Date: Wed, 6 Jul 2005 16:59:46 +0800 (CST) From: chinsan <chinsan.tw@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/83052: [UPDATE] www/phpmyfaq: upgrade to 1.4.9 & fix xmlrpc security issue Message-ID: <20050706085946.E1E567301F@chinsan.twbbs.org> Resent-Message-ID: <200507060900.j6690YIw042732@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 83052 >Category: ports >Synopsis: [UPDATE] www/phpmyfaq: upgrade to 1.4.9 & fix xmlrpc security issue >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Jul 06 09:00:33 GMT 2005 >Closed-Date: >Last-Modified: >Originator: chinsan >Release: FreeBSD 5.3-RELEASE i386 >Organization: FreeBSD Taiwan >Environment: System: FreeBSD chinsan.twbbs.org 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: - upgrade to 1.4.9 to fix xmlrpc security issue Ref: http://www.phpmyfaq.de/advisory_2005-06-29.php - take maintainer ship Thanks. :) >How-To-Repeat: Ref: Security Alert: CAN-2005-1921. http://www.phpmyfaq.de/advisory_2005-06-29.php >Fix: --- phpmyfaq.patch begins here --- diff -ruN phpmyfaq.orig/Makefile phpmyfaq/Makefile --- phpmyfaq.orig/Makefile Wed Apr 27 20:06:59 2005 +++ phpmyfaq/Makefile Wed Jul 6 16:14:02 2005 @@ -6,64 +6,69 @@ # PORTNAME= phpmyfaq -PORTVERSION= 1.4.8 -PORTREVISION= 1 +PORTVERSION= 1.4.9 CATEGORIES= www MASTER_SITES= http://www.phpmyfaq.de/download/ DISTNAME= ${PORTNAME}.${PORTVERSION}.full EXTRACT_SUFX= .zip -MAINTAINER= ports@FreeBSD.org +MAINTAINER= chinsan.tw@gmail.com COMMENT= A multilingual, completely database-driven FAQ-system -WRKSRC= ${WRKDIR}/${PORTNAME}.${PORTVERSION}.full/${PORTNAME}.${PORTVERSION} +WRKSRC= ${WRKDIR}/${PORTNAME}.${PORTVERSION} USE_ZIP= YES -USE_PHP= mysql pcre session +USE_PHP= mysql pcre pear pdf session xml xmlrpc zlib PHP4_PORT?= www/mod_php4 NO_BUILD= YES WANT_PHP_WEB= YES +pre-fetch: +.if !defined(PHPMYFAQ_DIR) + @${ECHO_MSG} "" + @${ECHO_MSG} "Define PHPMYFAQ_DIR to override default of '${PHPMYFAQ_DIR}'." + @${ECHO_MSG} "" +.endif + WWWDOCROOT?= www/data -PHPMYFAQURL?= faq +PHPMYFAQ_URL?= faq WWWOWN?= www WWWGRP?= www - -PHPMYFAQDIR?= ${WWWDOCROOT}/${PHPMYFAQURL} +PHPMYFAQ_DIR?= ${WWWDOCROOT}/${PHPMYFAQ_URL} PLIST= ${WRKDIR}/pkg-plist .include <bsd.port.pre.mk> pre-install: cd ${WRKSRC} && ${FIND} -s . -type f | \ - ${SED} -e 's|^./||;s|^|${PHPMYFAQDIR}/|' > ${PLIST} \ + ${SED} -e 's|^./||;s|^|${PHPMYFAQ_DIR}/|' > ${PLIST} \ && ${FIND} -d * -type d | \ - ${SED} -e 's|^|@dirrm ${PHPMYFAQDIR}/|' >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQDIR}/attachments/ >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQDIR}/data/ >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQDIR}/pdf/ >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQDIR} >> ${PLIST} + ${SED} -e 's|^|@dirrm ${PHPMYFAQ_DIR}/|' >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/attachments/ >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/data/ >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/pdf/ >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR} >> ${PLIST} do-install: # Data files - -${MKDIR} ${PREFIX}/${PHPMYFAQDIR} - @${CHMOD} 755 ${PREFIX}/${PHPMYFAQDIR} - @${CP} -R ${WRKSRC}/ ${PREFIX}/${PHPMYFAQDIR} - @${MKDIR} ${PREFIX}/${PHPMYFAQDIR}/attachments/ - @${MKDIR} ${PREFIX}/${PHPMYFAQDIR}/data/ - @${MKDIR} ${PREFIX}/${PHPMYFAQDIR}/pdf/ + -${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR} + @${CHMOD} 755 ${PREFIX}/${PHPMYFAQ_DIR} + @${CP} -R ${WRKSRC}/ ${PREFIX}/${PHPMYFAQ_DIR} + @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/attachments/ + @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/data/ + @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/pdf/ # set the correct permissions - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQDIR}/inc/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQDIR}/attachments/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQDIR}/data/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQDIR}/images/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQDIR}/pdf/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQDIR}/xml/ - @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/${PHPMYFAQDIR} + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/inc/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/attachments/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/data/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/images/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/pdf/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/xml/ + @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/${PHPMYFAQ_DIR} post-install: @${SED} \ - -e 's|%%PHPMYFAQURL%%|${PHPMYFAQURL}|' \ - -e 's|%%PHPMYFAQDIR%%|${PREFIX}/${PHPMYFAQDIR}|' ${PKGMESSAGE} + -e 's|%%PHPMYFAQ_URL%%|${PHPMYFAQ_URL}|' \ + -e 's|%%PHPMYFAQ_DIR%%|${PREFIX}/${PHPMYFAQ_DIR}|' ${PKGMESSAGE} .include <bsd.port.post.mk> diff -ruN phpmyfaq.orig/distinfo phpmyfaq/distinfo --- phpmyfaq.orig/distinfo Fri Apr 22 12:06:12 2005 +++ phpmyfaq/distinfo Wed Jul 6 15:59:13 2005 @@ -1,2 +1,2 @@ -MD5 (phpmyfaq.1.4.8.full.zip) = 8bedaf800505a784de24de9b70acdcd7 -SIZE (phpmyfaq.1.4.8.full.zip) = 737145 +MD5 (phpmyfaq.1.4.9.full.zip) = 1d383a35f2df8b9d7edd2359ca738694 +SIZE (phpmyfaq.1.4.9.full.zip) = 730758 diff -ruN phpmyfaq.orig/pkg-message phpmyfaq/pkg-message --- phpmyfaq.orig/pkg-message Wed Apr 27 20:06:59 2005 +++ phpmyfaq/pkg-message Wed Jul 6 16:06:43 2005 @@ -7,8 +7,8 @@ database access method. To configure phpMyFAQ point your browser to - http://localhost/%%PHPMYFAQURL%%/install/installer.php - http://localhost/%%PHPMYFAQURL%%/admin/index.php + http://localhost/%%PHPMYFAQ_URL%%/install/installer.php + http://localhost/%%PHPMYFAQ_URL%%/admin/index.php Use the username admin and your selected password for your first login into the admin section. --- phpmyfaq.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050706085946.E1E567301F>