svn commit: r347952 - head/www/owncloud
Kevin Lo
kevlo at FreeBSD.org
Wed Mar 12 02:04:04 UTC 2014
Author: kevlo
Date: Wed Mar 12 02:04:03 2014
New Revision: 347952
URL: http://svnweb.freebsd.org/changeset/ports/347952
QAT: https://qat.redports.org/buildarchive/r347952/
Log:
Work around a very obscure but potentially severe security problem.
The user can have the variables OWNCLOUD_USERNAME and OWNCLOUD_GROUPNAME
defined in his environment to point to his own username and groupname.
Suggested by: Adam McDougall
Modified:
head/www/owncloud/Makefile
head/www/owncloud/pkg-plist
Modified: head/www/owncloud/Makefile
==============================================================================
--- head/www/owncloud/Makefile Wed Mar 12 01:42:52 2014 (r347951)
+++ head/www/owncloud/Makefile Wed Mar 12 02:04:03 2014 (r347952)
@@ -2,6 +2,7 @@
PORTNAME= owncloud
PORTVERSION= 6.0.2
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= http://download.owncloud.org/community/
@@ -19,9 +20,14 @@ USE_PHP= bz2 ctype curl dom exif fileinf
xsl wddx zip zlib
WANT_PHP_WEB= yes
+OWNCLOUD_USERNAME?= www
+OWNCLOUD_GROUPNAME?= ${OWNCLOUD_USERNAME}
+
WRKSRC= ${WRKDIR}/${PORTNAME}
NO_BUILD= yes
SUB_FILES= pkg-message
+PLIST_SUB= OWNCLOUD_USERNAME=${OWNCLOUD_USERNAME} \
+ OWNCLOUD_GROUPNAME=${OWNCLOUD_GROUPNAME}
OPTIONS_MULTI= DB
OPTIONS_MULTI_DB= MYSQL PGSQL SQLITE
Modified: head/www/owncloud/pkg-plist
==============================================================================
--- head/www/owncloud/pkg-plist Wed Mar 12 01:42:52 2014 (r347951)
+++ head/www/owncloud/pkg-plist Wed Mar 12 02:04:03 2014 (r347952)
@@ -1,5 +1,5 @@
- at owner www
- at group www
+ at owner %%OWNCLOUD_USERNAME%%
+ at group %%OWNCLOUD_GROUPNAME%%
%%WWWDIR%%/.htaccess
%%WWWDIR%%/3rdparty/Archive/Tar.php
%%WWWDIR%%/3rdparty/Console/Getopt.php
More information about the svn-ports-head
mailing list