rpms/php-Smarty/F-9 php-Smarty-2.6.20-security.patch, NONE, 1.1 php-Smarty.spec, 1.8, 1.9
Christopher Stone
xulchris at fedoraproject.org
Mon Nov 3 17:16:36 UTC 2008
Author: xulchris
Update of /cvs/pkgs/rpms/php-Smarty/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8439/F-9
Modified Files:
php-Smarty.spec
Added Files:
php-Smarty-2.6.20-security.patch
Log Message:
fix bz #469648
php-Smarty-2.6.20-security.patch:
--- NEW FILE php-Smarty-2.6.20-security.patch ---
--- libs/Smarty_Compiler.class.php~ 2008-11-03 08:26:21.000000000 -0800
+++ libs/Smarty_Compiler.class.php 2008-11-03 08:34:08.000000000 -0800
@@ -1696,6 +1696,8 @@
}
// replace double quoted literal string with single quotes
$_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
+ // escape dollar sign if not printing a var
+ $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
return $_return;
}
Index: php-Smarty.spec
===================================================================
RCS file: /cvs/pkgs/rpms/php-Smarty/F-9/php-Smarty.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- php-Smarty.spec 13 Oct 2008 19:16:08 -0000 1.8
+++ php-Smarty.spec 3 Nov 2008 17:16:06 -0000 1.9
@@ -1,16 +1,22 @@
Name: php-Smarty
Summary: Template/Presentation Framework for PHP
Version: 2.6.20
-Release: 1%{?dist}
+Release: 2%{?dist}
Source0: http://smarty.php.net/distributions/Smarty-%{version}.tar.gz
+Patch0: %{name}-2.6.20-security.patch
License: LGPLv2+
URL: http://smarty.php.net
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
+
+%if 0%{?rhel}
+Requires: php >= 5.1.6-3.5
+%else
Requires: php >= 5.2.0-9
+%endif
%description
Although Smarty is known as a "Template Engine", it would be more accurately
@@ -28,6 +34,9 @@
iconv -f iso8859-1 -t utf-8 NEWS > NEWS.conv && mv -f NEWS.conv NEWS
iconv -f iso8859-1 -t utf-8 ChangeLog > ChangeLog.conv && mv -f ChangeLog.conv ChangeLog
+# install security patch
+%patch0 -p0 -b .security~
+
%build
# empty build section, nothing required
@@ -58,6 +67,10 @@
%changelog
+* Mon Nov 02 2008 Christopher Stone <chris.stone at gmail.com> 2.6.20-2
+- Add security patch (bz #469648)
+- Add RHL dist tag conditional for Requires
+
* Mon Oct 13 2008 Christopher Stone <chris.stone at gmail.com> 2.6.20-1
- Upstream sync
More information about the fedora-extras-commits
mailing list