From f50d60b8eb707b56133e594376e993b98e726b5d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 10 Mar 2024 18:45:26 +0000 Subject: gentoo auto-resync : 10:03:2024 - 18:45:26 --- www-apps/phpsysinfo/Manifest | 3 +- .../files/phpsysinfo-3.4.3-cve-2023-49006.patch | 44 ++++++++++++++++++ www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild | 54 ++++++++++++++++++++++ www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild | 52 --------------------- 4 files changed, 100 insertions(+), 53 deletions(-) create mode 100644 www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch create mode 100644 www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild delete mode 100644 www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild (limited to 'www-apps/phpsysinfo') diff --git a/www-apps/phpsysinfo/Manifest b/www-apps/phpsysinfo/Manifest index bf1e5c1fea64..94a6c6d5ff8b 100644 --- a/www-apps/phpsysinfo/Manifest +++ b/www-apps/phpsysinfo/Manifest @@ -1,3 +1,4 @@ +AUX phpsysinfo-3.4.3-cve-2023-49006.patch 1369 BLAKE2B c1bee3c483a957ed25fb2fc27da00a26fc7e1bb77add38ca3195461ff8daf549e0da2bb8762805b23f30b5854d79034458dd9b58a258a22b0c0e0b5bbbae00eb SHA512 1b1ec3c989f00a1dd93ba0076de120387f28696737031977f452a9952a232e0b587fd4d7ea146303e78e8a3ab0e9ce6f3b2e1c32375002500a2742a9b06d89fd DIST phpsysinfo-3.4.3.tar.gz 1101922 BLAKE2B b4800af1bb6995f898681d80c95c87d7120146078b1a0f24d65c0217b6c6ea1d9dc9e9a8c54d9e4c1f41988ed68e28f263093af1217caf76af48b001da912136 SHA512 d0c5f0d36da6fa85dd299c8550633055fecc15e16f0f9a57e6765691a0c766da9893fd2be539492fb45b482165b1215ca9950b50f7bddfa84294833c06de27f7 -EBUILD phpsysinfo-3.4.3.ebuild 1672 BLAKE2B 2fbedd61353be469e35cb2c0d9b43389d27c59f3a086b5ab1573ddbd9486f06ba00652e6c9ba0b84f347efbfca3d3c11c7db06a3fc45c10fab40ba746a7c4599 SHA512 d18ecd55d7bd361414f9318c7fced091b804070104b7838ac8cf975893d5c02a05602f84e972beb74a64f8e9b9cd7fee5bbff0562bf30f239b1ca3084253ccb0 +EBUILD phpsysinfo-3.4.3-r1.ebuild 1732 BLAKE2B 73929eed473154993c6572820c55ee36d8c8744c3c2830ca755db11daa771c52beeb804c6631d659526f700bc43332c57c084fcbfd0daabfd2a79ee65dd20fab SHA512 a5d033ad59bd23de80827c6cf5fdfb090b4421a63ca02b7e223261ba551a4b01b1996872dedeff9bd7dd0a765a91feb71740b46ae6bd247d2d2a6bb36874880c MISC metadata.xml 536 BLAKE2B eeccf1567ef7a9cd2e4eaa17499074b52555896492a20f8dd4f982f9f73f855437127647699d875e9d6b9e3814dd7171d737461991ec6f8ab477a41fa0eb1558 SHA512 6334f650900c7a2d9e5b8458418d7a39915e169001ed665fb2700be1236904996da040dc52f41cba180d6e916e2e852d8013f47c188247abf661ce00e435bfaf diff --git a/www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch b/www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch new file mode 100644 index 000000000000..6bed16996d20 --- /dev/null +++ b/www-apps/phpsysinfo/files/phpsysinfo-3.4.3-cve-2023-49006.patch @@ -0,0 +1,44 @@ +From 4f2cee505e4f2e9b369a321063ff2c5e0c34ba45 Mon Sep 17 00:00:00 2001 +From: namiltd +Date: Wed, 24 May 2023 10:39:48 +0200 +Subject: [PATCH] Disable JSONP data mode by default for security reasons + +--- + phpsysinfo.ini.new | 7 +++++++ + read_config.php | 5 +++++ + 2 files changed, 12 insertions(+) + +diff --git a/phpsysinfo.ini.new b/phpsysinfo.ini.new +index f2c90f24..25b67c26 100644 +--- a/phpsysinfo.ini.new ++++ b/phpsysinfo.ini.new +@@ -47,6 +47,13 @@ ADD_PATHS=false + ; + ALLOWED=false + ++; Enable JSONP data mode (e.g. /phpsysinfo/xml.php?plugin=complete&jsonp&callback=getData) ++; Disabled by default for security reasons. ++; - false : JSONP data mode disabled ++; - true : JSONP data mode enabled ++; ++;JSONP=false ++ + ; List of sudo commands + ; Example : SUDO_COMMANDS="iptables-save" //execute "sudo iptables-save" instead "iptables-save" + ; SUDO_COMMANDS=false //no sudo commands +diff --git a/read_config.php b/read_config.php +index 17d0683a..53fbf38e 100644 +--- a/read_config.php ++++ b/read_config.php +@@ -89,6 +89,11 @@ + } + } + ++ if (isset($_GET['jsonp']) && (!defined('PSI_JSONP') || !PSI_JSONP)) { ++ echo "JSONP data mode not enabled in phpsysinfo.ini."; ++ die(); ++ } ++ + /* default error handler */ + if (function_exists('errorHandlerPsi')) { + restore_error_handler(); diff --git a/www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild b/www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild new file mode 100644 index 000000000000..9c6a04a29c14 --- /dev/null +++ b/www-apps/phpsysinfo/phpsysinfo-3.4.3-r1.