Date: Tue, 17 Dec 2013 08:20:45 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r336698 - in branches/2014Q1: security/vuxml www/phpmyfaq Message-ID: <201312170820.rBH8KjDk067668@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Tue Dec 17 08:20:44 2013 New Revision: 336698 URL: http://svnweb.freebsd.org/changeset/ports/336698 Log: MFH: r336678 - update to 2.8.4 - add stage support Security: 3b86583a-66a7-11e3-868f-0025905a4771 Modified: branches/2014Q1/security/vuxml/vuln.xml branches/2014Q1/www/phpmyfaq/Makefile branches/2014Q1/www/phpmyfaq/distinfo branches/2014Q1/www/phpmyfaq/pkg-plist Directory Properties: branches/2014Q1/ (props changed) Modified: branches/2014Q1/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q1/security/vuxml/vuln.xml Tue Dec 17 08:08:59 2013 (r336697) +++ branches/2014Q1/security/vuxml/vuln.xml Tue Dec 17 08:20:44 2013 (r336698) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="3b86583a-66a7-11e3-868f-0025905a4771"> + <topic>phpmyfaq -- arbitrary PHP code execution vulnerability</topic> + <affects> + <package> + <name>phpmyfaq</name> + <range><lt>2.8.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The phpMyFAQ team reports:</p> + <blockquote cite="http://www.phpmyfaq.de/advisory_2013-11-26.php">; + <p>Secunia noticed while analysing the advisory that authenticated + users with "Right to add attachments" are able to exploit an already + publicly known issue in the bundled Ajax File Manager of phpMyFAQ version + 2.8.3, which leads to arbitrary PHP code execution for authenticated + users with the permission "Right to add attachments".</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyfaq.de/advisory_2013-11-26.php</url>; + <url>http://en.securitylab.ru/lab/PT-2013-41</url>; + </references> + <dates> + <discovery>2013-11-26</discovery> + <entry>2013-12-16</entry> + </dates> + </vuln> + <vuln vid="44d0f8dc-6607-11e3-bb11-0025900931f8"> <topic>zabbix -- shell command injection vulnerability</topic> <affects> Modified: branches/2014Q1/www/phpmyfaq/Makefile ============================================================================== --- branches/2014Q1/www/phpmyfaq/Makefile Tue Dec 17 08:08:59 2013 (r336697) +++ branches/2014Q1/www/phpmyfaq/Makefile Tue Dec 17 08:20:44 2013 (r336698) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpmyfaq -PORTVERSION= 2.8.2 +PORTVERSION= 2.8.4 CATEGORIES= www MASTER_SITES= http://www.phpmyfaq.de/download/ @@ -11,20 +11,20 @@ COMMENT= A multilingual, completely data WRKSRC= ${WRKDIR}/${PORTNAME} +NEED_ROOT= yes + USE_PHP= filter json mysql pcre pdf session xml xmlrpc xmlwriter zlib FAQ_DIR= attachments data images inc pdf xml NO_BUILD= YES WANT_PHP_WEB= YES +NO_ARCH= YES -NO_STAGE= yes do-install: - -${MKDIR} ${WWWDIR} - @cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${WWWDIR} + @${MKDIR} ${STAGEDIR}${WWWDIR} + @cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${WWWDIR} .for i in ${FAQ_DIR} - -@${MKDIR} ${WWWDIR}/${i} - @${CHMOD} 777 ${WWWDIR}/${i} + @${MKDIR} ${STAGEDIR}${WWWDIR}/${i} + @${CHOWN} ${WWWOWN}:${WWWGRP} ${STAGEDIR}${WWWDIR}/${i} ${STAGEDIR}${WWWDIR}/config .endfor - @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${WWWDIR} - @${CAT} ${PKGMESSAGE} .include <bsd.port.mk> Modified: