diff options
author | Baptiste Daroussin <bapt@FreeBSD.org> | 2013-12-17 08:20:44 +0000 |
---|---|---|
committer | Baptiste Daroussin <bapt@FreeBSD.org> | 2013-12-17 08:20:44 +0000 |
commit | a4fd0b2a9246c31d7eca49cf8c6f549f6c6d2f99 (patch) | |
tree | f9bbd8918881a90b21a8006523c1621a70cea600 | |
parent | e32795603e2c2a0454cc7106f65629e47c0fb3bb (diff) | |
download | ports-a4fd0b2a9246c31d7eca49cf8c6f549f6c6d2f99.tar.gz ports-a4fd0b2a9246c31d7eca49cf8c6f549f6c6d2f99.zip |
MFH: r336678
- update to 2.8.4
- add stage support
Security: 3b86583a-66a7-11e3-868f-0025905a4771
Notes
Notes:
svn path=/branches/2014Q1/; revision=336698
-rw-r--r-- | security/vuxml/vuln.xml | 30 | ||||
-rw-r--r-- | www/phpmyfaq/Makefile | 16 | ||||
-rw-r--r-- | www/phpmyfaq/distinfo | 4 | ||||
-rw-r--r-- | www/phpmyfaq/pkg-plist | 25 |
4 files changed, 60 insertions, 15 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a06d1c1e0426..00e29bf9e8ae 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3b86583a-66a7-11e3-868f-0025905a4771"> + <topic>phpmyfaq -- arbitrary PHP code execution vulnerability</topic> + <affects> + <package> + <name>phpmyfaq</name> + <range><lt>2.8.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyFAQ team reports:</p> + <blockquote cite="http://www.phpmyfaq.de/advisory_2013-11-26.php"> + <p>Secunia noticed while analysing the advisory that authenticated + users with "Right to add attachments" are able to exploit an already + publicly known issue in the bundled Ajax File Manager of phpMyFAQ version + 2.8.3, which leads to arbitrary PHP code execution for authenticated + users with the permission "Right to add attachments".</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyfaq.de/advisory_2013-11-26.php</url> + <url>http://en.securitylab.ru/lab/PT-2013-41</url> + </references> + <dates> + <discovery>2013-11-26</discovery> + <entry>2013-12-16</entry> + </dates> + </vuln> + <vuln vid="44d0f8dc-6607-11e3-bb11-0025900931f8"> <topic>zabbix -- shell command injection vulnerability</topic> <affects> diff --git a/www/phpmyfaq/Makefile b/www/phpmyfaq/Makefile index 6cea7390d3cd..c8e27005d0b5 100644 --- a/www/phpmyfaq/Makefile +++ b/www/phpmyfaq/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpmyfaq -PORTVERSION= 2.8.2 +PORTVERSION= 2.8.4 CATEGORIES= www MASTER_SITES= http://www.phpmyfaq.de/download/ @@ -11,20 +11,20 @@ COMMENT= A multilingual, completely database-driven FAQ-system WRKSRC= ${WRKDIR}/${PORTNAME} +NEED_ROOT= yes + USE_PHP= filter json mysql pcre pdf session xml xmlrpc xmlwriter zlib FAQ_DIR= attachments data images inc pdf xml NO_BUILD= YES WANT_PHP_WEB= YES +NO_ARCH= YES -NO_STAGE= yes do-install: - -${MKDIR} ${WWWDIR} - @cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${WWWDIR} + @${MKDIR} ${STAGEDIR}${WWWDIR} + @cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${WWWDIR} .for i in ${FAQ_DIR} - -@${MKDIR} ${WWWDIR}/${i} - @${CHMOD} 777 ${WWWDIR}/${i} + @${MKDIR} ${STAGEDIR}${WWWDIR}/${i} + @${CHOWN} ${WWWOWN}:${WWWGRP} ${STAGEDIR}${WWWDIR}/${i} ${STAGEDIR}${WWWDIR}/config .endfor - @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${WWWDIR} - @${CAT} ${PKGMESSAGE} .include <bsd.port.mk> diff --git a/www/phpmyfaq/distinfo b/www/phpmyfaq/distinfo index bdf0eafea35f..6bfd084d6807 100644 --- a/www/phpmyfaq/distinfo +++ b/www/phpmyfaq/distinfo @@ -1,2 +1,2 @@ -SHA256 (phpmyfaq-2.8.2.tar.gz) = 2ab6452da45dacd3bd771597671371881a4c9d13352b4c70d608b686779c3db6 -SIZE (phpmyfaq-2.8.2.tar.gz) = 3896352 +SHA256 (phpmyfaq-2.8.4.tar.gz) = da4762ce824a973f0303762e9028ea9c7e1b1b0bc0f7721388046bd1c35b0164 +SIZE (phpmyfaq-2.8.4.tar.gz) = 3903889 diff --git a/www/phpmyfaq/pkg-plist b/www/phpmyfaq/pkg-plist index 3a096a7af929..c0bfcdc89a06 100644 --- a/www/phpmyfaq/pkg-plist +++ b/www/phpmyfaq/pkg-plist @@ -1,3 +1,16 @@ +@exec mkdir -p %D/www/phpmyfaq/attachments +@exec mkdir -p %D/www/phpmyfaq/data +@exec mkdir -p %D/www/phpmyfaq/images +@exec mkdir -p %D/www/phpmyfaq/inc +@exec mkdir -p %D/www/phpmyfaq/pdf +@exec mkdir -p %D/www/phpmyfaq/xml +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/attachments +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/config +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/data +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/images +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/inc +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/pdf +@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/xml %%WWWDIR%%/_.htaccess %%WWWDIR%%/_httpd.ini %%WWWDIR%%/_lighttpd.conf @@ -24,6 +37,7 @@ %%WWWDIR%%/admin/assets/font/fontawesome-webfont.svg %%WWWDIR%%/admin/assets/font/fontawesome-webfont.ttf %%WWWDIR%%/admin/assets/font/fontawesome-webfont.woff +%%WWWDIR%%/admin/assets/js/record.js %%WWWDIR%%/admin/assets/js/uploadcheck.js %%WWWDIR%%/admin/assets/js/user.js %%WWWDIR%%/admin/assets/less/style.less @@ -876,6 +890,7 @@ %%WWWDIR%%/assets/template/default/favicon.ico %%WWWDIR%%/assets/template/default/glossary.tpl %%WWWDIR%%/assets/template/default/images/arrow.gif +%%WWWDIR%%/assets/template/default/indexPassword.tpl %%WWWDIR%%/assets/template/default/index.tpl %%WWWDIR%%/assets/template/default/indexLogin.tpl %%WWWDIR%%/assets/template/default/indexMaintenance.tpl @@ -1264,7 +1279,7 @@ @dirrm %%WWWDIR%%/xml @dirrm %%WWWDIR%%/services/twitter @dirrm %%WWWDIR%%/services -@dirrmtry %%WWWDIR%%/pdf +@dirrm %%WWWDIR%%/pdf @dirrm %%WWWDIR%%/multisite @dirrm %%WWWDIR%%/lang @dirrm %%WWWDIR%%/install @@ -1357,16 +1372,16 @@ @dirrm %%WWWDIR%%/inc/PMF/Attachment @dirrm %%WWWDIR%%/inc/PMF @dirrm %%WWWDIR%%/inc -@dirrmtry %%WWWDIR%%/images +@dirrm %%WWWDIR%%/images @dirrm %%WWWDIR%%/feed/topten @dirrm %%WWWDIR%%/feed/openquestions @dirrm %%WWWDIR%%/feed/news @dirrm %%WWWDIR%%/feed/latest @dirrm %%WWWDIR%%/feed/category @dirrm %%WWWDIR%%/feed -@dirrmtry %%WWWDIR%%/data -@dirrmtry %%WWWDIR%%/config -@dirrmtry %%WWWDIR%%/attachments +@dirrm %%WWWDIR%%/data +@dirrm %%WWWDIR%%/config +@dirrm %%WWWDIR%%/attachments @dirrm %%WWWDIR%%/assets/template/default/less @dirrm %%WWWDIR%%/assets/template/default/images @dirrm %%WWWDIR%%/assets/template/default/css |