From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Sep 1 13:00:41 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3C1C16A420 for ; Thu, 1 Sep 2005 13:00:41 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9647243D4C for ; Thu, 1 Sep 2005 13:00:40 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j81D0eXH024419 for ; Thu, 1 Sep 2005 13:00:40 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j81D0exl024418; Thu, 1 Sep 2005 13:00:40 GMT (envelope-from gnats) Resent-Date: Thu, 1 Sep 2005 13:00:40 GMT Resent-Message-Id: <200509011300.j81D0exl024418@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, chinsan Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82A7C16A41F for ; Thu, 1 Sep 2005 12:57:40 +0000 (GMT) (envelope-from chinsan@polly.twbbs.org) Received: from polly.twbbs.org (220-135-156-140.HINET-IP.hinet.net [220.135.156.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3191A43D49 for ; Thu, 1 Sep 2005 12:57:37 +0000 (GMT) (envelope-from chinsan@polly.twbbs.org) Received: from polly.twbbs.org (polly.twbbs.org [127.0.0.1]) by polly.twbbs.org (8.13.3/8.13.3) with ESMTP id j81CwLMx087867 for ; Thu, 1 Sep 2005 20:58:29 +0800 (CST) (envelope-from chinsan@polly.twbbs.org) Received: (from chinsan@localhost) by polly.twbbs.org (8.13.3/8.13.3/Submit) id j81CwJTW087866; Thu, 1 Sep 2005 20:58:19 +0800 (CST) (envelope-from chinsan) Message-Id: <200509011258.j81CwJTW087866@polly.twbbs.org> Date: Thu, 1 Sep 2005 20:58:19 +0800 (CST) From: chinsan To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/85568: [MAINTAINER] www/b2evo: fix security issue of xmlrpc X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: chinsan List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Sep 2005 13:00:41 -0000 >Number: 85568 >Category: ports >Synopsis: [MAINTAINER] www/b2evo: fix security issue of xmlrpc >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Sep 01 13:00:40 GMT 2005 >Closed-Date: >Last-Modified: >Originator: chinsan >Release: FreeBSD 5.4-RELEASE i386 >Organization: FreeBSD Taiwan >Environment: System: FreeBSD polly.twbbs.org 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: - Fix security issue of xmlrpc - Add more infomation about installation Thanks very much. :) >How-To-Repeat: >Fix: --- b2evo.diff begins here --- diff -ruN b2evo.orig/Makefile b2evo/Makefile --- b2evo.orig/Makefile Thu Sep 1 08:33:38 2005 +++ b2evo/Makefile Thu Sep 1 20:52:19 2005 @@ -7,12 +7,12 @@ PORTNAME= b2evolution PORTVERSION= 0.9.0.12 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= evocms -DISTNAME= ${PORTNAME}-${PORTVERSION}-${B2EVO_DATE} \ - xmlrpc_fix_111 +DISTNAME= ${PORTNAME}-${PORTVERSION}-${B2EVO_DATE}${EXTRACT_SUFX} \ + ${PATCH_VER} EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}-${B2EVO_DATE} # Maintainership available: drop me a line if interested :p @@ -21,8 +21,9 @@ USE_ZIP= YES +PATCH_VER= xmlrpc_fix_112 B2EVO_DATE?= 2005-05-06 -USE_PHP= mysql pcre session xml +USE_PHP= mysql pcre session xml xmlrpc PHP4_PORT?= www/mod_php4 NO_BUILD= YES WANT_PHP_WEB= YES @@ -30,28 +31,41 @@ TMPDIR?= ${PORTNAME} WRKSRC= ${WRKDIR}/${TMPDIR} -.if !defined(B2EVO_DIR) +.if !defined(B2EVO_URL) pre-fetch: @${ECHO_MSG} "" - @${ECHO_MSG} "Define B2EVO_DIR to override default of '${B2EVO_DIR}'." + @${ECHO_MSG} "Define B2EVO_URL to override default of ${PREFIX}/${WWWDOCROOT}/'${B2EVO_URL}'." @${ECHO_MSG} "" .endif +# Get HOSTNAME +.if exists(/sbin/sysctl) +HOSTNAME!