branches/2014Q1/www/phpmyfaq/distinfo ============================================================================== --- branches/2014Q1/www/phpmyfaq/distinfo Tue Dec 17 08:08:59 2013 (r336697) +++ branches/2014Q1/www/phpmyfaq/distinfo Tue Dec 17 08:20:44 2013 (r336698) @@ -1,2 +1,2 @@ -SHA256 (phpmyfaq-2.8.2.tar.gz) = 2ab6452da45dacd3bd771597671371881a4c9d13352b4c70d608b686779c3db6 -SIZE (phpmyfaq-2.8.2.tar.gz) = 3896352 +SHA256 (phpmyfaq-2.8.4.tar.gz) = da4762ce824a973f0303762e9028ea9c7e1b1b0bc0f7721388046bd1c35b0164 +SIZE (phpmyfaq-2.8.4.tar.gz) = 3903889 Modified: branches/2014Q1/www/phpmyfaq/pkg-plist ============================================================================== --- branches/2014Q1/www/phpmyfaq/pkg-plist Tue Dec 17 08:08:59 2013 (r336697) +++ branches/2014Q1/www/phpmyfaq/pkg-plist Tue Dec 17 08:20:44 2013 (r336698) @@ -1,3 +1,16 @@ +@exec mkdir -p %D/www/phpmyfaq/attachments +@exec mkdir -p %D/www/phpmyfaq/data +@exec mkdir -p %D/www/phpmyfaq/images +@exec mkdir -p %D/www/phpmyfaq/inc +@exec mkdir -p %D/www/phpmyfaq/pdf +@exec mkdir -p %D/www/phpmyfaq/xml +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/attachments +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/config +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/data +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/images +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/inc +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/pdf +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/xml %%WWWDIR%%/_.htaccess %%WWWDIR%%/_httpd.ini %%WWWDIR%%/_lighttpd.conf @@ -24,6 +37,7 @@ %%WWWDIR%%/admin/assets/font/fontawesome-webfont.svg %%WWWDIR%%/admin/assets/font/fontawesome-webfont.ttf %%WWWDIR%%/admin/assets/font/fontawesome-webfont.woff +%%WWWDIR%%/admin/assets/js/record.js %%WWWDIR%%/admin/assets/js/uploadcheck.js %%WWWDIR%%/admin/assets/js/user.js %%WWWDIR%%/admin/assets/less/style.less @@ -876,6 +890,7 @@ %%WWWDIR%%/assets/template/default/favicon.ico %%WWWDIR%%/assets/template/default/glossary.tpl %%WWWDIR%%/assets/template/default/images/arrow.gif +%%WWWDIR%%/assets/template/default/indexPassword.tpl %%WWWDIR%%/assets/template/default/index.tpl %%WWWDIR%%/assets/template/default/indexLogin.tpl %%WWWDIR%%/assets/template/default/indexMaintenance.tpl @@ -1264,7 +1279,7 @@ @dirrm %%WWWDIR%%/xml @dirrm %%WWWDIR%%/services/twitter @dirrm %%WWWDIR%%/services -@dirrmtry %%WWWDIR%%/pdf +@dirrm %%WWWDIR%%/pdf @dirrm %%WWWDIR%%/multisite @dirrm %%WWWDIR%%/lang @dirrm %%WWWDIR%%/install @@ -1357,16 +1372,16 @@ @dirrm %%WWWDIR%%/inc/PMF/Attachment @dirrm %%WWWDIR%%/inc/PMF @dirrm %%WWWDIR%%/inc -@dirrmtry %%WWWDIR%%/images +@dirrm %%WWWDIR%%/images @dirrm %%WWWDIR%%/feed/topten @dirrm %%WWWDIR%%/feed/openquestions @dirrm %%WWWDIR%%/feed/news @dirrm %%WWWDIR%%/feed/latest @dirrm %%WWWDIR%%/feed/category @dirrm %%WWWDIR%%/feed -@dirrmtry %%WWWDIR%%/data -@dirrmtry %%WWWDIR%%/config -@dirrmtry %%WWWDIR%%/attachments +@dirrm %%WWWDIR%%/data +@dirrm %%WWWDIR%%/config +@dirrm %%WWWDIR%%/attachments @dirrm %%WWWDIR%%/assets/template/default/less @dirrm %%WWWDIR%%/assets/template/default/images @dirrm %%WWWDIR%%/assets/template/default/css
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312170820.rBH8KjDk067668>