Date: Sat, 2 Dec 2006 23:16:09 +0900 (JST) From: TAKATSU Tomonari <tota@rtfm.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/106209: [MAINTAINER] www/tdiary-devel: patch to 2.1.4 in order to fix XSS Vulnerability Message-ID: <20061202141609.22A656D44D@rtfm.jp> Resent-Message-ID: <200612021420.kB2EKN3h031555@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 106209 >Category: ports >Synopsis: [MAINTAINER] www/tdiary-devel: patch to 2.1.4 in order to fix XSS Vulnerability >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Dec 02 14:20:22 GMT 2006 >Closed-Date: >Last-Modified: >Originator: TAKATSU Tomonari >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: none (personal) >Environment: System: FreeBSD photon.rtfm.jp 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Tue Nov 21 20:55:36 JST 2006 >Description: - patch to 2.1.4 in order to XSS Vulnerability fixed XSS Vulnerability in tDiary http://sourceforge.net/forum/forum.php?forum_id=638868 Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: begin 644 tdiary-devel-2.1.4_1.patch diff -urN /usr/ports/www/tdiary-devel.orig/Makefile /usr/ports/www/tdiary-devel/Makefile --- /usr/ports/www/tdiary-devel.orig/Makefile Sun Nov 19 10:23:30 2006 +++ /usr/ports/www/tdiary-devel/Makefile Sat Dec 2 22:30:54 2006 @@ -7,6 +7,7 @@ PORTNAME= tdiary PORTVERSION= 2.1.4 +PORTREVISION= 1 CATEGORIES?= www ruby MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \ http://www.tdiary.org/download/ @@ -14,11 +15,16 @@ PKGNAMESUFFIX= -devel DISTNAME= ${PORTNAME}-full-${PORTVERSION} +PATCH_SITES= http://www.tdiary.org/download/ +PATCHFILES= tdiary.20061126.patch + MAINTAINER= tota@rtfm.jp COMMENT= A Web-based diary system (like weblog) written in Ruby NO_BUILD= yes -CONFLICTS?= ja-tdiary-devel-[0-9]* +CONFLICTS?= tdiary-[0-9]* \ + ja-tdiary-[0-9]* \ + ja-tdiary-devel-[0-9]* PKGMESSAGE= ${WRKDIR}/pkg-message USE_RUBY= yes RUBY_VER= 1.8 @@ -33,7 +39,7 @@ TDIARYDIR= ${EXAMPLESDIR}${PKGNAMESUFFIX} WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} -.if !defined(TDIARY_LANG) +.if !defined(TDIARY_LANG) || ${TDIARY_LANG} != ja TDIARY_LANG= en .endif .if defined(WITH_TDIARY_UCONV) @@ -45,12 +51,16 @@ .include <bsd.port.pre.mk> .if ${RUBY_VERSION_CODE} < 182 -IGNORE= needs ruby 1.8.2 or higher, install lang/ruby18 and try again +IGNORE= only works with Ruby 1.8.2 or later .endif +post-patch: + @${FIND} ${WRKSRC} -name "*.orig" -type f -exec ${RM} -f {} \; + do-install: @-${MKDIR} ${TDIARYDIR} - @${SED} -e 's,@@@@PREFIX@@@@,${PREFIX},g' \ + @${SED} -e 's,#!/usr/bin/env ruby,#!${RUBY},' \ + -e 's,@@@@PREFIX@@@@,${PREFIX},g' \ -e 's,@@@@TDIARY@@@@,${PORTNAME}${PKGNAMESUFFIX},g' \ -e 's,@@@@LANG@@@@,${TDIARY_LANG},g' \ ${FILESDIR}/tdiaryinst.rb.in > ${TDIARYDIR}/tdiaryinst.rb diff -urN /usr/ports/www/tdiary-devel.orig/distinfo /usr/ports/www/tdiary-devel/distinfo --- /usr/ports/www/tdiary-devel.orig/distinfo Sun May 7 00:44:45 2006 +++ /usr/ports/www/tdiary-devel/distinfo Sat Dec 2 21:05:09 2006 @@ -1,3 +1,6 @@ MD5 (tdiary-full-2.1.4.tar.gz) = 49414c4453906c75d6a48f952dc0307a SHA256 (tdiary-full-2.1.4.tar.gz) = 4a4aed40bbcb05eae200f715c0d8f118e5aa0bc82d17d62f11b15975141976f1 SIZE (tdiary-full-2.1.4.tar.gz) = 3490011 +MD5 (tdiary.20061126.patch) = 1148b22805b912dfd8bf566ed068e360 +SHA256 (tdiary.20061126.patch) = 9633e718c35b62857849711f58692257fdfd84b93c34d3ff783c2708d04d8f1c +SIZE (tdiary.20061126.patch) = 879 diff -urN /usr/ports/www/tdiary-devel.orig/files/pkg-message.in /usr/ports/www/tdiary-devel/files/pkg-message.in --- /usr/ports/www/tdiary-devel.orig/files/pkg-message.in Tue Mar 2 02:01:10 2004 +++ /usr/ports/www/tdiary-devel/files/pkg-message.in Sat Dec 2 21:02:20 2006 @@ -11,11 +11,9 @@ --help Display Help information --- -There is a document by English in the following directories. +There are documents in the following directories. See ... + %%EXAMPLESDIR%%/doc/ %%EXAMPLESDIR%%/misc/i18n/ - and - Explanation by English of a tDiary system can refer to the following page : - - http://tdiary-users.sourceforge.jp/cgi-bin/wiki.cgi?FrontPage_en ============================================================================= + end >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061202141609.22A656D44D>