From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Sep 1 10:50:15 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B377A16A4DE for ; Fri, 1 Sep 2006 10:50:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCF3343D4C for ; Fri, 1 Sep 2006 10:50:14 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k81AoEV1001406 for ; Fri, 1 Sep 2006 10:50:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k81AoE79001405; Fri, 1 Sep 2006 10:50:14 GMT (envelope-from gnats) Resent-Date: Fri, 1 Sep 2006 10:50:14 GMT Resent-Message-Id: <200609011050.k81AoE79001405@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Francisco Alves Cabrita Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE98916A4DE for ; Fri, 1 Sep 2006 10:47:23 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 874FF43D46 for ; Fri, 1 Sep 2006 10:47:23 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k81AlNHZ019877 for ; Fri, 1 Sep 2006 10:47:23 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k81AlNpN019876; Fri, 1 Sep 2006 10:47:23 GMT (envelope-from nobody) Message-Id: <200609011047.k81AlNpN019876@www.freebsd.org> Date: Fri, 1 Sep 2006 10:47:23 GMT From: Francisco Alves Cabrita To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: ports/102746: [UPDATE]: www/joomla 1.0.10 to 1.0.11 (security update) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2006 10:50:15 -0000 >Number: 102746 >Category: ports >Synopsis: [UPDATE]: www/joomla 1.0.10 to 1.0.11 (security update) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Sep 01 10:50:14 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Francisco Alves Cabrita >Release: FreeBSD 6.1-RELEASE-p3 >Organization: Núcleo Português de FreeBSD >Environment: FreeBSD fac.e10.pt 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Wed Aug 9 14:04:16 WEST 2006 root@fac.e10.pt:/usr/obj/usr/src/sys/SIXONE i386 >Description: Security Update of www/joomla from 1.0.10 to 1.0.11 04 HIGH Level Threats fixed A1 Unvalidated Input A6 Injection Flaws 04 MEDIUM Level Threats fixed A1 Unvalidated Input A2 Broken Access Control 18 LOW Level Threats fixed A1 Unvalidated Input A2 Broken Access Control A4 Cross Site Scripting A6 Injection Flaws Best Regards Francisco >How-To-Repeat: >Fix: diff -ruN joomla.orig/Makefile joomla/Makefile --- joomla.orig/Makefile Fri Sep 1 11:41:12 2006 +++ joomla/Makefile Fri Sep 1 11:41:35 2006 @@ -5,15 +5,15 @@ # $FreeBSD: ports/www/joomla/Makefile,v 1.9 2006/08/30 12:37:21 remko Exp $ PORTNAME= joomla -PORTVERSION= 1.0.10 +PORTVERSION= 1.0.11 CATEGORIES= www -MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_10/frs5789?dl=1/:source1 +MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_11/frs6656?dl=1/:source1 DISTFILES= ${JOOMLA_SRC}:source1 MAINTAINER= include@npf.pt.freebsd.org COMMENT= A dynamic web content management system (CMS) -FORBIDDEN= remote code execution: http://vuxml.FreeBSD.org/0ab423e7-3822-11db-81e1-000e0c2e438a.html +#FORBIDDEN= remote code execution: http://vuxml.FreeBSD.org/0ab423e7-3822-11db-81e1-000e0c2e438a.html NO_BUILD= yes USE_MYSQL= yes diff -ruN joomla.orig/distinfo joomla/distinfo --- joomla.orig/distinfo Fri Sep 1 10:42:11 2006 +++ joomla/distinfo Fri Sep 1 11:36:20 2006 @@ -1,3 +1,3 @@ -MD5 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 4c608dc14fe8952bd35803e5cc8f56cc -SHA256 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 99c265c9bc7d163e3f6bdcb92d3f48dcc51c6b5bb84aedd4d350c5cdbc37e9e2 -SIZE (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 1707685 +MD5 (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = b5f7a7c74b2951ed999c494881522be2 +SHA256 (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = bdcded24dc5a4605c083f2011ec67d047c1a06b2719f44562995671550b46d5a +SIZE (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = 1719645 diff -ruN joomla.orig/pkg-plist joomla/pkg-plist --- joomla.orig/pkg-plist Fri Sep 1 10:42:11 2006 +++ joomla/pkg-plist Fri Sep 1 11:39:52 2006 @@ -432,6 +432,7 @@ www/joomla/administrator/images/upload_f2.png www/joomla/administrator/images/user.png www/joomla/administrator/images/users.png +www/joomla/administrator/images/version_check.png www/joomla/administrator/images/week.png www/joomla/administrator/images/week_f2.png www/joomla/administrator/images/xml.png @@ -470,6 +471,7 @@ www/joomla/administrator/modules/mod_popular.php www/joomla/administrator/modules/mod_popular.xml www/joomla/administrator/modules/mod_quickicon.php +www/joomla/administrator/modules/mod_quickicon.xml www/joomla/administrator/modules/mod_stats.php www/joomla/administrator/modules/mod_stats.xml www/joomla/administrator/modules/mod_toolbar.php @@ -808,6 +810,8 @@ www/joomla/includes/js/ThemeOffice/home.png www/joomla/includes/js/ThemeOffice/index.html www/joomla/includes/js/ThemeOffice/install.png +www/joomla/includes/js/ThemeOffice/joomla_16x16.png +www/joomla/includes/js/ThemeOffice/Joomla_16x16.png www/joomla/includes/js/ThemeOffice/language.png www/joomla/includes/js/ThemeOffice/license.png www/joomla/includes/js/ThemeOffice/mail.png >Release-Note: >Audit-Trail: >Unformatted: