Date: Wed, 17 Aug 2005 08:12:17 +0800 (CST) From: chinsan <chinsan.tw@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/85020: [MAINTAINER UPDATE] www/phpmyfaq: fix security issue of pear-XML_RPC library Message-ID: <20050817001217.1A0BC7301F@chinsan.twbbs.org> Resent-Message-ID: <200508170020.j7H0K8ab019069@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85020 >Category: ports >Synopsis: [MAINTAINER UPDATE] www/phpmyfaq: fix security issue of pear-XML_RPC library >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Aug 17 00:20:08 GMT 2005 >Closed-Date: >Last-Modified: >Originator: chinsan >Release: FreeBSD 5.4-STABLE i386 >Organization: FreeBSD Taiwan >Environment: System: FreeBSD chinsan.twbbs.org 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun Aug 14 21:25:08 CST 2005 root@chinsan.twbbs.org:/usr/obj/usr/src/sys/TAKAKO i386 >Description: - A security related issue in the bundled XML-RPC library was fixed. (http://www.vuxml.org/freebsd/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html) - upgrade from 1.4.9 to 1.4.11 (Also fix compatibility with PHP 4.4.0 with 1.4.9) Thanks! :) >How-To-Repeat: >Fix: --- phpmyfaq.diff begins here --- diff -ruN phpmyfaq.orig/Makefile phpmyfaq/Makefile --- phpmyfaq.orig/Makefile Wed Aug 17 07:53:00 2005 +++ phpmyfaq/Makefile Wed Aug 17 08:05:16 2005 @@ -6,7 +6,7 @@ # PORTNAME= phpmyfaq -PORTVERSION= 1.4.9 +PORTVERSION= 1.4.11 CATEGORIES= www MASTER_SITES= http://www.phpmyfaq.de/download/ DISTNAME= ${PORTNAME}.${PORTVERSION}.full @@ -15,8 +15,6 @@ MAINTAINER= chinsan.tw@gmail.com COMMENT= A multilingual, completely database-driven FAQ-system -FORBIDDEN= http://vuxml.FreeBSD.org/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html - WRKSRC= ${WRKDIR}/${PORTNAME}.${PORTVERSION} USE_ZIP= YES @@ -26,51 +24,59 @@ WANT_PHP_WEB= YES pre-fetch: -.if !defined(PHPMYFAQ_DIR) +.if !defined(PHPMYFAQ_URL) @${ECHO_MSG} "" - @${ECHO_MSG} "Define PHPMYFAQ_DIR to override default of '${PHPMYFAQ_DIR}'." + @${ECHO_MSG} "Define PHPMYFAQ_URL to override default of ${PREFIX}/${WWWDOCROOT}/'${PHPMYFAQ_URL}'." @${ECHO_MSG} "" .endif + +# Get HOSTNAME +.if exists(/sbin/sysctl) +HOSTNAME!= /sbin/sysctl -n kern.hostname +.else +HOSTNAME!= /usr/sbin/sysctl -n kern.hostname +.endif + WWWDOCROOT?= www/data PHPMYFAQ_URL?= faq WWWOWN?= www WWWGRP?= www -PHPMYFAQ_DIR?= ${WWWDOCROOT}/${PHPMYFAQ_URL} +PHPMYFAQ_URL?= ${WWWDOCROOT}/${PHPMYFAQ_URL} PLIST= ${WRKDIR}/pkg-plist .include <bsd.port.pre.mk> pre-install: cd ${WRKSRC} && ${FIND} -s . -type f | \ - ${SED} -e 's|^./||;s|^|${PHPMYFAQ_DIR}/|' > ${PLIST} \ + ${SED} -e 's|^./||;s|^|${PHPMYFAQ_URL}/|' > ${PLIST} \ && ${FIND} -d * -type d | \ - ${SED} -e 's|^|@dirrm ${PHPMYFAQ_DIR}/|' >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/attachments/ >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/data/ >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/pdf/ >> ${PLIST} \ - && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR} >> ${PLIST} + ${SED} -e 's|^|@dirrm ${PHPMYFAQ_URL}/|' >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL}/attachments/ >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL}/data/ >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL}/pdf/ >> ${PLIST} \ + && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL} >> ${PLIST} do-install: # Data files - -${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR} - @${CHMOD} 755 ${PREFIX}/${PHPMYFAQ_DIR} - @${CP} -R ${WRKSRC}/ ${PREFIX}/${PHPMYFAQ_DIR} - @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/attachments/ - @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/data/ - @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/pdf/ + -${MKDIR} ${PREFIX}/${PHPMYFAQ_URL} + @${CHMOD} 755 ${PREFIX}/${PHPMYFAQ_URL} + @${CP} -R ${WRKSRC}/ ${PREFIX}/${PHPMYFAQ_URL} + @${MKDIR} ${PREFIX}/${PHPMYFAQ_URL}/attachments/ + @${MKDIR} ${PREFIX}/${PHPMYFAQ_URL}/data/ + @${MKDIR} ${PREFIX}/${PHPMYFAQ_URL}/pdf/ # set the correct permissions - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/inc/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/attachments/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/data/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/images/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/pdf/ - @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/xml/ - @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/${PHPMYFAQ_DIR} + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/inc/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/attachments/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/data/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/images/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/pdf/ + @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/xml/ + @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/${PHPMYFAQ_URL} post-install: @${SED} \ - -e 's|%%PHPMYFAQ_URL%%|${PHPMYFAQ_URL}|' \ - -e 's|%%PHPMYFAQ_DIR%%|${PREFIX}/${PHPMYFAQ_DIR}|' ${PKGMESSAGE} + -e 's|%%HOSTNAME%%|${HOSTNAME}|' \ + -e 's|%%PHPMYFAQ_URL%%|${PREFIX}/${PHPMYFAQ_URL}|' ${PKGMESSAGE} .include <bsd.port.post.mk> diff -ruN phpmyfaq.orig/distinfo phpmyfaq/distinfo --- phpmyfaq.orig/distinfo Wed Aug 17 07:53:00 2005 +++ phpmyfaq/distinfo Wed Aug 17 08:04:36 2005 @@ -1,2 +1,2 @@ -MD5 (phpmyfaq.1.4.9.full.zip) = 1d383a35f2df8b9d7edd2359ca738694 -SIZE (phpmyfaq.1.4.9.full.zip) = 730758 +MD5 (phpmyfaq.1.4.11.full.zip) = 7ffd3a088e072df812cdd4f904d4b32a +SIZE (phpmyfaq.1.4.11.full.zip) = 727145 diff -ruN phpmyfaq.orig/pkg-message phpmyfaq/pkg-message --- phpmyfaq.orig/pkg-message Wed Aug 17 07:53:00 2005 +++ phpmyfaq/pkg-message Wed Aug 17 08:03:19 2005 @@ -7,8 +7,8 @@ database access method. To configure phpMyFAQ point your browser to - http://localhost/%%PHPMYFAQ_URL%%/install/installer.php - http://localhost/%%PHPMYFAQ_URL%%/admin/index.php + http://%%HOSTNAME%%/%%PHPMYFAQ_URL%%/install/installer.php + http://%%HOSTNAME%%/%%PHPMYFAQ_URL%%/admin/index.php Use the username admin and your selected password for your first login into the admin section. --- phpmyfaq.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050817001217.1A0BC7301F>