- codeigniter.patch begins here --- diff -ruN /usr/ports/www/codeigniter/Makefile codeigniter/Makefile --- /usr/ports/www/codeigniter/Makefile 2010-11-29 16:47:03.000000000 +0800 +++ codeigniter/Makefile 2010-12-07 10:50:22.000000000 +0800 @@ -6,8 +6,7 @@ # PORTNAME= codeigniter -PORTVERSION= 1.7.2 -PORTREVISION= 1 +PORTVERSION= 1.7.3 CATEGORIES= www MASTER_SITES= http://codeigniter.com/download_files/ \ LOCAL/glarkin @@ -149,9 +148,6 @@ @${ECHO_MSG} "http://codeigniter.com/user_guide/installation/index.html" @${ECHO_MSG} "" -post-patch: - @cd ${WRKSRC} && ${RM} system/libraries/Upload.php.orig - do-install: @cd ${WRKSRC} && ${COPYTREE_SHARE} "${STD_BITS}" ${WWWDIR} @for i in ${CI_CONF_FILES}; do \ diff -ruN /usr/ports/www/codeigniter/distinfo codeigniter/distinfo --- /usr/ports/www/codeigniter/distinfo 2010-11-29 16:47:03.000000000 +0800 +++ codeigniter/distinfo 2010-12-07 10:30:51.000000000 +0800 @@ -1,3 +1,2 @@ -MD5 (CodeIgniter_1.7.2.zip) = 3ce815c3ee66933d926bb51428371a38 -SHA256 (CodeIgniter_1.7.2.zip) = bb870c1cc7297634fe44b81c5c40023c5175a3c2365da9b18a371274c09b1512 -SIZE (CodeIgniter_1.7.2.zip) = 2227891 +SHA256 (CodeIgniter_1.7.3.zip) = 246fe096959cee0b28afb9fa0914a7521ed66f245ca2fe3c07aabc10ba2b0fdf +SIZE (CodeIgniter_1.7.3.zip) = 2234093 diff -ruN /usr/ports/www/codeigniter/files/patch-system__libraries__Upload.php codeigniter/files/patch-system__libraries__Upload.php --- /usr/ports/www/codeigniter/files/patch-system__libraries__Upload.php 2010-07-22 06:26:46.000000000 +0800 +++ codeigniter/files/patch-system__libraries__Upload.php 1970-01-01 08:00:00.000000000 +0800 @@ -1,245 +0,0 @@ ---- ./system/libraries/Upload.php.orig 2009-04-22 10:15:09.000000000 -0400 -+++ ./system/libraries/Upload.php 2010-07-12 09:16:30.000000000 -0400 -@@ -6,7 +6,7 @@ - * - * @package CodeIgniter - * @author ExpressionEngine Dev Team -- * @copyright Copyright (c) 2008 - 2009, EllisLab, Inc. -+ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html - * @link http://codeigniter.com - * @since Version 1.0 -@@ -26,31 +26,33 @@ - */ - class CI_Upload { - -- var $max_size = 0; -- var $max_width = 0; -- var $max_height = 0; -- var $max_filename = 0; -- var $allowed_types = ""; -- var $file_temp = ""; -- var $file_name = ""; -- var $orig_name = ""; -- var $file_type = ""; -- var $file_size = ""; -- var $file_ext = ""; -- var $upload_path = ""; -- var $overwrite = FALSE; -- var $encrypt_name = FALSE; -- var $is_image = FALSE; -- var $image_width = ''; -- var $image_height = ''; -- var $image_type = ''; -- var $image_size_str = ''; -- var $error_msg = array(); -- var $mimes = array(); -- var $remove_spaces = TRUE; -- var $xss_clean = FALSE; -- var $temp_prefix = "temp_file_"; -- -+ var $max_size = 0; -+ var $max_width = 0; -+ var $max_height = 0; -+ var $max_filename = 0; -+ var $allowed_types = ""; -+ var $file_temp = ""; -+ var $file_name = ""; -+ var $orig_name = ""; -+ var $file_type = ""; -+ var $file_size = ""; -+ var $file_ext = ""; -+ var $upload_path = ""; -+ var $overwrite = FALSE; -+ var $encrypt_name = FALSE; -+ var $is_image = FALSE; -+ var $image_width = ''; -+ var $image_height = ''; -+ var $image_type = ''; -+ var $image_size_str = ''; -+ var $error_msg = array(); -+ var $mimes = array(); -+ var $remove_spaces = TRUE; -+ var $xss_clean = FALSE; -+ var $temp_prefix = "temp_file_"; -+ var $client_name = ''; -+ -+ var $_file_name_override = ''; - /** - * Constructor - * -@@ -101,7 +103,8 @@ - 'mimes' => array(), - 