ports/81984: [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions

Francisco Alves Cabrita include at npf.deec.uc.pt
Tue Jun 7 10:40:29 UTC 2005 

>Number:         81984
>Category:       ports
>Synopsis:       [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 07 10:40:28 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Francisco Alves Cabrita
>Release:        FreeBSD 5.4-RELEASE
>Organization:
Núcleo Português de FreeBSD
>Environment:
FreeBSD fac.e10.pt 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sat May  7 23:33:40 WEST 2005     fac at fac.e10.pt:/usr/obj/usr/src/sys/MOBILE  i386
>Description:
Under various (and differing) circumstances, multiple vulnerabilities exist that allow an attacker to steal cookie information, initiatiate XSS and SQL injection attacks.
>How-To-Repeat:
      
>Fix:
Security Patch for All Mambo 4.5.x Versions

-- Makefile_SAFE Tue Jun  7 11:22:57 2005
+++ Makefile  Tue Jun  7 11:25:17 2005
@@ -5,13 +5,15 @@
 # $FreeBSD: ports/www/mambo/Makefile,v 1.2 2005/05/29 09:07:41 thierry Exp $

 PORTNAME=  mambo
-PORTVERSION= 4.5.2.1
+PORTVERSION= 4.5.2.2
 PORTREVISION=  1
 CATEGORIES=  www
 MASTER_SITES=  http://mamboforge.net/frs/download.php/4004/:source1 \
-   http://mamboforge.net/frs/download.php/4043/:source2
+   http://mamboforge.net/frs/download.php/4043/:source2 \
+   http://mamboforge.net/frs/download.php/5886/:source3
 DISTFILES= ${MAMBO_SRC}:source1 \
-   ${MAMBO_PATCH}:source2
+   ${MAMBO_PATCH1}:source2 \
+   ${MAMBO_PATCH2}:source3

 MAINTAINER=  include at npf.pt.freebsd.org
 COMMENT= A dynamic web content management system (CMS)
@@ -31,12 +33,14 @@
 DIST_SUBDIR= ${PORTNAME}

 MAMBO_SRC= MamboV4.5.2-Stable.tar.gz
-MAMBO_PATCH= Patch_4.5.2_to_4.5.2.1.zip
+MAMBO_PATCH1=  Patch_4.5.2_to_4.5.2.1.zip
+MAMBO_PATCH2=  Patch_4.5.2_to_4.5.2.2.zip

 do-extract:
    @${MKDIR} ${WRKSRC}
    @${TAR} -zxf ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_SRC} -C ${WRKSRC}
-   @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH} -d ${WRKSRC}
+   @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH1} -d ${WRKSRC}
+   @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH2} -d ${WRKSRC}
    @${RM} -rf ${WRKSRC}/templates/rhuk_solarflare # remove empty

 do-install:

PS: I already received an e-mail from pointyhat (Kris Kennaway)alerting me to insert more redundant mirros, sorry but for now i only have time to submite this important update.

Thank in advance
Francisco aka include
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list