From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Nov 26 18:10:46 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17B8216A41F for ; Sat, 26 Nov 2005 18:10:46 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00FCF43D7D for ; Sat, 26 Nov 2005 18:10:07 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jAQIA1gq038438 for ; Sat, 26 Nov 2005 18:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jAQIA1tC038437; Sat, 26 Nov 2005 18:10:01 GMT (envelope-from gnats) Resent-Date: Sat, 26 Nov 2005 18:10:01 GMT Resent-Message-Id: <200511261810.jAQIA1tC038437@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Francisco Alves Cabrita Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B30916A41F for ; Sat, 26 Nov 2005 18:02:28 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEE3C43D73 for ; Sat, 26 Nov 2005 18:02:14 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id jAQI2EdM036953 for ; Sat, 26 Nov 2005 18:02:14 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id jAQI2ES8036952; Sat, 26 Nov 2005 18:02:14 GMT (envelope-from nobody) Message-Id: <200511261802.jAQI2ES8036952@www.freebsd.org> Date: Sat, 26 Nov 2005 18:02:14 GMT From: Francisco Alves Cabrita To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: ports/89596: PORT UPDATE: www/joomla 1.0.3 -> 1.0.4 (Security fixes) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Nov 2005 18:10:46 -0000 >Number: 89596 >Category: ports >Synopsis: PORT UPDATE: www/joomla 1.0.3 -> 1.0.4 (Security fixes) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Nov 26 18:10:00 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Francisco Alves Cabrita >Release: FreeBSD 6.0-STABLE >Organization: Núcleo Português de FreeBSD >Environment: FreeBSD fac.e10.pt 6.0-STABLE FreeBSD 6.0-STABLE #0: Fri Nov 25 16:42:45 WET 2005 fac@fac.e10.pt:/usr/obj/usr/src/sys/MOBILE i386 >Description: 1.0.4 Contains fixes for 6 Security Vunerabilities. Critical Level Threats Potentional XSS injection through GET and other variables - Affects all previous versions of Joomla! and Mambo 4.5.2.3 Hardened SEF against XSS injection - Affects all previous versions of Joomla! and Mambo 4.5.2.3 Low Level Threats Potential SQL injection in Polls modules through the Itemid variable - Affects all previous versions of Joomla! and Mambo 4.5.2.x series Potential SQL injection in several methods in mosDBTable class - Affects all previous versions of Joomla! and Mambo 4.5.2.x series Potential misuse of Media component file management functions - Affects all previous versions of Joomla! and Mambo 4.5.2.x series Add search limit param (default of 50) to `Search` Mambots to prevent search flooding - Affects all previous versions of Joomla! and Mambo 4.5.2.x series >How-To-Repeat: >Fix: --- Makefile_3 Sat Nov 26 17:50:40 2005 +++ Makefile Fri Nov 25 20:56:50 2005 @@ -5,9 +5,9 @@ # $FreeBSD: ports/www/joomla/Makefile,v 1.1 2005/11/25 02:08:33 edwin Exp $ PORTNAME= joomla -PORTVERSION= 1.0.3 +PORTVERSION= 1.0.4 CATEGORIES= www -MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_3/frs1820?dl=1/:source1 +MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_4/frs2532?dl=1/:source1 DISTFILES= ${JOOMLA_SRC}:source1 MAINTAINER= include@npf.pt.freebsd.org @@ -25,7 +25,7 @@ JOOMLA_DIR?= www/${PORTNAME} DIST_SUBDIR= ${PORTNAME} -JOOMLA_SRC= Joomla_1.0.3-Stable-Full_Package.tar.gz +JOOMLA_SRC= Joomla_1.0.4-Stable-Full_Package.tar.gz do-extract: @${MKDIR} ${WRKSRC} --- distinfo_3 Sat Nov 26 17:50:40 2005 +++ distinfo Fri Nov 25 20:56:50 2005 @@ -1,2 +1,3 @@ -MD5 (joomla/Joomla_1.0.3-Stable-Full_Package.tar.gz) = 077ec8232b43fa3e619e5fa087e06c38 -SIZE (joomla/Joomla_1.0.3-Stable-Full_Package.tar.gz) = 1814205 +MD5 (joomla/Joomla_1.0.4-Stable-Full_Package.tar.gz) = 5ba5e601b10c80c9d7709294c15e0350 +SHA256 (joomla/Joomla_1.0.4-Stable-Full_Package.tar.gz) = 0ada614f83f20b6d9cbfc30d7a659734162addd47f9b438a928922e2179ce465 +SIZE (joomla/Joomla_1.0.4-Stable-Full_Package.tar.gz) = 1785111 --- pkg-plist_3 Sat Nov 26 17:50:40 2005 +++ pkg-plist Fri Nov 25 20:56:50 2005 @@ -295,7 +295,6 @@ www/joomla/administrator/images/apply_f2.png www/joomla/administrator/images/archive.png www/joomla/administrator/images/archive_f2.png -www/joomla/administrator/images/asterisk.png www/joomla/administrator/images/back.png www/joomla/administrator/images/back_f2.png www/joomla/administrator/images/backup.png @@ -342,9 +341,7 @@ www/joomla/administrator/images/index.html www/joomla/administrator/images/install.png www/joomla/administrator/images/langmanager.png -www/joomla/administrator/images/logo.png www/joomla/administrator/images/mail.png -www/joomla/administrator/images/mambo.gif www/joomla/administrator/images/massemail.png www/joomla/administrator/images/mediamanager.png www/joomla/administrator/images/menu.png @@ -522,7 +519,6 @@ www/joomla/editor/editor.php www/joomla/editor/index.html www/joomla/globals.php -www/joomla/globals.php-off www/joomla/help/css/docbook.css www/joomla/help/css/help.css www/joomla/help/css/index.html @@ -845,6 +841,7 @@ www/joomla/includes/js/jscalendar-1.0/menuarrow.gif www/joomla/includes/js/jscalendar-1.0/menuarrow2.gif www/joomla/includes/js/mambojavascript.js +www/joomla/includes/js/overlib_hideform_mini.js www/joomla/includes/js/overlib_mini.js www/joomla/includes/js/tabs/index.html www/joomla/includes/js/tabs/tab.png @@ -1009,6 +1006,7 @@ www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/langs/en.