diff --git a/www/sogo/Makefile b/www/sogo/Makefile index 48930c9add8..c7c90422d4f 100644 --- a/www/sogo/Makefile +++ b/www/sogo/Makefile @@ -1,11 +1,11 @@ -# $OpenBSD: Makefile,v 1.12 2011/06/02 13:41:41 ajacoutot Exp $ +# $OpenBSD: Makefile,v 1.13 2011/06/07 11:29:55 sebastia Exp $ COMMENT = web based groupware server VERSION = 1.3.7 DISTNAME = SOGo-${VERSION}a PKGNAME = sogo-${VERSION}.0 -REVISION = 0 +REVISION = 1 SHLIB_VERSION = 1.0 .for _lib in GDLContentStore NGCards OGoContentStore \ @@ -33,7 +33,7 @@ WANTLIB += NGMime NGObjWeb NGStreams SaxObjC WEExtensions WANTLIB += objc gnustep-base LIB_DEPENDS += devel/libmemcached \ - www/sope=${VERSION} + www/sope RUN_DEPENDS += sope-postgres-*|sope-mysql-*:www/sope,-postgres \ archivers/zip diff --git a/www/sogo/patches/patch-SOPE_GDLContentStore_GCSFolderManager_m b/www/sogo/patches/patch-SOPE_GDLContentStore_GCSFolderManager_m new file mode 100644 index 00000000000..b82a33fe5ab --- /dev/null +++ b/www/sogo/patches/patch-SOPE_GDLContentStore_GCSFolderManager_m @@ -0,0 +1,21 @@ +$OpenBSD: patch-SOPE_GDLContentStore_GCSFolderManager_m,v 1.1 2011/06/07 11:29:55 sebastia Exp $ + +stringByDeletingLastPathComponent must not be used with URLs as it +replaces doubles slashes with a single slash, e.g. "mysql://" with +"mysql:/". + +--- SOPE/GDLContentStore/GCSFolderManager.m.orig Fri May 6 17:57:44 2011 ++++ SOPE/GDLContentStore/GCSFolderManager.m Tue May 31 08:43:12 2011 +@@ -748,8 +748,10 @@ static NSCharacterSet *asciiAlphaNumericCS = nil; + aclTableName = [tableName stringByAppendingString: @"_acl"]; + + // TBD: fix SQL injection issues +- baseURL +- = [[folderInfoLocation absoluteString] stringByDeletingLastPathComponent]; ++ baseURL = [folderInfoLocation absoluteString]; ++ NSRange range = [baseURL rangeOfString: @"/" options: NSBackwardsSearch]; ++ if (range.location != NSNotFound) ++ baseURL = [baseURL substringToIndex: range.location]; + + sql = [NSString stringWithFormat: @"INSERT INTO %@" + @" (c_path, c_path1, c_path2, c_path3, c_path4,"