= /sbin/sysctl -n kern.hostname +.else +HOSTNAME!= /usr/sbin/sysctl -n kern.hostname +.endif + WWWDOCROOT?= www/data B2EVO_URL?= b2evo WWWOWN?= www WWWGRP?= www B2EVO_DIR?= ${WWWDOCROOT}/${B2EVO_URL} +HTACCESS= ${WRKSRC}/blogs/sample.htaccess PLIST= ${WRKDIR}/pkg-plist .include post-extract: - cd ${WRKSRC}/blogs/b2evocore \ - && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${DISTDIR}/xmlrpc_fix_111${EXTRACT_SUFX} + @${TR} -d \\r < ${HTACCESS} > ${HTACCESS}.unix + +post-patch: + @cd ${WRKSRC} \ + && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${DISTDIR}/${PATCH_VER}${EXTRACT_SUFX} + @${MV} -f ${WRKSRC}/${PATCH_VER}/b2evocore/* ${WRKSRC}/blogs/b2evocore + @${RM} -rf ${WRKSRC}/${PATCH_VER} pre-install: - cd ${WRKSRC} && ${FIND} -s . -type f | \ + @cd ${WRKSRC} && ${FIND} -s . -type f | \ ${SED} -e 's|^./||;s|^|${B2EVO_DIR}/|' > ${PLIST} \ && ${FIND} -d * -type d | \ ${SED} -e 's|^|@dirrm ${B2EVO_DIR}/|' >> ${PLIST} \ @@ -59,11 +73,13 @@ do-install: -${MKDIR} ${PREFIX}/${B2EVO_DIR} - @${CHOWN} ${WWWOWN}:${WWWGRP} ${PREFIX}/${B2EVO_DIR} @${CHMOD} 755 ${PREFIX}/${B2EVO_DIR} @${CP} -R ${WRKSRC}/ ${PREFIX}/${B2EVO_DIR} + @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/${B2EVO_DIR} + @${CHMOD} 665 ${PREFIX}/${B2EVO_DIR}/blogs/conf/_config.php post-install: - @${SED} -e 's|%%B2EVO_URL%%|${B2EVO_URL}|' ${PKGMESSAGE} + @${SED} -e 's|%%HOSTNAME%%|${HOSTNAME}|; s|%%B2EVO_URL%%|${B2EVO_URL}|' \ + ${PKGMESSAGE} .include diff -ruN b2evo.orig/distinfo b2evo/distinfo --- b2evo.orig/distinfo Thu Sep 1 08:33:38 2005 +++ b2evo/distinfo Thu Sep 1 19:32:14 2005 @@ -1,4 +1,4 @@ -MD5 (b2evolution-0.9.0.12-2005-05-06) = 7f08250c3d08c2c55e75655fbffa2d98 -SIZE (b2evolution-0.9.0.12-2005-05-06) = 2857939 -MD5 (xmlrpc_fix_111.zip) = b57b76bc30d8cb4857fc66ea53f78344 -SIZE (xmlrpc_fix_111.zip) = 20432 +MD5 (b2evolution-0.9.0.12-2005-05-06.zip) = 7f08250c3d08c2c55e75655fbffa2d98 +SIZE (b2evolution-0.9.0.12-2005-05-06.zip) = 2857939 +MD5 (xmlrpc_fix_112.zip) = 3083b4118e72e1ef87a827c20522bda6 +SIZE (xmlrpc_fix_112.zip) = 22264 diff -ruN b2evo.orig/pkg-message b2evo/pkg-message --- b2evo.orig/pkg-message Thu Sep 1 08:33:38 2005 +++ b2evo/pkg-message Thu Sep 1 20:47:30 2005 @@ -1,7 +1,29 @@ +================================================================== +b2evolution is now installed. If you intall it for the first time, +you may have to follow this steps to make it work correctly. - **** NOTE **** -For first use of b2evolution, remember to point your browser to +1. Create the MySQL database: - http://localhost/%%B2EVO_URL%%/blogs/install/ + # mysqladmin --user=root -p create b2evolution -and follow the instructions. +2. Create a mysql user/password for b2evolution(database): + (change user and/or password if requered) + + # mysql -u root -p + mysql> GRANT ALL ON b2evolution.* TO b2evouser@localhost + IDENTIFIED BY 'b2evopassword'; + mysql> FLUSH PRIVILEGES; + mysql> QUIT; + +3.Open b2evo installation page in your web browser + and login with b2evouser/b2evopassword + + http://%%HOSTNAME%%/%%B2EVO_URL%%/blogs/install/ + + If you are doing a fresh install... + Note that password carefully! It is a random password that is given to you + when you install b2evolution. + If you lose it, you will have to delete the database tables and reinstall. + + Have fun! +================================================================== --- b2evo.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: