Site Navigation

Date:      Wed, 3 Aug 2005 09:46:42 GMT
From:      Francisco Cabrita <francisco@nortenet.pt>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   www/84510: [SECURITY UPDATE]: Update for www/mambo - Security Patch for 4.5.2.2 to 4.5.2.3
Message-ID:  <200508030946.j739kgPF029654@www.freebsd.org>
Resent-Message-ID: <200508030950.j739oHlw085340@freefall.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         84510
>Category:       www
>Synopsis:       [SECURITY UPDATE]: Update for www/mambo - Security Patch for 4.5.2.2 to 4.5.2.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-www
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 03 09:50:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Francisco Cabrita
>Release:        FreeBSD 5.4-RELEASE-p6
>Organization:
Núcleo Português de FreeBSD
>Environment:
FreeBSD fac.e10.pt 5.4-RELEASE-p6 FreeBSD 5.4-RELEASE-p6 #0: Sat Jul 30 04:12:24 WEST 2005     fac@fac.e10.pt:/usr/obj/usr/src/sys/MOBILE  i386
>Description:
The 4.5.2.3 patch is available that fixes an over-zealous filter on the main content fields and well as plugging a security hole in the voting form submission. It also includes a slight revision to the database class that will give you a small boost in performance.

The Makefile

--- Makefile_SAFE       Wed Aug  3 10:31:46 2005
+++ Makefile    Wed Aug  3 10:24:25 2005
@@ -5,14 +5,12 @@
 # $FreeBSD: ports/www/mambo/Makefile,v 1.4 2005/06/13 14:02:54 pav Exp $

 PORTNAME=      mambo
-PORTVERSION=   4.5.2.2
+PORTVERSION=   4.5.2.3
 CATEGORIES=    www
 MASTER_SITES=  http://mamboforge.net/frs/download.php/4004/:source1 \
-               http://mamboforge.net/frs/download.php/4043/:source2 \
-               http://mamboforge.net/frs/download.php/5886/:source3
+               http://mamboforge.net/frs/download.php/6159/:source2
 DISTFILES=     ${MAMBO_SRC}:source1 \
-               ${MAMBO_PATCH1}:source2 \
-               ${MAMBO_PATCH2}:source3
+               ${MAMBO_PATCH1}:source2

 MAINTAINER=    include@npf.pt.freebsd.org
 COMMENT=       A dynamic web content management system (CMS)
@@ -32,14 +30,12 @@
 DIST_SUBDIR=   ${PORTNAME}

 MAMBO_SRC=     MamboV4.5.2-Stable.tar.gz
-MAMBO_PATCH1=  Patch_4.5.2_to_4.5.2.1.zip
-MAMBO_PATCH2=  Patch_4.5.2_to_4.5.2.2.zip
+MAMBO_PATCH1=  Patch_4.5.2_to_4.5.2.3.zip

 do-extract:
                @${MKDIR} ${WRKSRC}
                @${TAR} -zxf ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_SRC} -C ${WRKSRC}
                @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH1} -d ${WRKSRC}
-               @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH2} -d ${WRKSRC}
                @${RM} -rf ${WRKSRC}/templates/rhuk_solarflare # remove empty

 do-install:

The distinfo:

--- distinfo_SAFE       Wed Aug  3 10:41:47 2005
+++ distinfo    Wed Aug  3 10:24:25 2005
@@ -1,6 +1,4 @@
 MD5 (mambo/MamboV4.5.2-Stable.tar.gz) = 6f4f934bc26ceed05137a23a1dcf8a54
 SIZE (mambo/MamboV4.5.2-Stable.tar.gz) = 1561319
-MD5 (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 0dc49db1cf7a5c0ff11d69f05cfae69f
-SIZE (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 32429
-MD5 (mambo/Patch_4.5.2_to_4.5.2.2.zip) = ce66ecab53e6af3215d664a6b24b7ab0
-SIZE (mambo/Patch_4.5.2_to_4.5.2.2.zip) = 88100
+MD5 (mambo/Patch_4.5.2_to_4.5.2.3.zip) = 3202877a1f03b2ff723bf5a2c1f07869
+SIZE (mambo/Patch_4.5.2_to_4.5.2.3.zip) = 88505

The pkg-plist:
--- pkg-plist_SAFE      Wed Aug  3 10:41:50 2005
+++ pkg-plist   Wed Aug  3 10:24:25 2005
@@ -1,7 +1,6 @@
 @exec mkdir -p %D/%%MAMBO_DIR%%/cache/com_banners
 %%MAMBO_DIR%%/CHANGELOG
 %%MAMBO_DIR%%/INSTALL
-%%MAMBO_DIR%%/README
 %%MAMBO_DIR%%/LICENSE
 %%MAMBO_DIR%%/administrator/backups/index.html
 %%MAMBO_DIR%%/administrator/components/com_admin/admin.admin.html.php
@@ -831,6 +830,8 @@
 %%MAMBO_DIR%%/includes/patTemplate/tmpl/page.html
 %%MAMBO_DIR%%/includes/pathway.php
 %%MAMBO_DIR%%/includes/pdf.php
+%%MAMBO_DIR%%/includes/phpInputFilter/index.html
+%%MAMBO_DIR%%/includes/phpInputFilter/class.inputfilter.php
 %%MAMBO_DIR%%/includes/phpmailer/LICENSE
 %%MAMBO_DIR%%/includes/phpmailer/class.phpmailer.php
 %%MAMBO_DIR%%/includes/phpmailer/class.smtp.php
@@ -1194,6 +1195,7 @@
 @dirrm %%MAMBO_DIR%%/language
 @dirrm %%MAMBO_DIR%%/installation/sql
 @dirrm %%MAMBO_DIR%%/installation
+@dirrm %%MAMBO_DIR%%/includes/phpInputFilter/
 @dirrm %%MAMBO_DIR%%/includes/phpmailer/language
 @dirrm %%MAMBO_DIR%%/includes/phpmailer
 @dirrm %%MAMBO_DIR%%/includes/patTemplate/tmpl


and thats all

Francisco Cabrita aka include
 
 --
 Nucleo Portugues de FreeBSD - Core Member
 http://npf.pt.freebsd.org
 http://npf.pt.freebsd.org/~include/

>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508030946.j739kgPF029654>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact