ports/189248: [security fix] mail/postfixadmin update to 2.3.7
Lukasz Wasikowski
lukasz at wasikowski.net
Fri May 2 15:40:01 UTC 2014
>Number: 189248
>Category: ports
>Synopsis: [security fix] mail/postfixadmin update to 2.3.7
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri May 02 15:40:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Lukasz Wasikowski
>Release: 9.2-RELEASE-p3
>Organization:
>Environment:
FreeBSD jinx.wasikowski.net 9.2-RELEASE-p3 FreeBSD 9.2-RELEASE-p3 #6 r263415: Thu Mar 20 06:06:15 CET 2014 root at jinx.wasikowski.net:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
This is update mail/postfixadmin to 2.3.7 version. ChangeLog:
Version 2.3.7 - 2014/02/20 - SVN r1651 (postfixadmin-2.3 branch)
----------------------------------------------------------------
- SECURITY: fix SQL injection in show_gen_status()
- lt.lang, da.lang translation update
- when enabling/disabling a mailbox, also update the corresponding alias
- fix creating superadmin in setup.php with MariaDB (more strict SQL)
- don't trim() mail address to avoid that aliases starting with a space are
allowed. This fixes http://sourceforge.net/p/postfixadmin/bugs/210/ and
https://sourceforge.net/p/postfixadmin/feature-requests/113/
- update regex in check_domain() to support new, longer TLDs like .international
- mark vacation_notification.notified field as latin1 to avoid overlong index
- vacation.pl: encode subject
- vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22
(you can re-enable it with $smtp_tls_allowed)
It also adds staging support.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN postfixadmin.old/Makefile postfixadmin/Makefile
--- postfixadmin.old/Makefile 2014-02-21 14:37:56.000000000 +0100
+++ postfixadmin/Makefile 2014-05-02 16:26:27.109433440 +0200
@@ -2,7 +2,7 @@
# $FreeBSD: head/mail/postfixadmin/Makefile 345418 2014-02-21 13:37:56Z ehaupt $
PORTNAME= postfixadmin
-PORTVERSION= 2.3.6
+PORTVERSION= 2.3.7
CATEGORIES= mail www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
@@ -17,6 +17,7 @@
NO_BUILD= yes
SUB_FILES+= pkg-message
+SUB_LIST= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
OPTIONS_SINGLE= DB
OPTIONS_SINGLE_DB= MYSQL MYSQLI PGSQL
@@ -24,8 +25,6 @@
OPTIONS_DEFAULT= MYSQL
-NO_STAGE= yes
-
OPTIONS_DEFINE= DOCS
.include <bsd.port.options.mk>
@@ -44,6 +43,8 @@
USE_PHP+= pgsql
.endif
+WANT_PHP_WEB= yes
+
post-patch:
@${FIND} ${WRKSRC} -name '*.orig' -delete
@@ -51,46 +52,38 @@
@${RM} -rf ${WRKSRC}/ADDITIONS/squirrelmail-plugin
do-install:
- @${MKDIR} ${PREFIX}/www/postfixadmin/VIRTUAL_VACATION
- @${MKDIR} ${PREFIX}/www/postfixadmin/ADDITIONS
- @${MKDIR} ${PREFIX}/www/postfixadmin/ADDITIONS/cyrus
- @${MKDIR} ${PREFIX}/www/postfixadmin/css
- @${MKDIR} ${PREFIX}/www/postfixadmin/admin
- @${MKDIR} ${PREFIX}/www/postfixadmin/images
- @${MKDIR} ${PREFIX}/www/postfixadmin/languages
- @${MKDIR} ${PREFIX}/www/postfixadmin/model
- @${MKDIR} ${PREFIX}/www/postfixadmin/templates
- @${MKDIR} ${PREFIX}/www/postfixadmin/users
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/VIRTUAL_VACATION
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/ADDITIONS
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/ADDITIONS/cyrus
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/css
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/admin
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/images
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/languages
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/model
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/templates
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/users
