From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Jun  7 10:40:29 2005
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6BFB616A41F
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue,  7 Jun 2005 10:40:29 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B2BE743D55
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue,  7 Jun 2005 10:40:28 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j57AeSMr082481
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 7 Jun 2005 10:40:28 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j57AeSaC082480;
	Tue, 7 Jun 2005 10:40:28 GMT (envelope-from gnats)
Resent-Date: Tue, 7 Jun 2005 10:40:28 GMT
Resent-Message-Id: <200506071040.j57AeSaC082480@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Francisco Alves Cabrita <include@npf.deec.uc.pt>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2267416A41C
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue,  7 Jun 2005 10:39:25 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C0FD943D55
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue,  7 Jun 2005 10:39:24 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j57AdOVA073006
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 7 Jun 2005 10:39:24 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j57AdOgo073005;
	Tue, 7 Jun 2005 10:39:24 GMT (envelope-from nobody)
Message-Id: <200506071039.j57AdOgo073005@www.freebsd.org>
Date: Tue, 7 Jun 2005 10:39:24 GMT
From: Francisco Alves Cabrita <include@npf.deec.uc.pt>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Cc: 
Subject: ports/81984: [SECURITY UPDATE]: Update for www/mambo - Security
	Patch for All Mambo 4.5.x Versions
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2005 10:40:29 -0000


>Number:         81984
>Category:       ports
>Synopsis:       [SECURITY UPDATE]: Update for www/mambo - Security Patch for All Mambo 4.5.x Versions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 07 10:40:28 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Francisco Alves Cabrita
>Release:        FreeBSD 5.4-RELEASE
>Organization:
Núcleo Português de FreeBSD
>Environment:
FreeBSD fac.e10.pt 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sat May  7 23:33:40 WEST 2005     fac@fac.e10.pt:/usr/obj/usr/src/sys/MOBILE  i386
>Description:
Under various (and differing) circumstances, multiple vulnerabilities exist that allow an attacker to steal cookie information, initiatiate XSS and SQL injection attacks.
>How-To-Repeat:
      
>Fix:
Security Patch for All Mambo 4.5.x Versions

-- Makefile_SAFE Tue Jun  7 11:22:57 2005
+++ Makefile  Tue Jun  7 11:25:17 2005
@@ -5,13 +5,15 @@
 # $FreeBSD: ports/www/mambo/Makefile,v 1.2 2005/05/29 09:07:41 thierry Exp $

 PORTNAME=  mambo
-PORTVERSION= 4.5.2.1
+PORTVERSION= 4.5.2.2
 PORTREVISION=  1
 CATEGORIES=  www
 MASTER_SITES=  http://mamboforge.net/frs/download.php/4004/:source1 \
-   http://mamboforge.net/frs/download.php/4043/:source2
+   http://mamboforge.net/frs/download.php/4043/:source2 \
+   http://mamboforge.net/frs/download.php/5886/:source3
 DISTFILES= ${MAMBO_SRC}:source1 \
-   ${MAMBO_PATCH}:source2
+   ${MAMBO_PATCH1}:source2 \
+   ${MAMBO_PATCH2}:source3

 MAINTAINER=  include@npf.pt.freebsd.org
 COMMENT= A dynamic web content management system (CMS)
@@ -31,12 +33,14 @@
 DIST_SUBDIR= ${PORTNAME}

 MAMBO_SRC= MamboV4.5.2-Stable.tar.gz
-MAMBO_PATCH= Patch_4.5.2_to_4.5.2.1.zip
+MAMBO_PATCH1=  Patch_4.5.2_to_4.5.2.1.zip
+MAMBO_PATCH2=  Patch_4.5.2_to_4.5.2.2.zip

 do-extract:
    @${MKDIR} ${WRKSRC}
    @${TAR} -zxf ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_SRC} -C ${WRKSRC}
-   @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH} -d ${WRKSRC}
+   @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH1} -d ${WRKSRC}
+   @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH2} -d ${WRKSRC}
    @${RM} -rf ${WRKSRC}/templates/rhuk_solarflare # remove empty

 do-install:

PS: I already received an e-mail from pointyhat (Kris Kennaway)alerting me to insert more redundant mirros, sorry but for now i only have time to submite this important update.

Thank in advance
Francisco aka include
>Release-Note:
>Audit-Trail:
>Unformatted: