FreeBSD Mail Archives

Date:      Wed, 12 Mar 2014 02:04:04 +0000 (UTC)
From:      Kevin Lo <kevlo@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r347952 - head/www/owncloud
Message-ID:  <201403120204.s2C2441F012793@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: kevlo
Date: Wed Mar 12 02:04:03 2014
New Revision: 347952
URL: http://svnweb.freebsd.org/changeset/ports/347952
QAT: https://qat.redports.org/buildarchive/r347952/

Log:
  Work around a very obscure but potentially severe security problem.
  The user can have the variables OWNCLOUD_USERNAME and OWNCLOUD_GROUPNAME
  defined in his environment to point to his own username and groupname.
  
  Suggested by:	Adam McDougall

Modified:
  head/www/owncloud/Makefile
  head/www/owncloud/pkg-plist

Modified: head/www/owncloud/Makefile
==============================================================================
--- head/www/owncloud/Makefile	Wed Mar 12 01:42:52 2014	(r347951)
+++ head/www/owncloud/Makefile	Wed Mar 12 02:04:03 2014	(r347952)
@@ -2,6 +2,7 @@
 
 PORTNAME=	owncloud
 PORTVERSION=	6.0.2
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://download.owncloud.org/community/
 
@@ -19,9 +20,14 @@ USE_PHP=	bz2 ctype curl dom exif fileinf
 		xsl wddx zip zlib
 WANT_PHP_WEB=	yes
 
+OWNCLOUD_USERNAME?=	www
+OWNCLOUD_GROUPNAME?=	${OWNCLOUD_USERNAME}
+
 WRKSRC=		${WRKDIR}/${PORTNAME}
 NO_BUILD=	yes
 SUB_FILES=	pkg-message
+PLIST_SUB=	OWNCLOUD_USERNAME=${OWNCLOUD_USERNAME} \
+		OWNCLOUD_GROUPNAME=${OWNCLOUD_GROUPNAME}
 
 OPTIONS_MULTI=	DB
 OPTIONS_MULTI_DB=	MYSQL PGSQL SQLITE

Modified: head/www/owncloud/pkg-plist
==============================================================================
--- head/www/owncloud/pkg-plist	Wed Mar 12 01:42:52 2014	(r347951)
+++ head/www/owncloud/pkg-plist	Wed Mar 12 02:04:03 2014	(r347952)
@@ -1,5 +1,5 @@
-@owner www
-@group www
+@owner %%OWNCLOUD_USERNAME%%
+@group %%OWNCLOUD_GROUPNAME%%
 %%WWWDIR%%/.htaccess
 %%WWWDIR%%/3rdparty/Archive/Tar.php
 %%WWWDIR%%/3rdparty/Console/Getopt.php

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403120204.s2C2441F012793>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation