From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Jun  6 20:17:08 2006
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 95DDA16CC97
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue,  6 Jun 2006 20:10:26 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B28C643D49
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue,  6 Jun 2006 20:10:25 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k56KAP3h052094
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 6 Jun 2006 20:10:25 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k56KAPu0052093;
	Tue, 6 Jun 2006 20:10:25 GMT (envelope-from gnats)
Resent-Date: Tue, 6 Jun 2006 20:10:25 GMT
Resent-Message-Id: <200606062010.k56KAPu0052093@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Aaron Dalton" <aaron@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 41BBB16B88B;
	Tue,  6 Jun 2006 19:55:01 +0000 (UTC)
	(envelope-from aaron@moondance.itsy-bitsy.net)
Received: from mpls-qmqp-02.inet.qwest.net (mpls-qmqp-02.inet.qwest.net
	[63.231.195.113])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C004B43D48;
	Tue,  6 Jun 2006 19:55:00 +0000 (GMT)
	(envelope-from aaron@moondance.itsy-bitsy.net)
Received: from mpls-pop-07.inet.qwest.net (mpls-pop-07.inet.qwest.net
	[63.231.195.7]) by mpls-qmqp-02.inet.qwest.net (Postfix) with QMQP
	id 3D7B8461E43; Tue,  6 Jun 2006 19:55:00 +0000 (UTC)
Received: from unknown (HELO mail.itsy-bitsy.net) (63.231.83.246)
	by mpls-pop-07.inet.qwest.net with SMTP; 6 Jun 2006 19:55:00 -0000
Received: from [127.0.0.1] (helo=moondance.itsy-bitsy.net)
	by mail.itsy-bitsy.net with esmtp (Exim 4.62 (FreeBSD))
	(envelope-from <aaron@moondance.itsy-bitsy.net>)
	id 1Fnhad-000396-Qa; Tue, 06 Jun 2006 13:51:47 -0600
Received: (from aaron@localhost)
	by moondance.itsy-bitsy.net (8.13.3/8.13.3/Submit) id k56Jplen012095;
	Tue, 6 Jun 2006 13:51:47 -0600 (MDT) (envelope-from aaron)
Message-Id: <200606061951.k56Jplen012095@moondance.itsy-bitsy.net>
Date: Tue, 6 Jun 2006 13:51:47 -0600 (MDT)
From: "Aaron Dalton" <aaron@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: secteam@FreeBSD.org, portmgr@FreeBSD.org
Subject: ports/98599: [PATCH] www/dokuwiki: SECURITY FIX
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2006 20:17:15 -0000


>Number:         98599
>Category:       ports
>Synopsis:       [PATCH] www/dokuwiki: SECURITY FIX
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 06 20:10:24 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Aaron Dalton
>Release:        FreeBSD 5.4-RELEASE i386
>Organization:
>Environment:
System: FreeBSD moondance.itsy-bitsy.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May  8 10:21:06 UTC
>Description:
- Bump PORTREVISION
- Update distinfo

Vendor's Announcement:
Hello again!

Just two days after the last security problem another flaw was discovered.
Luckily not as bad as the last one.

Andreas .kre Solberg discovered a security flaw which allows registered
users to view page content they usually have no access to. The problem is
in the way how a successful user profile change is handled.

This affects only installs which have Access Control Lists enabled (off by
default) and restricted the READ permission for certain pages even for
logged in users. Non-authenticated users can not exploit this bug.

The package available at http://www.splitbrain.org/go/dokuwiki was updated
again to reflect the change but fixing it manually is simple, too. Info on
how to do this is available at
http://bugs.splitbrain.org/?do=details&id=825

Andi

Port maintainer (chinsan.tw@gmail.com) is cc'd.
portmgr@ and secteam@ are cc'd.

I request that the package be immediately rebuilt and distributed.

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- dokuwiki-20060309_2.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/www/dokuwiki/Makefile,v
retrieving revision 1.21
diff -u -u -r1.21 Makefile
--- Makefile	5 Jun 2006 20:04:48 -0000	1.21
+++ Makefile	6 Jun 2006 19:49:42 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	dokuwiki
 PORTVERSION=	${DIST_VER:S/${PORTNAME}//:S/-//g}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	http://www.splitbrain.org/_media/projects/dokuwiki/ \
 		http://dev.splitbrain.org/browse/snapshots/
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/www/dokuwiki/distinfo,v
retrieving revision 1.11
diff -u -u -r1.11 distinfo
--- distinfo	5 Jun 2006 18:15:04 -0000	1.11
+++ distinfo	6 Jun 2006 19:49:42 -0000
@@ -1,3 +1,3 @@
-MD5 (dokuwiki-2006-03-09.tgz) = cc513a6e9a2cb04a464461a3395bb2ec
-SHA256 (dokuwiki-2006-03-09.tgz) = 350eed365cafb25a491a0482e75c53c64d3224d762152f30bc914a34ce973c8f
-SIZE (dokuwiki-2006-03-09.tgz) = 835031
+MD5 (dokuwiki-2006-03-09.tgz) = 73db29a2e92f5708d91cf1a535290000
+SHA256 (dokuwiki-2006-03-09.tgz) = 1976d90c2a32dcc2d3a6644f8a7f09d152bc3ebcb7fd09aaf0aacaca68dd7507
+SIZE (dokuwiki-2006-03-09.tgz) = 835163
--- dokuwiki-20060309_2.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: