ports/85020: [MAINTAINER UPDATE] www/phpmyfaq: fix security issue of pear-XML_RPC library
chinsan
chinsan.tw at gmail.com
Wed Aug 17 00:20:09 UTC 2005
>Number: 85020
>Category: ports
>Synopsis: [MAINTAINER UPDATE] www/phpmyfaq: fix security issue of pear-XML_RPC library
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 17 00:20:08 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: chinsan
>Release: FreeBSD 5.4-STABLE i386
>Organization:
FreeBSD Taiwan
>Environment:
System: FreeBSD chinsan.twbbs.org 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun Aug 14 21:25:08 CST 2005 root at chinsan.twbbs.org:/usr/obj/usr/src/sys/TAKAKO i386
>Description:
- A security related issue in the bundled XML-RPC library was fixed.
(http://www.vuxml.org/freebsd/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html)
- upgrade from 1.4.9 to 1.4.11
(Also fix compatibility with PHP 4.4.0 with 1.4.9)
Thanks! :)
>How-To-Repeat:
>Fix:
--- phpmyfaq.diff begins here ---
diff -ruN phpmyfaq.orig/Makefile phpmyfaq/Makefile
--- phpmyfaq.orig/Makefile Wed Aug 17 07:53:00 2005
+++ phpmyfaq/Makefile Wed Aug 17 08:05:16 2005
@@ -6,7 +6,7 @@
#
PORTNAME= phpmyfaq
-PORTVERSION= 1.4.9
+PORTVERSION= 1.4.11
CATEGORIES= www
MASTER_SITES= http://www.phpmyfaq.de/download/
DISTNAME= ${PORTNAME}.${PORTVERSION}.full
@@ -15,8 +15,6 @@
MAINTAINER= chinsan.tw at gmail.com
COMMENT= A multilingual, completely database-driven FAQ-system
-FORBIDDEN= http://vuxml.FreeBSD.org/e65ad1bf-0d8b-11da-90d0-00304823c0d3.html
-
WRKSRC= ${WRKDIR}/${PORTNAME}.${PORTVERSION}
USE_ZIP= YES
@@ -26,51 +24,59 @@
WANT_PHP_WEB= YES
pre-fetch:
-.if !defined(PHPMYFAQ_DIR)
+.if !defined(PHPMYFAQ_URL)
@${ECHO_MSG} ""
- @${ECHO_MSG} "Define PHPMYFAQ_DIR to override default of '${PHPMYFAQ_DIR}'."
+ @${ECHO_MSG} "Define PHPMYFAQ_URL to override default of ${PREFIX}/${WWWDOCROOT}/'${PHPMYFAQ_URL}'."
@${ECHO_MSG} ""
.endif
+
+# Get HOSTNAME
+.if exists(/sbin/sysctl)
+HOSTNAME!= /sbin/sysctl -n kern.hostname
+.else
+HOSTNAME!= /usr/sbin/sysctl -n kern.hostname
+.endif
+
WWWDOCROOT?= www/data
PHPMYFAQ_URL?= faq
WWWOWN?= www
WWWGRP?= www
-PHPMYFAQ_DIR?= ${WWWDOCROOT}/${PHPMYFAQ_URL}
+PHPMYFAQ_URL?= ${WWWDOCROOT}/${PHPMYFAQ_URL}
PLIST= ${WRKDIR}/pkg-plist
.include <bsd.port.pre.mk>
pre-install:
cd ${WRKSRC} && ${FIND} -s . -type f | \
- ${SED} -e 's|^./||;s|^|${PHPMYFAQ_DIR}/|' > ${PLIST} \
+ ${SED} -e 's|^./||;s|^|${PHPMYFAQ_URL}/|' > ${PLIST} \
&& ${FIND} -d * -type d | \
- ${SED} -e 's|^|@dirrm ${PHPMYFAQ_DIR}/|' >> ${PLIST} \
- && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/attachments/ >> ${PLIST} \
- && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/data/ >> ${PLIST} \
- && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR}/pdf/ >> ${PLIST} \
- && ${ECHO_CMD} @dirrm ${PHPMYFAQ_DIR} >> ${PLIST}
+ ${SED} -e 's|^|@dirrm ${PHPMYFAQ_URL}/|' >> ${PLIST} \
+ && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL}/attachments/ >> ${PLIST} \
+ && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL}/data/ >> ${PLIST} \
+ && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL}/pdf/ >> ${PLIST} \
+ && ${ECHO_CMD} @dirrm ${PHPMYFAQ_URL} >> ${PLIST}
do-install:
# Data files
- -${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}
- @${CHMOD} 755 ${PREFIX}/${PHPMYFAQ_DIR}
- @${CP} -R ${WRKSRC}/ ${PREFIX}/${PHPMYFAQ_DIR}
- @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/attachments/
- @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/data/
- @${MKDIR} ${PREFIX}/${PHPMYFAQ_DIR}/pdf/
+ -${MKDIR} ${PREFIX}/${PHPMYFAQ_URL}
+ @${CHMOD} 755 ${PREFIX}/${PHPMYFAQ_URL}
+ @${CP} -R ${WRKSRC}/ ${PREFIX}/${PHPMYFAQ_URL}
+ @${MKDIR} ${PREFIX}/${PHPMYFAQ_URL}/attachments/
+ @${MKDIR} ${PREFIX}/${PHPMYFAQ_URL}/data/
+ @${MKDIR} ${PREFIX}/${PHPMYFAQ_URL}/pdf/
# set the correct permissions
- @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/inc/
- @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/attachments/
- @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/data/
- @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/images/
- @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/pdf/
- @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_DIR}/xml/
- @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/${PHPMYFAQ_DIR}
+ @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/inc/
+ @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/attachments/
+ @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/data/
+ @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/images/
+ @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/pdf/
+ @${CHMOD} 777 ${PREFIX}/${PHPMYFAQ_URL}/xml/
+ @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/${PHPMYFAQ_URL}
post-install:
@${SED} \
- -e 's|%%PHPMYFAQ_URL%%|${PHPMYFAQ_URL}|' \
- -e 's|%%PHPMYFAQ_DIR%%|${PREFIX}/${PHPMYFAQ_DIR}|' ${PKGMESSAGE}
+ -e 's|%%HOSTNAME%%|${HOSTNAME}|' \
+ -e 's|%%PHPMYFAQ_URL%%|${PREFIX}/${PHPMYFAQ_URL}|' ${PKGMESSAGE}
.include <bsd.port.post.mk>
diff -ruN phpmyfaq.orig/distinfo phpmyfaq/distinfo
--- phpmyfaq.orig/distinfo Wed Aug 17 07:53:00 2005
+++ phpmyfaq/distinfo Wed Aug 17 08:04:36 2005
@@ -1,2 +1,2 @@
-MD5 (phpmyfaq.1.4.9.full.zip) = 1d383a35f2df8b9d7edd2359ca738694
-SIZE (phpmyfaq.1.4.9.full.zip) = 730758
+MD5 (phpmyfaq.1.4.11.full.zip) = 7ffd3a088e072df812cdd4f904d4b32a
+SIZE (phpmyfaq.1.4.11.full.zip) = 727145
diff -ruN phpmyfaq.orig/pkg-message phpmyfaq/pkg-message
--- phpmyfaq.orig/pkg-message Wed Aug 17 07:53:00 2005
+++ phpmyfaq/pkg-message Wed Aug 17 08:03:19 2005
@@ -7,8 +7,8 @@
database access method.
To configure phpMyFAQ point your browser to
- http://localhost/%%PHPMYFAQ_URL%%/install/installer.php
- http://localhost/%%PHPMYFAQ_URL%%/admin/index.php
+ http://%%HOSTNAME%%/%%PHPMYFAQ_URL%%/install/installer.php
+ http://%%HOSTNAME%%/%%PHPMYFAQ_URL%%/admin/index.php
Use the username admin and your selected password
for your first login into the admin section.
--- phpmyfaq.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list