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/langs/index.html www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/license.txt +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/index.html www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/editor_plugin.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/editor_plugin_src.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/images/index.html @@ -1017,7 +1015,6 @@ www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/langs/en.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/langs/index.html www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/popup.htm -www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/readme.txt www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/advhr/editor_plugin.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/advhr/editor_plugin_src.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/advhr/images/advhr.gif @@ -1075,7 +1072,6 @@ www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/emotions.htm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/emotions.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/index.html -www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/readme.txt www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/smiley-cool.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/smiley-cry.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/emotions/images/smiley-embarassed.gif @@ -1177,7 +1173,6 @@ www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/print/index.html www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/print/langs/en.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/print/langs/index.html -www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/readme.txt www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/save/editor_plugin.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/save/editor_plugin_src.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/save/images/index.html @@ -1227,15 +1222,18 @@ www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/jscripts/table.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/langs/en.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/langs/index.html -www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/langs/readme.txt www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/merge_cells.htm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/row.htm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/table.htm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/editor_plugin.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/editor_plugin_src.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/index.html +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/es.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/he.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/index.html +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru_UTF-8.js +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru.js +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru_KOI8-R.js www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/about.htm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/anchor.htm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/charmap.htm @@ -1299,6 +1297,10 @@ www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_col_before.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_row_after.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_row_before.gif +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/bold_es.gif +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/opacity.png +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/italic_es.gif +www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_es.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_fr.gif www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_ru.gif After diffing this 3 files i also ask to remove the dist file because it doesen't do nothing. Thanks in advance Francisco Cabrita >Release-Note: >Audit-Trail: >Unformatted: