Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Dec 2013 23:37:24 +0000 (UTC)
From:      Florian Smeets <flo@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r336678 - in head: security/vuxml www/phpmyfaq
Message-ID:  <201312162337.rBGNbOT9074519@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: flo
Date: Mon Dec 16 23:37:23 2013
New Revision: 336678
URL: http://svnweb.freebsd.org/changeset/ports/336678

Log:
  - update to 2.8.4
  - add stage support
  
  Security:	3b86583a-66a7-11e3-868f-0025905a4771

Modified:
  head/security/vuxml/vuln.xml
  head/www/phpmyfaq/Makefile
  head/www/phpmyfaq/distinfo
  head/www/phpmyfaq/pkg-plist

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Dec 16 23:12:24 2013	(r336677)
+++ head/security/vuxml/vuln.xml	Mon Dec 16 23:37:23 2013	(r336678)
@@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="3b86583a-66a7-11e3-868f-0025905a4771">
+    <topic>phpmyfaq -- arbitrary PHP code execution vulnerability</topic>
+    <affects>
+      <package>
+	<name>phpmyfaq</name>
+	<range><lt>2.8.4</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The phpMyFAQ team reports:</p>
+	<blockquote cite="http://www.phpmyfaq.de/advisory_2013-11-26.php">;
+	  <p>Secunia noticed while analysing the advisory that authenticated
+	    users with "Right to add attachments" are able to exploit an already
+	    publicly known issue in the bundled Ajax File Manager of phpMyFAQ version
+	    2.8.3, which leads to arbitrary PHP code execution for authenticated
+	    users with the permission "Right to add attachments".</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.phpmyfaq.de/advisory_2013-11-26.php</url>;
+      <url>http://en.securitylab.ru/lab/PT-2013-41</url>;
+    </references>
+    <dates>
+      <discovery>2013-11-26</discovery>
+      <entry>2013-12-16</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="44d0f8dc-6607-11e3-bb11-0025900931f8">
     <topic>zabbix -- shell command injection vulnerability</topic>
     <affects>

Modified: head/www/phpmyfaq/Makefile
==============================================================================
--- head/www/phpmyfaq/Makefile	Mon Dec 16 23:12:24 2013	(r336677)
+++ head/www/phpmyfaq/Makefile	Mon Dec 16 23:37:23 2013	(r336678)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	phpmyfaq
-PORTVERSION=	2.8.2
+PORTVERSION=	2.8.4
 CATEGORIES=	www
 MASTER_SITES=	http://www.phpmyfaq.de/download/
 
@@ -11,20 +11,20 @@ COMMENT=	A multilingual, completely data
 
 WRKSRC=		${WRKDIR}/${PORTNAME}
 
+NEED_ROOT=	yes
+
 USE_PHP=	filter json mysql pcre pdf session xml xmlrpc xmlwriter zlib
 FAQ_DIR=	attachments data images inc pdf xml
 NO_BUILD=	YES
 WANT_PHP_WEB=	YES
+NO_ARCH=	YES
 
-NO_STAGE=	yes
 do-install:
-	-${MKDIR} ${WWWDIR}
-	@cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${WWWDIR}
+	@${MKDIR} ${STAGEDIR}${WWWDIR}
+	@cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${WWWDIR}
 .for i in ${FAQ_DIR}
-	-@${MKDIR} ${WWWDIR}/${i}
-	@${CHMOD} 777 ${WWWDIR}/${i}
+	@${MKDIR} ${STAGEDIR}${WWWDIR}/${i}
+	@${CHOWN} ${WWWOWN}:${WWWGRP} ${STAGEDIR}${WWWDIR}/${i} ${STAGEDIR}${WWWDIR}/config
 .endfor
-	@${CHOWN} -R ${WWWOWN}:${WWWGRP} ${WWWDIR}
-	@${CAT} ${PKGMESSAGE}
 
