rpms/php-Smarty/F-8 php-Smarty-2.6.20-security.patch, NONE, 1.1 php-Smarty.spec, 1.8, 1.9

Mon Nov 3 17:16:36 UTC 2008

Author: xulchris

Update of /cvs/pkgs/rpms/php-Smarty/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8439/F-8

Modified Files:
	php-Smarty.spec 
Added Files:
	php-Smarty-2.6.20-security.patch 
Log Message:
fix bz #469648

php-Smarty-2.6.20-security.patch:

--- NEW FILE php-Smarty-2.6.20-security.patch ---
--- libs/Smarty_Compiler.class.php~	2008-11-03 08:26:21.000000000 -0800
+++ libs/Smarty_Compiler.class.php	2008-11-03 08:34:08.000000000 -0800
@@ -1696,6 +1696,8 @@
         }
         // replace double quoted literal string with single quotes
         $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
+        // escape dollar sign if not printing a var
+        $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
         return $_return;
     }
 


Index: php-Smarty.spec
===================================================================
RCS file: /cvs/pkgs/rpms/php-Smarty/F-8/php-Smarty.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- php-Smarty.spec	13 Oct 2008 19:16:07 -0000	1.8
+++ php-Smarty.spec	3 Nov 2008 17:16:06 -0000	1.9
@@ -1,16 +1,22 @@
 Name:           php-Smarty
 Summary:        Template/Presentation Framework for PHP
 Version:        2.6.20
-Release:        1%{?dist}
+Release:        2%{?dist}
 
 Source0:        http://smarty.php.net/distributions/Smarty-%{version}.tar.gz
+Patch0:         %{name}-2.6.20-security.patch
 License:        LGPLv2+
 URL:            http://smarty.php.net
 Group:          Development/Libraries
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
+
+%if 0%{?rhel}
+Requires:       php >= 5.1.6-3.5
+%else
 Requires:       php >= 5.2.0-9
+%endif
 
 %description
 Although Smarty is known as a "Template Engine", it would be more accurately
@@ -28,6 +34,9 @@
 iconv -f iso8859-1 -t utf-8 NEWS > NEWS.conv && mv -f NEWS.conv NEWS
 iconv -f iso8859-1 -t utf-8 ChangeLog > ChangeLog.conv && mv -f ChangeLog.conv ChangeLog
 
+# install security patch
+%patch0 -p0 -b .security~
+
 
 %build
 # empty build section, nothing required
@@ -58,6 +67,10 @@
 
 
 %changelog
+* Mon Nov 02 2008 Christopher Stone <chris.stone at gmail.com> 2.6.20-2
+- Add security patch (bz #469648)
+- Add RHL dist tag conditional for Requires
+
 * Mon Oct 13 2008 Christopher Stone <chris.stone at gmail.com> 2.6.20-1
 - Upstream sync
 


