dev-php/twig: version bump to 1.40.1 (fixes CVE-2019-9942)

Closes: https://bugs.gentoo.org/681862
Signed-off-by: Dirkjan Ochtman <djc@gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.11

3 files changed, 104 insertions, 0 deletions

diff --git a/dev-php/twig/Manifest b/dev-php/twig/Manifest
index 22fa33348e9e..1650929d3b18 100644
--- a/dev-php/twig/Manifest
+++ b/dev-php/twig/Manifest
@@ -1,2 +1,3 @@
 DIST twig-1.31.0.tar.gz 242247 BLAKE2B f11195b235c5dd8cda5373394d94306c81810d46c155194cc11bfcb832778b03085bf05de10b636ebda9223876ab9b752214e8676c000578c702f6d9b832ffe1 SHA512 c8c25139b2568d40c9d1b14d8f489047abe13b1598c9d3292ddd3898a685ac69ede00a516c12c4f22805314fca4712991cd27e39dd9c4f57e5576f86e2746401
 DIST twig-1.35.3.tar.gz 256758 BLAKE2B e96f6651fddd2fab3a1d379a2996ded594942bcb511548d419a56e8e4cc6c6b30e6a0a96b44211351ce9b3d2f36cde6b1c85acd46e51d5c2e19793703fccecc4 SHA512 c27d4407b5ad0e51724599fe0371a5951e8a8654df443ca6ac817a9c6958c3235b4d56a396eeceb71eaf707887420a6beace10ca42f1c09882988039c932fe7b
+DIST twig-1.40.1.tar.gz 274081 BLAKE2B 0e73bd9fff58677446ba03ed560bff17c1879192b79cca9f718ccd330e1eac64ee1195d7034fa52ec009e323868d1cc1bedc182e90f0a77c8b54d6aa16022554 SHA512 de174e5dd14562a155515a3238aa07ef5a22c3bf0eff8ecc320f1a972e56f1ec759a53ee24579c6434e286b3775044e88c753fd08930037314b45c9577b310b1
diff --git a/dev-php/twig/files/1.40.1-autoloader-path.patch b/dev-php/twig/files/1.40.1-autoloader-path.patch
new file mode 100644
index 000000000000..8c236883e070
--- /dev/null
+++ b/dev-php/twig/files/1.40.1-autoloader-path.patch
@@ -0,0 +1,16 @@
+--- a/lib/Twig/Autoloader.php	2019-04-29 16:12:28.000000000 +0200
++++ b/lib/Twig/Autoloader.php.new	2019-05-06 21:37:39.955238245 +0200
+@@ -43,9 +43,11 @@
+             return;
+         }
+ 
+-        if (is_file($file = __DIR__.'/../'.str_replace(['_', "\0"], ['/', ''], $class).'.php')) {
++        if (is_file($file = __DIR__.'/../'.str_replace(['Twig_', "\0"], ['lib/', ''], $class).'.php')) {
+             require $file;
+-        } elseif (is_file($file = __DIR__.'/../../src/'.str_replace(['Twig\\', '\\', "\0"], ['', '/', ''], $class).'.php')) {
++        } elseif (is_file($file = __DIR__.'/../'.str_replace(['_', "\0"], ['/', ''], $class).'.php')) {
++            require $file;
++        } elseif (is_file($file = __DIR__.'/../src/'.str_replace(['Twig\\', '\\', "\0"], ['', '/', ''], $class).'.php')) {
+             require $file;
+         }
+     }
diff --git a/dev-php/twig/twig-1.40.1.ebuild b/dev-php/twig/twig-1.40.1.ebuild
new file mode 100644
index 000000000000..0903fb3e789b
--- /dev/null
+++ b/dev-php/twig/twig-1.40.1.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+MY_PN="Twig"
+USE_PHP="php5-6"
+S="${WORKDIR}/${MY_PN}-${PV}"
+PHP_EXT_S="${S}/ext/${PN}"
+PHP_EXT_NAME="${PN}"
+PHP_EXT_OPTIONAL_USE="extension"
+
+inherit eutils php-ext-source-r3
+
+DESCRIPTION="PHP templating engine with syntax similar to Django"
+HOMEPAGE="http://twig.sensiolabs.org/"
+SRC_URI="https://github.com/twigphp/${MY_PN}/archive/v${PV}.tar.gz
+	-> ${P}.tar.gz"
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="doc extension test"
+
+DEPEND="test? ( dev-php/phpunit )"
+
+# We always require *some* version of PHP; the eclass (conditionally)
+# requires *specific* versions.
+RDEPEND="dev-lang/php"
+
+src_prepare(){
+	# We need to call eapply_user ourselves, because it may be skipped
+	# if either the "extension" USE flag is not set, or if the user's
+	# PHP_TARGETS is essentially empty (does not contain "php5-6"). In
+	# the latter case, the eclass src_prepare does nothing. We only call
+	# the eclass phase conditionally because the correct version of
+	# e.g. "phpize" may not be there unless USE=extension is set.
+	epatch "${FILESDIR}/${PV}-autoloader-path.patch"
+	eapply_user
+	use extension && php-ext-source-r3_src_prepare
+}
+
+src_configure() {
+	# The eclass phase will try to run the ./configure script even if it
+	# doesn't exist (in contrast to the default src_configure), so we
+	# need to skip it if the eclass src_prepare (that creates said
+	# script) is not run.
+	use extension && php-ext-source-r3_src_configure
+}
+
+src_compile() {
+	# Avoids the same problem as in src_configure.
+	use extension && php-ext-source-r3_src_compile
+}
+
+src_install(){
+	use extension && php-ext-source-r3_src_install
+
+	cd "${S}" || die
+	# The autoloader requires the 'T' in "Twig" capitalized.
+	insinto "/usr/share/php/${MY_PN}/lib"
+	doins -r lib/"${MY_PN}"/*
+	insinto "/usr/share/php/${MY_PN}/src"
+	doins -r src/*
+	insinto "/usr/share/php/${MY_PN}"
+	dosym "lib/Autoloader.php" "/usr/share/php/${MY_PN}/Autoloader.php"
+
+	# The eclass src_install calls einstalldocs, so we may install a few
+	# files twice. Doing so should be harmless.
+	dodoc README.rst CHANGELOG
+
+	# This installs the reStructuredText source documents. There's got
+	# to be some way to turn them into HTML using Sphinx, but upstream
+	# doesn't provide for it.
+	use doc && dodoc -r doc
+}
+
+src_test(){
+	phpunit --bootstrap test/bootstrap.php || die "test suite failed"
+}
+
+pkg_postinst(){
+	elog "${PN} has been installed in /usr/share/php/${MY_PN}/."
+	elog "To use it in a script, require('${MY_PN}/Autoloader.php'),"
+	elog "and then run \"Twig_Autoloader::register();\". Most of"
+	elog "the examples in the documentation should work without"
+	elog "further modification."
+}