 .include <bsd.port.mk>

Modified: head/www/phpmyfaq/distinfo
==============================================================================
--- head/www/phpmyfaq/distinfo	Mon Dec 16 23:12:24 2013	(r336677)
+++ head/www/phpmyfaq/distinfo	Mon Dec 16 23:37:23 2013	(r336678)
@@ -1,2 +1,2 @@
-SHA256 (phpmyfaq-2.8.2.tar.gz) = 2ab6452da45dacd3bd771597671371881a4c9d13352b4c70d608b686779c3db6
-SIZE (phpmyfaq-2.8.2.tar.gz) = 3896352
+SHA256 (phpmyfaq-2.8.4.tar.gz) = da4762ce824a973f0303762e9028ea9c7e1b1b0bc0f7721388046bd1c35b0164
+SIZE (phpmyfaq-2.8.4.tar.gz) = 3903889

Modified: head/www/phpmyfaq/pkg-plist
==============================================================================
--- head/www/phpmyfaq/pkg-plist	Mon Dec 16 23:12:24 2013	(r336677)
+++ head/www/phpmyfaq/pkg-plist	Mon Dec 16 23:37:23 2013	(r336678)
@@ -1,3 +1,16 @@
+@exec mkdir -p %D/www/phpmyfaq/attachments
+@exec mkdir -p %D/www/phpmyfaq/data
+@exec mkdir -p %D/www/phpmyfaq/images
+@exec mkdir -p %D/www/phpmyfaq/inc
+@exec mkdir -p %D/www/phpmyfaq/pdf
+@exec mkdir -p %D/www/phpmyfaq/xml
+@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/attachments
+@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/config
+@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/data
+@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/images
+@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/inc
+@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/pdf
+@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/xml
 %%WWWDIR%%/_.htaccess
 %%WWWDIR%%/_httpd.ini
 %%WWWDIR%%/_lighttpd.conf
@@ -24,6 +37,7 @@
 %%WWWDIR%%/admin/assets/font/fontawesome-webfont.svg
 %%WWWDIR%%/admin/assets/font/fontawesome-webfont.ttf
 %%WWWDIR%%/admin/assets/font/fontawesome-webfont.woff
+%%WWWDIR%%/admin/assets/js/record.js
 %%WWWDIR%%/admin/assets/js/uploadcheck.js
 %%WWWDIR%%/admin/assets/js/user.js
 %%WWWDIR%%/admin/assets/less/style.less
@@ -876,6 +890,7 @@
 %%WWWDIR%%/assets/template/default/favicon.ico
 %%WWWDIR%%/assets/template/default/glossary.tpl
 %%WWWDIR%%/assets/template/default/images/arrow.gif
+%%WWWDIR%%/assets/template/default/indexPassword.tpl
 %%WWWDIR%%/assets/template/default/index.tpl
 %%WWWDIR%%/assets/template/default/indexLogin.tpl
 %%WWWDIR%%/assets/template/default/indexMaintenance.tpl
@@ -1264,7 +1279,7 @@
 @dirrm %%WWWDIR%%/xml
 @dirrm %%WWWDIR%%/services/twitter
 @dirrm %%WWWDIR%%/services
-@dirrmtry %%WWWDIR%%/pdf
+@dirrm %%WWWDIR%%/pdf
 @dirrm %%WWWDIR%%/multisite
 @dirrm %%WWWDIR%%/lang
 @dirrm %%WWWDIR%%/install
@@ -1357,16 +1372,16 @@
 @dirrm %%WWWDIR%%/inc/PMF/Attachment
 @dirrm %%WWWDIR%%/inc/PMF
 @dirrm %%WWWDIR%%/inc
-@dirrmtry %%WWWDIR%%/images
+@dirrm %%WWWDIR%%/images
 @dirrm %%WWWDIR%%/feed/topten
 @dirrm %%WWWDIR%%/feed/openquestions
 @dirrm %%WWWDIR%%/feed/news
 @dirrm %%WWWDIR%%/feed/latest
 @dirrm %%WWWDIR%%/feed/category
 @dirrm %%WWWDIR%%/feed
-@dirrmtry %%WWWDIR%%/data
-@dirrmtry %%WWWDIR%%/config
-@dirrmtry %%WWWDIR%%/attachments
+@dirrm %%WWWDIR%%/data
+@dirrm %%WWWDIR%%/config
+@dirrm %%WWWDIR%%/attachments
 @dirrm %%WWWDIR%%/assets/template/default/less
 @dirrm %%WWWDIR%%/assets/template/default/images
 @dirrm %%WWWDIR%%/assets/template/default/css



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312162337.rBGNbOT9074519>