'remove_spaces' => TRUE, - 'xss_clean' => FALSE, -- 'temp_prefix' => "temp_file_" -+ 'temp_prefix' => "temp_file_", -+ 'client_name' => '' - ); - - -@@ -124,6 +127,10 @@ - $this->$key = $val; - } - } -+ -+ // if a file_name was provided in the config, use it instead of the user input -+ // supplied file name for all uploads until initialized again -+ $this->_file_name_override = $this->file_name; - } - - // -------------------------------------------------------------------- -@@ -187,17 +194,12 @@ - - // Set the uploaded data as class variables - $this->file_temp = $_FILES[$field]['tmp_name']; -- $this->file_name = $this->_prep_filename($_FILES[$field]['name']); -- $this->file_size = $_FILES[$field]['size']; -+ $this->file_size = $_FILES[$field]['size']; - $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); -- $this->file_type = strtolower($this->file_type); -- $this->file_ext = $this->get_extension($_FILES[$field]['name']); -- -- // Convert the file size to kilobytes -- if ($this->file_size > 0) -- { -- $this->file_size = round($this->file_size/1024, 2); -- } -+ $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); -+ $this->file_name = $this->_prep_filename($_FILES[$field]['name']); -+ $this->file_ext = $this->get_extension($this->file_name); -+ $this->client_name = $this->file_name; - - // Is the file type allowed to be uploaded? - if ( ! $this->is_allowed_filetype()) -@@ -205,6 +207,25 @@ - $this->set_error('upload_invalid_filetype'); - return FALSE; - } -+ -+ // if we're overriding, let's now make sure the new name and type is allowed -+ if ($this->_file_name_override != '') -+ { -+ $this->file_name = $this->_prep_filename($this->_file_name_override); -+ $this->file_ext = $this->get_extension($this->file_name); -+ -+ if ( ! $this->is_allowed_filetype(TRUE)) -+ { -+ $this->set_error('upload_invalid_filetype'); -+ return FALSE; -+ } -+ } -+ -+ // Convert the file size to kilobytes -+ if ($this->file_size > 0) -+ { -+ $this->file_size = round($this->file_size/1024, 2); -+ } - - // Is the file size within the allowed maximum? - if ( ! $this->is_allowed_filesize()) -@@ -312,6 +333,7 @@ - 'full_path' => $this->upload_path.$this->file_name, - 'raw_name' => str_replace($this->file_ext, '', $this->file_name), - 'orig_name' => $this->orig_name, -+ 'client_name' => $this->client_name, - 'file_ext' => $this->file_ext, - 'file_size' => $this->file_size, - 'is_image' => $this->is_image(), -@@ -549,43 +571,49 @@ - * @access public - * @return bool - */ -- function is_allowed_filetype() -+ function is_allowed_filetype($ignore_mime = FALSE) - { - if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) - { - $this->set_error('upload_no_file_types'); - return FALSE; - } -+ -+ $ext = strtolower(ltrim($this->file_ext, '.')); -+ -+ if ( ! in_array($ext, $this->allowed_types)) -+ { -+ return FALSE; -+ } - -+ // Images get some additional checks - $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); - -- foreach ($this->allowed_types as $val) -+ if (in_array($ext, $image_types)) - { -- $mime = $this->mimes_types(strtolower($val)); -- -- // Images get some additional checks -- if (in_array($val, $image_types)) -+ if (getimagesize($this->file_temp) === FALSE) - { -- if (getimagesize($this->file_temp) === FALSE) -- { -- return FALSE; -- } -- } -+ return FALSE; -+ } -+ } - -- if (is_array($mime)) -- { -- if (in_array($this->file_type, $mime, TRUE)) -- { -- return TRUE; -- } -- } -- else -+ if ($ignore_mime === TRUE) -+ { -+ return TRUE; -+ } -+ -+ $mime = $this->mimes_types($ext); -+ -+ if (is_array($mime)) -+ { -+ if (in_array($this->file_type, $mime, TRUE)) - { -- if ($mime == $this->file_type) -- { -- return TRUE; -- } -- } -+ return TRUE; -+ } -+ } -+ elseif ($mime == $this->file_type) -+ { -+ return TRUE; - } - - return FALSE; -@@ -918,7 +946,7 @@ - - foreach ($parts as $part) - { -- if ($this->mimes_types(strtolower($part)) === FALSE) -+ if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE) - { - $filename .