ports/93131: [SECURITY UPDATE]: deskutils/phpicalendar

Fri Feb 10 15:40:08 UTC 2006

>Number:         93131
>Category:       ports
>Synopsis:       [SECURITY UPDATE]: deskutils/phpicalendar
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 10 15:40:04 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Wesley Shields
>Release:        FreeBSD 6.0-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD syn 6.0-RELEASE-p2 FreeBSD 6.0-RELEASE-p2 #1: Wed Jan 11 11:57:33 EST 2006 root at syn:/usr/obj/usr/src/sys/GENERIC i386

>Description:
deskutils/phpicalendar is vulnerable to file inclusion[1].  The author
has released an updated version to fix this.  The attached patch updates
the port.  It also adds a dependency on PHP and makes pkg-message a bit
better.

>How-To-Repeat:
N/A

>Fix:

diff -ruN deskutils/phpicalendar.orig/Makefile deskutils/phpicalendar/Makefile

--- deskutils/phpicalendar.orig/Makefile	Mon Jan 30 10:34:51 2006
+++ deskutils/phpicalendar/Makefile	Fri Feb 10 10:30:58 2006
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpicalendar
-PORTVERSION=	2.1
+PORTVERSION=	2.21
 CATEGORIES=	deskutils www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -19,23 +19,25 @@
 PHPICALENDAR=	www/phpicalendar
 WWWDIR=		${PREFIX}/${PHPICALENDAR}
 PLIST_SUB+=	PHPICALENDAR=${PHPICALENDAR}
+USE_PHP=	yes
+NO_WORKSUBDIR=	yes
 
 do-install:
 .if !exists(${WWWDIR})
 	${MKDIR} ${WWWDIR}
 .endif
 .for dir in admin calendars functions images includes languages rss templates
-	@${CP} -R ${WRKSRC}/${dir} ${WWWDIR}
+	@${CP} -R ${WRKDIR}/${dir} ${WWWDIR}
 	@${CHOWN} -R ${WWWOWN}:${WWWGRP} ${WWWDIR}/${dir}
 .endfor
 .for f in index.php TIMEZONES error.php day.php preferences.php print.php search.php week.php month.php year.php README COPYING AUTHORS
-	@${CP} ${WRKSRC}/${f} ${WWWDIR}
+	@${CP} ${WRKDIR}/${f} ${WWWDIR}
 	@${CHOWN} ${WWWOWN}:${WWWGRP} ${WWWDIR}/${f}
 .endfor
-	@${CP} ${WRKSRC}/config.inc.php ${WWWDIR}/config.inc.php-default
+	@${CP} ${WRKDIR}/config.inc.php ${WWWDIR}/config.inc.php-default
 	@${CHOWN} ${WWWOWN}:${WWWGRP} ${WWWDIR}/config.inc.php-default
 
 post-install:
-	${CAT} ${PKGMESSAGE}
+	@${SED} "s|%%WWWDIR%%|${WWWDIR}|g" ${PKGMESSAGE}
 
 .include <bsd.port.mk>
diff -ruN deskutils/phpicalendar.orig/distinfo deskutils/phpicalendar/distinfo
--- deskutils/phpicalendar.orig/distinfo	Mon Jan 30 10:34:51 2006
+++ deskutils/phpicalendar/distinfo	Fri Feb 10 10:22:33 2006
@@ -1,3 +1,3 @@
-MD5 (phpicalendar-2.1.tgz) = c0b3fb13136f53ce60a53b3781a2d895
-SHA256 (phpicalendar-2.1.tgz) = 3ca96aac0491f26f607f15cd869836adddfc22e1e4e9b388a1ff2bbba7371167
-SIZE (phpicalendar-2.1.tgz) = 146748
+MD5 (phpicalendar-2.21.tgz) = 297e3a869f53bc0aa62653ed4d3b495d
+SHA256 (phpicalendar-2.21.tgz) = 45e8bc8417762eb7779877a7abc4f7afe9e12a9f51b304f9c02dfdfaecd9add5
+SIZE (phpicalendar-2.21.tgz) = 149004
diff -ruN deskutils/phpicalendar.orig/pkg-message deskutils/phpicalendar/pkg-message
--- deskutils/phpicalendar.orig/pkg-message	Sat Apr  3 01:24:04 2004
+++ deskutils/phpicalendar/pkg-message	Fri Feb 10 10:31:17 2006
@@ -1,4 +1,4 @@
 PHPiCalendar post-install instructions
 --------------------------------------
-Go to %%PREFIX%%/www/phpicalendar and copy
+Go to %%WWWDIR%%/www/phpicalendar and copy
 config.inc.php-default to config.inc.php.
>Release-Note:
>Audit-Trail:
>Unformatted:

