svn commit: r302596 - in head: security/vuxml www/typo3 www/typo345 www/typo346
Bryan Drewery
bdrewery at FreeBSD.org
Wed Aug 15 19:45:51 UTC 2012
Author: bdrewery
Date: Wed Aug 15 19:45:50 2012
New Revision: 302596
URL: http://svn.freebsd.org/changeset/ports/302596
Log:
- Update www/typo3 to 4.7.4 [1]
- Convert to new options framework [1]
- Update www/typo345 to 4.5.19 [2]
- Update www/typo346 to 4.6.12 [3]
- Changes: https://typo3.org/news/article/typo3-4519-4612-and-474-released/
- Document security vulnerabilities [4]
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
PR: ports/170650 [1]
PR: ports/170647 [2]
PR: ports/170649 [3]
Submitted by: Helmut Schneider <jumper99 at gmx.de> (maintainer)
Security: 48bcb4b2-e708-11e1-a59d-000d601460a4 [4]
Approved by: eadler (mentor)
Modified:
head/security/vuxml/vuln.xml
head/www/typo3/Makefile
head/www/typo3/distinfo
head/www/typo3/pkg-descr
head/www/typo3/pkg-plist
head/www/typo345/Makefile
head/www/typo345/distinfo
head/www/typo345/pkg-plist
head/www/typo346/Makefile
head/www/typo346/distinfo
head/www/typo346/pkg-plist
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Aug 15 19:44:22 2012 (r302595)
+++ head/security/vuxml/vuln.xml Wed Aug 15 19:45:50 2012 (r302596)
@@ -52,6 +52,56 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="48bcb4b2-e708-11e1-a59d-000d601460a4">
+ <topic>typo3 -- Multiple vulernabilities in TYPO3 Core</topic>
+ <affects>
+ <package>
+ <name>typo3</name>
+ <range><ge>4.5.0</ge><lt>4.5.19</lt></range>
+ <range><ge>4.6.0</ge><lt>4.6.12</lt></range>
+ <range><ge>4.7.0</ge><lt>4.7.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Typo Security Team reports:</p>
+ <blockquote cite="https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/">
+ <p>It has been discovered that TYPO3 Core is vulnerable to Cross-Site
+ Scripting, Information Disclosure, Insecure Unserialize leading to
+ Arbitrary Code Execution.</p>
+ <p>TYPO3 Backend Help System - Due to a missing signature (HMAC) for a
+ parameter in the view_help.php file, an attacker could unserialize
+ arbitrary objects within TYPO3. We are aware of a working exploit,
+ which can lead to arbitrary code execution. A valid backend user
+ login or multiple successful cross site request forgery attacks are
+ required to exploit this vulnerability.</p>
+ <p>TYPO3 Backend - Failing to properly HTML-encode user input in
+ several places, the TYPO3 backend is susceptible to Cross-Site
+ Scripting. A valid backend user is required to exploit these
+ vulnerabilities.</p>
+ <p>TYPO3 Backend - Accessing the configuration module discloses the
+ Encryption Key. A valid backend user with access to the
+ configuration module is required to exploit this vulnerability.</p>
+ <p>TYPO3 HTML Sanitizing API - By not removing several HTML5
+ JavaScript events, the API method t3lib_div::RemoveXSS() fails to
+ filter specially crafted HTML injections, thus is susceptible to
+ Cross-Site Scripting. Failing to properly encode for JavaScript the
+ API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site
+ Scripting.</p>
+ <p>TYPO3 Install Tool - Failing to properly sanitize user input, the
+ Install Tool is susceptible to Cross-Site Scripting.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/</url>
+ </references>
+ <dates>
+ <discovery>2012-08-15</discovery>
+ <entry>2012-08-15</entry>
+ </dates>
+ </vuln>
+
<vuln vid="83f9e943-e664-11e1-a66d-080027ef73ec">
<topic>fetchmail -- two vulnerabilities in NTLM authentication</topic>
<affects>
Modified: head/www/typo3/Makefile
==============================================================================
--- head/www/typo3/Makefile Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo3/Makefile Wed Aug 15 19:45:50 2012 (r302596)
@@ -6,7 +6,7 @@
#
PORTNAME= typo3
-PORTVERSION= 4.7.2
+PORTVERSION= 4.7.4
CATEGORIES= www
MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION}
@@ -31,31 +31,30 @@ PLIST_SUB+= PORTVERSION="${PORTVERSION}"
DISTFILES+= ${TYPO3SRC}${EXTRACT_SUFX} ${TYPO3DUMMY}${EXTRACT_SUFX}
-OPTIONS= CURL "Configure with cURL support" off \
- GD "Configure with GDlib/freetype support" off \
- IMAGICK "Configure with ImageMagick support" off \
- MBSTRING "Configure with mbstring support" off \
- ZLIB "Configure with zlib support" off
+OPTIONS_DEFINE= CURL GD IMAGICK MBSTRING ZLIB
+IMAGICK_DESC= ${IMAGEMAGICK_DESC}
+MBSTRING_DESC= ${MULTIBYTE_DESC}
+GD_DESC= GDlib/freetype support
.include <bsd.port.pre.mk>
-.if defined(WITH_CURL)
+.if ${PORT_OPTIONS:MCURL}
USE_PHP+= curl
.endif
-.if defined(WITH_GD)
+.if ${PORT_OPTIONS:MGD}
USE_PHP+= gd
.endif
-.if defined(WITH_IMAGICK)
+.if ${PORT_OPTIONS:MIMAGICK}
RUN_DEPENDS+= ${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick
.endif
-.if defined(WITH_MBSTRING)
+.if ${PORT_OPTIONS:MMBSTRING}
USE_PHP+= mbstring
.endif
-.if defined(WITH_ZLIB)
+.if ${PORT_OPTIONS:MZLIB}
USE_PHP+= zlib
.endif
Modified: head/www/typo3/distinfo
==============================================================================
--- head/www/typo3/distinfo Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo3/distinfo Wed Aug 15 19:45:50 2012 (r302596)
@@ -1,4 +1,4 @@
-SHA256 (typo3_src-4.7.2.tar.gz) = 43a3390b2580f7c74819377441b669d3d2d0a62c686036224e073b7b1db90ee9
-SIZE (typo3_src-4.7.2.tar.gz) = 22374815
-SHA256 (dummy-4.7.2.tar.gz) = 693a2c30325aa1697f5f3bb905caf755fcf6db4718008635af1461ccea56761c
-SIZE (dummy-4.7.2.tar.gz) = 10148
+SHA256 (typo3_src-4.7.4.tar.gz) = f770f8ae7cbb1b2a70547d9dcc53b6e2372467940884b3e0701b1c221682193d
+SIZE (typo3_src-4.7.4.tar.gz) = 22375813
+SHA256 (dummy-4.7.4.tar.gz) = 21e17c67783a9e91ad39a011604fd61ceb946627e835943d32609f4a4393ba4b
+SIZE (dummy-4.7.4.tar.gz) = 10139
Modified: head/www/typo3/pkg-descr
==============================================================================
--- head/www/typo3/pkg-descr Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo3/pkg-descr Wed Aug 15 19:45:50 2012 (r302596)
@@ -3,7 +3,7 @@ on the web and in intranets. It offers f
featuring an accomplished set of ready-made interfaces, functions and modules.
This version is the current stable release. It is recommended for existing
-projects and will get full support (bugfixes and security fixes) until April 2013,
-but will get security fixes until October 2013.
+projects and will get full support (bugfixes and security fixes) until April
+2013, but will get security fixes until October 2013.
WWW: http://typo3.org/
Modified: head/www/typo3/pkg-plist
==============================================================================
--- head/www/typo3/pkg-plist Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo3/pkg-plist Wed Aug 15 19:45:50 2012 (r302596)
@@ -20,7 +20,6 @@
%%WWWDIR%%/uploads/media/index.html
%%WWWDIR%%/uploads/pics/index.html
%%WWWDIR%%/uploads/tf/index.html
-%%WWWDIR%%_src-%%PORTVERSION%%/.travis.yml
%%WWWDIR%%_src-%%PORTVERSION%%/ChangeLog
%%WWWDIR%%_src-%%PORTVERSION%%/GPL.txt
%%WWWDIR%%_src-%%PORTVERSION%%/INSTALL.txt
@@ -136,6 +135,7 @@
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php
+%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/AbstractRecordCollection.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/RecordCollectionRepository.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/StaticRecordCollection.php
@@ -9251,6 +9251,7 @@
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/interfaces
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection
+ at dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception
Modified: head/www/typo345/Makefile
==============================================================================
--- head/www/typo345/Makefile Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo345/Makefile Wed Aug 15 19:45:50 2012 (r302596)
@@ -6,7 +6,7 @@
#
PORTNAME= typo3
-PORTVERSION= 4.5.18
+PORTVERSION= 4.5.19
CATEGORIES= www
MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION}
Modified: head/www/typo345/distinfo
==============================================================================
--- head/www/typo345/distinfo Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo345/distinfo Wed Aug 15 19:45:50 2012 (r302596)
@@ -1,4 +1,4 @@
-SHA256 (typo3_src-4.5.18.tar.gz) = 68da30e14124c697c070046b14886ec64ecd38b8b17895a122e1a5f45e516fa2
-SIZE (typo3_src-4.5.18.tar.gz) = 20559614
-SHA256 (dummy-4.5.18.tar.gz) = 9a88878e802ff1b743152cc0f79ed038e769c2436784266725e02d848a07f18d
-SIZE (dummy-4.5.18.tar.gz) = 9858
+SHA256 (typo3_src-4.5.19.tar.gz) = 9a70d9e8980acdd5745c7b141d92ff9f680e360905befd484b51e07d13e3a0ba
+SIZE (typo3_src-4.5.19.tar.gz) = 20560147
+SHA256 (dummy-4.5.19.tar.gz) = 9ed92532a2827e0d3503683e076b3cef90fe89ff1010a4a0b70a9a172c54bafb
+SIZE (dummy-4.5.19.tar.gz) = 9858
Modified: head/www/typo345/pkg-plist
==============================================================================
--- head/www/typo345/pkg-plist Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo345/pkg-plist Wed Aug 15 19:45:50 2012 (r302596)
@@ -136,6 +136,7 @@
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php
+%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/config_default.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractcontextmenu.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractdataprovider.php
@@ -8300,6 +8301,7 @@
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/pagetree
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/extdirect
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu
+ at dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception
Modified: head/www/typo346/Makefile
==============================================================================
--- head/www/typo346/Makefile Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo346/Makefile Wed Aug 15 19:45:50 2012 (r302596)
@@ -6,7 +6,7 @@
#
PORTNAME= typo3
-PORTVERSION= 4.6.11
+PORTVERSION= 4.6.12
CATEGORIES= www
MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION}
Modified: head/www/typo346/distinfo
==============================================================================
--- head/www/typo346/distinfo Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo346/distinfo Wed Aug 15 19:45:50 2012 (r302596)
@@ -1,4 +1,4 @@
-SHA256 (typo3_src-4.6.11.tar.gz) = 62acbc0876c2cbf452c435a5a09e11b60b3ea8d724a455f92d2caea07bb2ff89
-SIZE (typo3_src-4.6.11.tar.gz) = 21289682
-SHA256 (dummy-4.6.11.tar.gz) = 87e711ba875c3f9c90d730ff6a5c14b5c05bf2da06de46b0fe98090d04e9bdc2
-SIZE (dummy-4.6.11.tar.gz) = 10138
+SHA256 (typo3_src-4.6.12.tar.gz) = 99ba9550ed74b1c9185fda8bcaf17da3a7b433fd62608afcb24c21a7f25df8b8
+SIZE (typo3_src-4.6.12.tar.gz) = 21288826
+SHA256 (dummy-4.6.12.tar.gz) = cfa9a8a1b4fad18d27fc0a88b0e2e165b2d4d4cf5eada2343819f9621a77f508
+SIZE (dummy-4.6.12.tar.gz) = 10143
Modified: head/www/typo346/pkg-plist
==============================================================================
--- head/www/typo346/pkg-plist Wed Aug 15 19:44:22 2012 (r302595)
+++ head/www/typo346/pkg-plist Wed Aug 15 19:45:50 2012 (r302596)
@@ -136,6 +136,7 @@
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php
+%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/config_default.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractcontextmenu.php
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractdataprovider.php
@@ -8994,6 +8995,7 @@
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/pagetree
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/extdirect
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu
+ at dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception
More information about the svn-ports-head
mailing list