= '.'.$part.'_'; - } -@@ -928,13 +956,6 @@ - } - } - -- // file name override, since the exact name is provided, no need to -- // run it through a $this->mimes check. -- if ($this->file_name != '') -- { -- $filename = $this->file_name; -- } -- - $filename .= '.'.$ext; - - return $filename; diff -ruN /usr/ports/www/codeigniter/pkg-plist codeigniter/pkg-plist --- /usr/ports/www/codeigniter/pkg-plist 2010-11-29 16:47:03.000000000 +0800 +++ codeigniter/pkg-plist 2010-12-07 10:47:13.000000000 +0800 @@ -75,8 +75,11 @@ %%PORTDOCS%%%%DOCSDIR%%/images/codeigniter_1.7.1_library_reference.png %%PORTDOCS%%%%DOCSDIR%%/images/file.gif %%PORTDOCS%%%%DOCSDIR%%/images/folder.gif +%%PORTDOCS%%%%DOCSDIR%%/images/nav_bg.jpg %%PORTDOCS%%%%DOCSDIR%%/images/nav_bg_darker.jpg +%%PORTDOCS%%%%DOCSDIR%%/images/nav_separator.jpg %%PORTDOCS%%%%DOCSDIR%%/images/nav_separator_darker.jpg +%%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle.jpg %%PORTDOCS%%%%DOCSDIR%%/images/nav_toggle_darker.jpg %%PORTDOCS%%%%DOCSDIR%%/images/smile.gif %%PORTDOCS%%%%DOCSDIR%%/images/transparent.gif @@ -102,6 +105,7 @@ %%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_170.html %%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_171.html %%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_172.html +%%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_173.html %%PORTDOCS%%%%DOCSDIR%%/installation/upgrade_b11.html %%PORTDOCS%%%%DOCSDIR%%/installation/upgrading.html %%PORTDOCS%%%%DOCSDIR%%/libraries/benchmark.html @@ -295,7 +299,6 @@ %%WWWDIR%%/system/libraries/Ftp.php %%WWWDIR%%/system/libraries/Hooks.php %%WWWDIR%%/system/libraries/Image_lib.php -%%WWWDIR%%/system/libraries/index.html %%WWWDIR%%/system/libraries/Input.php %%WWWDIR%%/system/libraries/Language.php %%WWWDIR%%/system/libraries/Loader.php @@ -311,23 +314,24 @@ %%WWWDIR%%/system/libraries/Table.php %%WWWDIR%%/system/libraries/Trackback.php %%WWWDIR%%/system/libraries/Typography.php +%%WWWDIR%%/system/libraries/URI.php %%WWWDIR%%/system/libraries/Unit_test.php %%WWWDIR%%/system/libraries/Upload.php -%%WWWDIR%%/system/libraries/URI.php %%WWWDIR%%/system/libraries/User_agent.php %%WWWDIR%%/system/libraries/Validation.php %%WWWDIR%%/system/libraries/Xmlrpc.php %%WWWDIR%%/system/libraries/Xmlrpcs.php %%WWWDIR%%/system/libraries/Zip.php +%%WWWDIR%%/system/libraries/index.html %%WWWDIR%%/system/logs/index.html %%WWWDIR%%/system/plugins/captcha_pi.php %%WWWDIR%%/system/plugins/index.html %%WWWDIR%%/system/plugins/js_calendar_pi.php +%%WWWDIR%%/system/scaffolding/Scaffolding.php %%WWWDIR%%/system/scaffolding/images/background.jpg %%WWWDIR%%/system/scaffolding/images/index.html %%WWWDIR%%/system/scaffolding/images/logo.jpg %%WWWDIR%%/system/scaffolding/index.html -%%WWWDIR%%/system/scaffolding/Scaffolding.php %%WWWDIR%%/system/scaffolding/views/add.php %%WWWDIR%%/system/scaffolding/views/delete.php %%WWWDIR%%/system/scaffolding/views/edit.php --- codeigniter.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: