From 1b71d712064b76fd4b04d184948528528479b242 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 6 May 2019 21:46:15 +0200 Subject: [PATCH] dev-php/twig: version bump to 1.40.1 (fixes CVE-2019-9942) Closes: https://bugs.gentoo.org/681862 Signed-off-by: Dirkjan Ochtman Package-Manager: Portage-2.3.62, Repoman-2.3.11 --- dev-php/twig/Manifest | 1 + .../twig/files/1.40.1-autoloader-path.patch | 16 ++++ dev-php/twig/twig-1.40.1.ebuild | 87 +++++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 dev-php/twig/files/1.40.1-autoloader-path.patch create mode 100644 dev-php/twig/twig-1.40.1.ebuild diff --git a/dev-php/twig/Manifest b/dev-php/twig/Manifest index 22fa33348e9e..1650929d3b18 100644 --- a/dev-php/twig/Manifest +++ b/dev-php/twig/Manifest @@ -1,2 +1,3 @@ DIST twig-1.31.0.tar.gz 242247 BLAKE2B f11195b235c5dd8cda5373394d94306c81810d46c155194cc11bfcb832778b03085bf05de10b636ebda9223876ab9b752214e8676c000578c702f6d9b832ffe1 SHA512 c8c25139b2568d40c9d1b14d8f489047abe13b1598c9d3292ddd3898a685ac69ede00a516c12c4f22805314fca4712991cd27e39dd9c4f57e5576f86e2746401 DIST twig-1.35.3.tar.gz 256758 BLAKE2B e96f6651fddd2fab3a1d379a2996ded594942bcb511548d419a56e8e4cc6c6b30e6a0a96b44211351ce9b3d2f36cde6b1c85acd46e51d5c2e19793703fccecc4 SHA512 c27d4407b5ad0e51724599fe0371a5951e8a8654df443ca6ac817a9c6958c3235b4d56a396eeceb71eaf707887420a6beace10ca42f1c09882988039c932fe7b +DIST twig-1.40.1.tar.gz 274081 BLAKE2B 0e73bd9fff58677446ba03ed560bff17c1879192b79cca9f718ccd330e1eac64ee1195d7034fa52ec009e323868d1cc1bedc182e90f0a77c8b54d6aa16022554 SHA512 de174e5dd14562a155515a3238aa07ef5a22c3bf0eff8ecc320f1a972e56f1ec759a53ee24579c6434e286b3775044e88c753fd08930037314b45c9577b310b1 diff --git a/dev-php/twig/files/1.40.1-autoloader-path.patch b/dev-php/twig/files/1.40.1-autoloader-path.patch new file mode 100644 index 000000000000..8c236883e070 --- /dev/null +++ b/dev-php/twig/files/1.40.1-autoloader-path.patch @@ -0,0 +1,16 @@ +--- a/lib/Twig/Autoloader.php 2019-04-29 16:12:28.000000000 +0200 ++++ b/lib/Twig/Autoloader.php.new 2019-05-06 21:37:39.955238245 +0200 +@@ -43,9 +43,11 @@ + return; + } + +- if (is_file($file = __DIR__.'/../'.str_replace(['_', "\0"], ['/', ''], $class).'.php')) { ++ if (is_file($file = __DIR__.'/../'.str_replace(['Twig_', "\0"], ['lib/', ''], $class).'.php')) { + require $file; +- } elseif (is_file($file = __DIR__.'/../../src/'.str_replace(['Twig\\', '\\', "\0"], ['', '/', ''], $class).'.php')) { ++ } elseif (is_file($file = __DIR__.'/../'.str_replace(['_', "\0"], ['/', ''], $class).'.php')) { ++ require $file; ++ } elseif (is_file($file = __DIR__.'/../src/'.str_replace(['Twig\\', '\\', "\0"], ['', '/', ''], $class).'.php')) { + require $file; + } + } diff --git a/dev-php/twig/twig-1.40.1.ebuild b/dev-php/twig/twig-1.40.1.ebuild new file mode 100644 index 000000000000..0903fb3e789b --- /dev/null +++ b/dev-php/twig/twig-1.40.1.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +MY_PN="Twig" +USE_PHP="php5-6" +S="${WORKDIR}/${MY_PN}-${PV}" +PHP_EXT_S="${S}/ext/${PN}" +PHP_EXT_NAME="${PN}" +PHP_EXT_OPTIONAL_USE="extension" + +inherit eutils php-ext-source-r3 + +DESCRIPTION="PHP templating engine with syntax similar to Django" +HOMEPAGE="http://twig.sensiolabs.org/" +SRC_URI="https://github.com/twigphp/${MY_PN}/archive/v${PV}.tar.gz + -> ${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="doc extension test" + +DEPEND="test? ( dev-php/phpunit )" + +# We always require *some* version of PHP; the eclass (conditionally) +# requires *specific* versions. +RDEPEND="dev-lang/php" + +src_prepare(){ + # We need to call eapply_user ourselves, because it may be skipped + # if either the "extension" USE flag is not set, or if the user's + # PHP_TARGETS is essentially empty (does not contain "php5-6"). In + # the latter case, the eclass src_prepare does nothing. We only call + # the eclass phase conditionally because the correct version of + # e.g. "phpize" may not be there unless USE=extension is set. + epatch "${FILESDIR}/${PV}-autoloader-path.patch" + eapply_user + use extension && php-ext-source-r3_src_prepare +} + +src_configure() { + # The eclass phase will try to run the ./configure script even if it + # doesn't exist (in contrast to the default src_configure), so we + # need to skip it if the eclass src_prepare (that creates said + # script) is not run. + use extension && php-ext-source-r3_src_configure +} + +src_compile() { + # Avoids the same problem as in src_configure. + use extension && php-ext-source-r3_src_compile +} + +src_install(){ + use extension && php-ext-source-r3_src_install + + cd "${S}" || die + # The autoloader requires the 'T' in "Twig" capitalized. + insinto "/usr/share/php/${MY_PN}/lib" + doins -r lib/"${MY_PN}"/* + insinto "/usr/share/php/${MY_PN}/src" + doins -r src/* + insinto "/usr/share/php/${MY_PN}" + dosym "lib/Autoloader.php" "/usr/share/php/${MY_PN}/Autoloader.php" + + # The eclass src_install calls einstalldocs, so we may install a few + # files twice. Doing so should be harmless. + dodoc README.rst CHANGELOG + + # This installs the reStructuredText source documents. There's got + # to be some way to turn them into HTML using Sphinx, but upstream + # doesn't provide for it. + use doc && dodoc -r doc +} + +src_test(){ + phpunit --bootstrap test/bootstrap.php || die "test suite failed" +} + +pkg_postinst(){ + elog "${PN} has been installed in /usr/share/php/${MY_PN}/." + elog "To use it in a script, require('${MY_PN}/Autoloader.php')," + elog "and then run \"Twig_Autoloader::register();\". Most of" + elog "the examples in the documentation should work without" + elog "further modification." +} -- 2.26.2