From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Mar 15 19:40:06 2007
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DDBB016A404
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 15 Mar 2007 19:40:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id C2B5013C45E
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 15 Mar 2007 19:40:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l2FJe6sv097043
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 15 Mar 2007 19:40:06 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l2FJe6nI097040;
	Thu, 15 Mar 2007 19:40:06 GMT (envelope-from gnats)
Resent-Date: Thu, 15 Mar 2007 19:40:06 GMT
Resent-Message-Id: <200703151940.l2FJe6nI097040@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Antoine Beaupre <anarcat@koumbit.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4AFAE16A400
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 15 Mar 2007 19:36:40 +0000 (UTC)
	(envelope-from anarcat@lethe.koumbit.net)
Received: from lethe.koumbit.net (modemcable028.26-70-69.static.videotron.ca
	[69.70.26.28]) by mx1.freebsd.org (Postfix) with ESMTP id 295C413C448
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 15 Mar 2007 19:36:40 +0000 (UTC)
	(envelope-from anarcat@lethe.koumbit.net)
Received: by lethe.koumbit.net (Postfix, from userid 1000)
	id 922AA1711D; Thu, 15 Mar 2007 15:19:23 -0400 (EDT)
Message-Id: <20070315191923.922AA1711D@lethe.koumbit.net>
Date: Thu, 15 Mar 2007 15:19:23 -0400 (EDT)
From: Antoine Beaupre <anarcat@koumbit.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/110350: [PATCH] (security?) upgrade of sql-ledger
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Antoine Beaupre <anarcat@koumbit.org>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2007 19:40:06 -0000


>Number:         110350
>Category:       ports
>Synopsis:       [PATCH] (security?) upgrade of sql-ledger
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 15 19:40:06 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Antoine Beaupre
>Release:        FreeBSD 6.2-RELEASE-p2 i386
>Organization:
Koumbit
>Environment:
System: FreeBSD lethe.koumbit.net 6.2-RELEASE-p2 FreeBSD 6.2-RELEASE-p2 #0: Fri Mar 9 14:54:27 EST 2007 anarcat@lethe.koumbit.net:/usr/obj/usr/src/sys/LETHE6 i386

SQL-Ledger < 2.2.26.

>Description:

The current version of SQL_Ledger in the ports system is vulnerable to a "authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x." 2.6.26 was released to correct this problem.

http://www.securityfocus.com/archive/1/462375

>How-To-Repeat:

N/A

>Fix:

--- Makefile.orig	Mon Mar 12 13:04:58 2007
+++ Makefile	Mon Mar 12 13:05:25 2007
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	sql-ledger
-PORTVERSION=	2.6.25
+PORTVERSION=	2.6.26
 CATEGORIES=	finance perl5
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE} \
 		http://www.sql-ledger.com/source/
--- distinfo.orig	Mon Mar 12 13:05:03 2007
+++ distinfo	Mon Mar 12 13:06:28 2007
@@ -1,3 +1,3 @@
-MD5 (sql-ledger-2.6.25.tar.gz) = 76ae71da3a8d5863aabb8bc8bd72bccb
-SHA256 (sql-ledger-2.6.25.tar.gz) = 0fa9bf0bf6b40c9e31075c3790124879cdd507d616d2748e59c21e2b4d96057a
-SIZE (sql-ledger-2.6.25.tar.gz) = 3048626
+MD5 (sql-ledger-2.6.26.tar.gz) = c47b5cfc4a743f8234f0719a3e41eaf9
+SHA256 (sql-ledger-2.6.26.tar.gz) = c4bfb12c2793341e408f8c417fa0c4c52b7ad9da59944a196cfae5ccfef7c005
+SIZE (sql-ledger-2.6.26.tar.gz) = 3048615
--- pkg-plist.orig	Mon Mar 12 13:05:10 2007
+++ pkg-plist	Mon Mar 12 13:12:56 2007
@@ -109,7 +109,7 @@
 sql-ledger/doc/UPGRADE-2.4.16-2.6.0
 sql-ledger/doc/UPGRADE-2.4.2-2.4.3
 sql-ledger/doc/UPGRADE-2.4.3-2.4.16
-sql-ledger/doc/UPGRADE-2.6.0-2.6.25
+sql-ledger/doc/UPGRADE-2.6.0-2.6.26
 sql-ledger/doc/faq.html
 sql-ledger/favicon.ico
 sql-ledger/gl.pl
>Release-Note:
>Audit-Trail:
>Unformatted: