Date: Fri, 10 Feb 2006 10:44:56 -0500 (EST) From: Wesley Shields <wxs@csh.rit.edu> To: FreeBSD-gnats-submit@FreeBSD.org Cc: edwin@mavetju.org Subject: ports/93131: [SECURITY UPDATE]: deskutils/phpicalendar Message-ID: <200602101544.k1AFiubt081535@syn.csh.rit.edu> Resent-Message-ID: <200602101540.k1AFe6WN096447@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93131 >Category: ports >Synopsis: [SECURITY UPDATE]: deskutils/phpicalendar >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Feb 10 15:40:04 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Wesley Shields >Release: FreeBSD 6.0-RELEASE-p2 i386 >Organization: >Environment: System: FreeBSD syn 6.0-RELEASE-p2 FreeBSD 6.0-RELEASE-p2 #1: Wed Jan 11 11:57:33 EST 2006 root@syn:/usr/obj/usr/src/sys/GENERIC i386 >Description: deskutils/phpicalendar is vulnerable to file inclusion[1]. The author has released an updated version to fix this. The attached patch updates the port. It also adds a dependency on PHP and makes pkg-message a bit better. >How-To-Repeat: N/A >Fix: diff -ruN deskutils/phpicalendar.orig/Makefile deskutils/phpicalendar/Makefile --- deskutils/phpicalendar.orig/Makefile Mon Jan 30 10:34:51 2006 +++ deskutils/phpicalendar/Makefile Fri Feb 10 10:30:58 2006 @@ -6,7 +6,7 @@ # PORTNAME= phpicalendar -PORTVERSION= 2.1 +PORTVERSION= 2.21 CATEGORIES= deskutils www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -19,23 +19,25 @@ PHPICALENDAR= www/phpicalendar WWWDIR= ${PREFIX}/${PHPICALENDAR} PLIST_SUB+= PHPICALENDAR=${PHPICALENDAR} +USE_PHP= yes +NO_WORKSUBDIR= yes do-install: .if !exists(${WWWDIR}) ${MKDIR} ${WWWDIR} .endif .for dir in admin calendars functions images includes languages rss templates - @${CP} -R ${WRKSRC}/${dir} ${WWWDIR} + @${CP} -R ${WRKDIR}/${dir} ${WWWDIR} @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${WWWDIR}/${dir} .endfor .for f in index.php TIMEZONES error.php day.php preferences.php print.php search.php week.php month.php year.php README COPYING AUTHORS - @${CP} ${WRKSRC}/${f} ${WWWDIR} + @${CP} ${WRKDIR}/${f} ${WWWDIR} @${CHOWN} ${WWWOWN}:${WWWGRP} ${WWWDIR}/${f} .endfor - @${CP} ${WRKSRC}/config.inc.php ${WWWDIR}/config.inc.php-default + @${CP} ${WRKDIR}/config.inc.php ${WWWDIR}/config.inc.php-default @${CHOWN} ${WWWOWN}:${WWWGRP} ${WWWDIR}/config.inc.php-default post-install: - ${CAT} ${PKGMESSAGE} + @${SED} "s|%%WWWDIR%%|${WWWDIR}|g" ${PKGMESSAGE} .include <bsd.port.mk> diff -ruN deskutils/phpicalendar.orig/distinfo deskutils/phpicalendar/distinfo --- deskutils/phpicalendar.orig/distinfo Mon Jan 30 10:34:51 2006 +++ deskutils/phpicalendar/distinfo Fri Feb 10 10:22:33 2006 @@ -1,3 +1,3 @@ -MD5 (phpicalendar-2.1.tgz) = c0b3fb13136f53ce60a53b3781a2d895 -SHA256 (phpicalendar-2.1.tgz) = 3ca96aac0491f26f607f15cd869836adddfc22e1e4e9b388a1ff2bbba7371167 -SIZE (phpicalendar-2.1.tgz) = 146748 +MD5 (phpicalendar-2.21.tgz) = 297e3a869f53bc0aa62653ed4d3b495d +SHA256 (phpicalendar-2.21.tgz) = 45e8bc8417762eb7779877a7abc4f7afe9e12a9f51b304f9c02dfdfaecd9add5 +SIZE (phpicalendar-2.21.tgz) = 149004 diff -ruN deskutils/phpicalendar.orig/pkg-message deskutils/phpicalendar/pkg-message --- deskutils/phpicalendar.orig/pkg-message Sat Apr 3 01:24:04 2004 +++ deskutils/phpicalendar/pkg-message Fri Feb 10 10:31:17 2006 @@ -1,4 +1,4 @@ PHPiCalendar post-install instructions -------------------------------------- -Go to %%PREFIX%%/www/phpicalendar and copy +Go to %%WWWDIR%%/www/phpicalendar and copy config.inc.php-default to config.inc.php. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602101544.k1AFiubt081535>