ports/102746: [UPDATE]: www/joomla 1.0.10 to 1.0.11 (security update)
Francisco Alves Cabrita
include at npf.deec.uc.pt
Fri Sep 1 10:50:15 UTC 2006
>Number: 102746
>Category: ports
>Synopsis: [UPDATE]: www/joomla 1.0.10 to 1.0.11 (security update)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 01 10:50:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Francisco Alves Cabrita
>Release: FreeBSD 6.1-RELEASE-p3
>Organization:
Núcleo Português de FreeBSD
>Environment:
FreeBSD fac.e10.pt 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Wed Aug 9 14:04:16 WEST 2006 root at fac.e10.pt:/usr/obj/usr/src/sys/SIXONE i386
>Description:
Security Update of www/joomla from 1.0.10 to 1.0.11
04 HIGH Level Threats fixed
A1 Unvalidated Input
A6 Injection Flaws
04 MEDIUM Level Threats fixed
A1 Unvalidated Input
A2 Broken Access Control
18 LOW Level Threats fixed
A1 Unvalidated Input
A2 Broken Access Control
A4 Cross Site Scripting
A6 Injection Flaws
Best Regards
Francisco
>How-To-Repeat:
>Fix:
diff -ruN joomla.orig/Makefile joomla/Makefile
--- joomla.orig/Makefile Fri Sep 1 11:41:12 2006
+++ joomla/Makefile Fri Sep 1 11:41:35 2006
@@ -5,15 +5,15 @@
# $FreeBSD: ports/www/joomla/Makefile,v 1.9 2006/08/30 12:37:21 remko Exp $
PORTNAME= joomla
-PORTVERSION= 1.0.10
+PORTVERSION= 1.0.11
CATEGORIES= www
-MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_10/frs5789?dl=1/:source1
+MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_11/frs6656?dl=1/:source1
DISTFILES= ${JOOMLA_SRC}:source1
MAINTAINER= include at npf.pt.freebsd.org
COMMENT= A dynamic web content management system (CMS)
-FORBIDDEN= remote code execution: http://vuxml.FreeBSD.org/0ab423e7-3822-11db-81e1-000e0c2e438a.html
+#FORBIDDEN= remote code execution: http://vuxml.FreeBSD.org/0ab423e7-3822-11db-81e1-000e0c2e438a.html
NO_BUILD= yes
USE_MYSQL= yes
diff -ruN joomla.orig/distinfo joomla/distinfo
--- joomla.orig/distinfo Fri Sep 1 10:42:11 2006
+++ joomla/distinfo Fri Sep 1 11:36:20 2006
@@ -1,3 +1,3 @@
-MD5 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 4c608dc14fe8952bd35803e5cc8f56cc
-SHA256 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 99c265c9bc7d163e3f6bdcb92d3f48dcc51c6b5bb84aedd4d350c5cdbc37e9e2
-SIZE (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 1707685
+MD5 (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = b5f7a7c74b2951ed999c494881522be2
+SHA256 (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = bdcded24dc5a4605c083f2011ec67d047c1a06b2719f44562995671550b46d5a
+SIZE (joomla/Joomla_1.0.11-Stable-Full_Package.tar.bz2) = 1719645
diff -ruN joomla.orig/pkg-plist joomla/pkg-plist
--- joomla.orig/pkg-plist Fri Sep 1 10:42:11 2006
+++ joomla/pkg-plist Fri Sep 1 11:39:52 2006
@@ -432,6 +432,7 @@
www/joomla/administrator/images/upload_f2.png
www/joomla/administrator/images/user.png
www/joomla/administrator/images/users.png
+www/joomla/administrator/images/version_check.png
www/joomla/administrator/images/week.png
www/joomla/administrator/images/week_f2.png
www/joomla/administrator/images/xml.png
@@ -470,6 +471,7 @@
www/joomla/administrator/modules/mod_popular.php
www/joomla/administrator/modules/mod_popular.xml
www/joomla/administrator/modules/mod_quickicon.php
+www/joomla/administrator/modules/mod_quickicon.xml
www/joomla/administrator/modules/mod_stats.php
www/joomla/administrator/modules/mod_stats.xml
www/joomla/administrator/modules/mod_toolbar.php
@@ -808,6 +810,8 @@
www/joomla/includes/js/ThemeOffice/home.png
www/joomla/includes/js/ThemeOffice/index.html
www/joomla/includes/js/ThemeOffice/install.png
+www/joomla/includes/js/ThemeOffice/joomla_16x16.png
+www/joomla/includes/js/ThemeOffice/Joomla_16x16.png
www/joomla/includes/js/ThemeOffice/language.png
www/joomla/includes/js/ThemeOffice/license.png
www/joomla/includes/js/ThemeOffice/mail.png
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list