(cd ${WRKSRC}/ && \
- ${COPYTREE_SHARE} \*.php ${PREFIX}/www/postfixadmin "! -name config.inc.php")
- @${CP} ${WRKSRC}/config.inc.php ${PREFIX}/www/postfixadmin/config.inc.php.sample
- @${CP} -n ${WRKSRC}/config.inc.php ${PREFIX}/www/postfixadmin/config.inc.php || ${TRUE}
- @${INSTALL_DATA} ${WRKSRC}/*.txt ${PREFIX}/www/postfixadmin
- @${INSTALL_DATA} ${WRKSRC}/*.TXT ${PREFIX}/www/postfixadmin
- @${INSTALL_DATA} ${WRKSRC}/css/* ${PREFIX}/www/postfixadmin/css
- @${INSTALL_DATA} ${WRKSRC}/admin/* ${PREFIX}/www/postfixadmin/admin
- @${INSTALL_DATA} ${WRKSRC}/images/* ${PREFIX}/www/postfixadmin/images
- @${INSTALL_DATA} ${WRKSRC}/languages/* ${PREFIX}/www/postfixadmin/languages
- @${INSTALL_DATA} ${WRKSRC}/model/* ${PREFIX}/www/postfixadmin/model
- @${INSTALL_DATA} ${WRKSRC}/templates/* ${PREFIX}/www/postfixadmin/templates
- @${INSTALL_DATA} ${WRKSRC}/users/* ${PREFIX}/www/postfixadmin/users
- @${CP} -R ${WRKSRC}/VIRTUAL_VACATION/* ${PREFIX}/www/postfixadmin/VIRTUAL_VACATION
+ ${COPYTREE_SHARE} \*.php ${STAGEDIR}${WWWDIR} "! -name config.inc.php")
+ @${CP} ${WRKSRC}/config.inc.php ${STAGEDIR}${WWWDIR}/config.inc.php.sample
+ @${INSTALL_DATA} ${WRKSRC}/*.txt ${STAGEDIR}${WWWDIR}
+ @${INSTALL_DATA} ${WRKSRC}/*.TXT ${STAGEDIR}${WWWDIR}
+ @${INSTALL_DATA} ${WRKSRC}/css/* ${STAGEDIR}${WWWDIR}/css
+ @${INSTALL_DATA} ${WRKSRC}/admin/* ${STAGEDIR}${WWWDIR}/admin
+ @${INSTALL_DATA} ${WRKSRC}/images/* ${STAGEDIR}${WWWDIR}/images
+ @${INSTALL_DATA} ${WRKSRC}/languages/* ${STAGEDIR}${WWWDIR}/languages
+ @${INSTALL_DATA} ${WRKSRC}/model/* ${STAGEDIR}${WWWDIR}/model
+ @${INSTALL_DATA} ${WRKSRC}/templates/* ${STAGEDIR}${WWWDIR}/templates
+ @${INSTALL_DATA} ${WRKSRC}/users/* ${STAGEDIR}${WWWDIR}/users
+ @${CP} -R ${WRKSRC}/VIRTUAL_VACATION/* ${STAGEDIR}${WWWDIR}/VIRTUAL_VACATION
(cd ${WRKSRC}/ADDITIONS/ && \
- ${COPYTREE_SHARE} \* ${PREFIX}/www/postfixadmin/ADDITIONS/ "! -name squirrelmail-plugin")
+ ${COPYTREE_SHARE} \* ${STAGEDIR}${WWWDIR}/ADDITIONS/ "! -name squirrelmail-plugin")
+ @${CHMOD} 640 ${STAGEDIR}${WWWDIR}/*.php ${STAGEDIR}${WWWDIR}/css/*.css
+ @${CHMOD} 640 ${STAGEDIR}${WWWDIR}/admin/*.php
+ @${CHMOD} 640 ${STAGEDIR}${WWWDIR}/users/*.php
.if ${PORT_OPTIONS:MDOCS}
${MKDIR} ${DOCSDIR}
(cd ${WRKSRC}/DOCUMENTS && ${COPYTREE_SHARE} \* ${DOCSDIR})
.endif
-post-install:
- @if [ ! -f ${PREFIX}/www/postfixadmin/config.inc.php ]; then \
- ${CP} -p ${PREFIX}/www/postfixadmin/config.inc.php.sample ${PREFIX}/www/postfixadmin/config.inc.php ; \
- fi
- @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/www/postfixadmin
- @${CHMOD} 640 ${PREFIX}/www/postfixadmin/*.php ${PREFIX}/www/postfixadmin/css/*.css
- @${CHMOD} 640 ${PREFIX}/www/postfixadmin/admin/*.php
- @${CHMOD} 640 ${PREFIX}/www/postfixadmin/users/*.php
- @${CAT} ${PKGMESSAGE}
-
.include <bsd.port.mk>
diff -ruN postfixadmin.old/distinfo postfixadmin/distinfo
--- postfixadmin.old/distinfo 2013-02-23 22:04:09.000000000 +0100
+++ postfixadmin/distinfo 2014-05-02 00:25:39.925147192 +0200
@@ -1,2 +1,2 @@
-SHA256 (postfixadmin-2.3.6.tar.gz) = ea505281b6c04bda887eb4e6aa6c023b354c4ef4864aa60dcb1425942bf2af63
-SIZE (postfixadmin-2.3.6.tar.gz) = 1597001
+SHA256 (postfixadmin-2.3.7.tar.gz) = 761074e711ab618deda425dc013133b9d5968e0859bb883f10164061fd87006e
+SIZE (postfixadmin-2.3.7.tar.gz) = 1600662
diff -ruN postfixadmin.old/files/pkg-message.in postfixadmin/files/pkg-message.in
--- postfixadmin.old/files/pkg-message.in 2014-01-22 16:52:06.000000000 +0100
+++ postfixadmin/files/pkg-message.in 2014-05-02 00:28:27.908074681 +0200
@@ -9,7 +9,7 @@
----------
- You are using Postfix 2.0 or higher.
- You are using Apache 1.3.27 / Lighttpd 1.3.15 or higher.
-- You are using PHP 4.1 or higher (5.X recommended)
+- You are using PHP 5.1.2 or higher.
- You are using MySQL 3.23 or higher (5.x recommended) OR PostgreSQL 7.4 (or higher)
INSTALL / UPGRADE
diff -ruN postfixadmin.old/pkg-descr postfixadmin/pkg-descr
--- postfixadmin.old/pkg-descr 2014-01-22 16:44:51.000000000 +0100
+++ postfixadmin/pkg-descr 2014-05-02 17:18:40.666426166 +0200
@@ -13,4 +13,4 @@
- Backup MX;
- Packaged with over 25 languages.
-WWW: http://www.postfixadmin.org
+WWW: http://www.postfixadmin.org
diff -ruN postfixadmin.old/pkg-plist postfixadmin/pkg-plist
--- postfixadmin.old/pkg-plist 2014-01-22 16:16:56.000000000 +0100
+++ postfixadmin/pkg-plist 2014-05-02 16:09:26.586191968 +0200
@@ -162,30 +162,7 @@
www/postfixadmin/xmlrpc.php
@unexec if cmp -s %D/www/postfixadmin/config.inc.php.sample %D/www/postfixadmin/config.inc.php; then rm -f %D/www/postfixadmin/config.inc.php; fi
www/postfixadmin/config.inc.php.sample
- at exec if [ ! -f %D/www/postfixadmin/config.inc.php ] ; then cp -p %D/%F %B/config.inc.php; fi
-%%PORTDOCS%%%%DOCSDIR%%/BACKUP_MX.txt
-%%PORTDOCS%%%%DOCSDIR%%/DOVECOT.txt
-%%PORTDOCS%%%%DOCSDIR%%/FAQ.txt
-%%PORTDOCS%%%%DOCSDIR%%/HORDE.txt
-%%PORTDOCS%%%%DOCSDIR%%/LANGUAGE.txt
-%%PORTDOCS%%%%DOCSDIR%%/POSTFIXADMIN.txt
-%%PORTDOCS%%%%DOCSDIR%%/POSTFIX_CONF.txt
-%%PORTDOCS%%%%DOCSDIR%%/SECURITY.txt
-%%PORTDOCS%%%%DOCSDIR%%/SUPERADMIN.txt
-%%PORTDOCS%%%%DOCSDIR%%/UPGRADE.txt
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/README.txt
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-create-alias.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-create-domain.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-create-mailbox.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-domain-list.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-virtual-list.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-inital-welcome.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-mail-admin-login.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-user-change-forward.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-user-overview.jpg
-%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-user-vacation.jpg
-%%PORTDOCS%%@dirrm %%DOCSDIR%%/screenshots
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
+ at exec [ -f %B/config.inc.php ] || cp %B/%f %B/config.inc.php
@dirrm www/postfixadmin/ADDITIONS/cyrus
@dirrm www/postfixadmin/ADDITIONS
@dirrm www/postfixadmin/VIRTUAL_VACATION/tests
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list