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit optfeature webapp + +DESCRIPTION="A customizable PHP script that displays information about your system nicely" +HOMEPAGE="https://phpsysinfo.github.io/phpsysinfo/" +SRC_URI="https://github.com/rk4an/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +KEYWORDS="amd64 ~hppa ppc ppc64 x86" +RDEPEND=" + dev-lang/php[simplexml,xml,xsl(+),xslt(+),unicode] + virtual/httpd-php +" + +PATCHES=( "${FILESDIR}/${PN}-3.4.3-cve-2023-49006.patch" ) + +need_httpd_cgi + +src_install() { + webapp_src_preinst + + dodoc CHANGELOG.md README* + rm CHANGELOG.md COPYING README* .gitignore || die + + mv phpsysinfo.ini{.new,} || die + insinto "${MY_HTDOCSDIR}" + doins -r . + + webapp_configfile "${MY_HTDOCSDIR}"/phpsysinfo.ini + + webapp_src_install +} + +pkg_postinst() { + optfeature "showing disk temperatures." app-admin/hddtemp + optfeature "showing system uptime." app-misc/uptimed + optfeature "showing snmp statistics." net-analyzer/net-snmp + optfeature "showing iptables rules." net-firewall/iptables + optfeature "showing ipmi sensors." sys-apps/ipmitool + optfeature "showing ipmi sensors." sys-apps/ipmiutil + optfeature "showing system sensors." sys-apps/lm-sensors + optfeature "showing s.m.a.r.t. health." sys-apps/smartmontools + optfeature "showing lsi raid controller health." sys-block/megactl + optfeature "showing fake raid statistics." sys-fs/dmraid + optfeature "showing software raid statistics." sys-fs/mdadm + optfeature "showing quota information." sys-fs/quota + optfeature "showing ipmi sensors." sys-libs/freeipmi + optfeature "showing apc ups statistics." sys-power/apcupsd + optfeature "showing ups statistics." sys-power/nut +} diff --git a/www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild b/www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild deleted file mode 100644 index bfc4f8956f79..000000000000 --- a/www-apps/phpsysinfo/phpsysinfo-3.4.3.ebuild +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit optfeature webapp - -DESCRIPTION="A customizable PHP script that displays information about your system nicely" -HOMEPAGE="https://phpsysinfo.github.io/phpsysinfo/" -SRC_URI="https://github.com/rk4an/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2+" -KEYWORDS="amd64 ~hppa ppc ppc64 x86" -RDEPEND=" - dev-lang/php[simplexml,xml,xsl(+),xslt(+),unicode] - virtual/httpd-php -" - -need_httpd_cgi - -src_install() { - webapp_src_preinst - - dodoc CHANGELOG.md README* - rm CHANGELOG.md COPYING README* .gitignore || die - - mv phpsysinfo.ini{.new,} || die - insinto "${MY_HTDOCSDIR}" - doins -r . - - webapp_configfile "${MY_HTDOCSDIR}"/phpsysinfo.ini - - webapp_src_install -} - -pkg_postinst() { - optfeature "showing disk temperatures." app-admin/hddtemp - optfeature "showing system uptime." app-misc/uptimed - optfeature "showing snmp statistics." net-analyzer/net-snmp - optfeature "showing iptables rules." net-firewall/iptables - optfeature "showing ipmi sensors." sys-apps/ipmitool - optfeature "showing ipmi sensors." sys-apps/ipmiutil - optfeature "showing system sensors." sys-apps/lm-sensors - optfeature "showing s.m.a.r.t. health." sys-apps/smartmontools - optfeature "showing lsi raid controller health." sys-block/megactl - optfeature "showing fake raid statistics." sys-fs/dmraid - optfeature "showing software raid statistics." sys-fs/mdadm - optfeature "showing quota information." sys-fs/quota - optfeature "showing ipmi sensors." sys-libs/freeipmi - optfeature "showing apc ups statistics." sys-power/apcupsd - optfeature "showing ups statistics." sys-power/nut -} -- cgit v1.2.3