ports/93131: [SECURITY UPDATE]: deskutils/phpicalendar
Wesley Shields
wxs at csh.rit.edu
Fri Feb 10 15:40:08 UTC 2006
>Number: 93131
>Category: ports
>Synopsis: [SECURITY UPDATE]: deskutils/phpicalendar
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 10 15:40:04 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Wesley Shields
>Release: FreeBSD 6.0-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD syn 6.0-RELEASE-p2 FreeBSD 6.0-RELEASE-p2 #1: Wed Jan 11 11:57:33 EST 2006 root at syn:/usr/obj/usr/src/sys/GENERIC i386
>Description:
deskutils/phpicalendar is vulnerable to file inclusion[1]. The author
has released an updated version to fix this. The attached patch updates
the port. It also adds a dependency on PHP and makes pkg-message a bit
better.
>How-To-Repeat:
N/A
>Fix:
diff -ruN deskutils/phpicalendar.orig/Makefile deskutils/phpicalendar/Makefile
--- deskutils/phpicalendar.orig/Makefile Mon Jan 30 10:34:51 2006
+++ deskutils/phpicalendar/Makefile Fri Feb 10 10:30:58 2006
@@ -6,7 +6,7 @@
#
PORTNAME= phpicalendar
-PORTVERSION= 2.1
+PORTVERSION= 2.21
CATEGORIES= deskutils www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -19,23 +19,25 @@
PHPICALENDAR= www/phpicalendar
WWWDIR= ${PREFIX}/${PHPICALENDAR}
PLIST_SUB+= PHPICALENDAR=${PHPICALENDAR}
+USE_PHP= yes
+NO_WORKSUBDIR= yes
do-install:
.if !exists(${WWWDIR})
${MKDIR} ${WWWDIR}
.endif
.for dir in admin calendars functions images includes languages rss templates
- @${CP} -R ${WRKSRC}/${dir} ${WWWDIR}
+ @${CP} -R ${WRKDIR}/${dir} ${WWWDIR}
@${CHOWN} -R ${WWWOWN}:${WWWGRP} ${WWWDIR}/${dir}
.endfor
.for f in index.php TIMEZONES error.php day.php preferences.php print.php search.php week.php month.php year.php README COPYING AUTHORS
- @${CP} ${WRKSRC}/${f} ${WWWDIR}
+ @${CP} ${WRKDIR}/${f} ${WWWDIR}
@${CHOWN} ${WWWOWN}:${WWWGRP} ${WWWDIR}/${f}
.endfor
- @${CP} ${WRKSRC}/config.inc.php ${WWWDIR}/config.inc.php-default
+ @${CP} ${WRKDIR}/config.inc.php ${WWWDIR}/config.inc.php-default
@${CHOWN} ${WWWOWN}:${WWWGRP} ${WWWDIR}/config.inc.php-default
post-install:
- ${CAT} ${PKGMESSAGE}
+ @${SED} "s|%%WWWDIR%%|${WWWDIR}|g" ${PKGMESSAGE}
.include <bsd.port.mk>
diff -ruN deskutils/phpicalendar.orig/distinfo deskutils/phpicalendar/distinfo
--- deskutils/phpicalendar.orig/distinfo Mon Jan 30 10:34:51 2006
+++ deskutils/phpicalendar/distinfo Fri Feb 10 10:22:33 2006
@@ -1,3 +1,3 @@
-MD5 (phpicalendar-2.1.tgz) = c0b3fb13136f53ce60a53b3781a2d895
-SHA256 (phpicalendar-2.1.tgz) = 3ca96aac0491f26f607f15cd869836adddfc22e1e4e9b388a1ff2bbba7371167
-SIZE (phpicalendar-2.1.tgz) = 146748
+MD5 (phpicalendar-2.21.tgz) = 297e3a869f53bc0aa62653ed4d3b495d
+SHA256 (phpicalendar-2.21.tgz) = 45e8bc8417762eb7779877a7abc4f7afe9e12a9f51b304f9c02dfdfaecd9add5
+SIZE (phpicalendar-2.21.tgz) = 149004
diff -ruN deskutils/phpicalendar.orig/pkg-message deskutils/phpicalendar/pkg-message
--- deskutils/phpicalendar.orig/pkg-message Sat Apr 3 01:24:04 2004
+++ deskutils/phpicalendar/pkg-message Fri Feb 10 10:31:17 2006
@@ -1,4 +1,4 @@
PHPiCalendar post-install instructions
--------------------------------------
-Go to %%PREFIX%%/www/phpicalendar and copy
+Go to %%WWWDIR%%/www/phpicalendar and copy
config.inc.php-default to config.inc.php.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list