Date: Tue, 16 Dec 2014 12:41:02 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196026] New: mail/roundcube: Port does not install .htaccess files [security problem] Message-ID: <bug-196026-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196026 Bug ID: 196026 Summary: mail/roundcube: Port does not install .htaccess files [security problem] Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ale@FreeBSD.org Reporter: lukasz@wasikowski.net Flags: maintainer-feedback?(ale@FreeBSD.org) Assignee: ale@FreeBSD.org FreeBSD's roundcube port is not installing .htaccess files, which by default deny access to config, temp, logs dirs and more. So, by default, you can remotely read roundcube logs, composer configs, and so on. How to repeat: Fresh system with no packages installed. root@testlab:~ # uname -a FreeBSD testlab 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 root@testlab:~ # pkg install roundcube [...] [19/19] Extracting roundcube-1.0.3,1: 100% Message for roundcube-1.0.3,1: --------------------------------------------------------------------- FIRST INSTALLATION If this is a first installation of RoundCube you have to create a new database and a db user. Read INSTALL for detailed instructions. UPGRADING If you already had a previous version of RoundCube installed, you should check your config files and DB schema are up-to-date. Read UPGRADING for detailed instructions. --------------------------------------------------------------------- root@testlab:~ # find /usr/local/www/roundcube/ -type f -name .htaccess /usr/local/www/roundcube/plugins/enigma/home/.htaccess While it should look like this: root@testlab:~ # fetch -o /tmp/roundcubemail-1.0.3.tar.gz http://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.0.3/roundcubemail-1.0.3.tar.gz /tmp/roundcubemail-1.0.3.tar.gz 100% of 3890 kB 1131 kBps 00m03s root@testlab:~ # tar zxf /tmp/roundcubemail-1.0.3.tar.gz -C /tmp/ root@testlab:~ # find /tmp/roundcubemail-1.0.3/ -type f -name .htaccess /tmp/roundcubemail-1.0.3/plugins/enigma/home/.htaccess /tmp/roundcubemail-1.0.3/.htaccess --- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> --- Auto-assigned to maintainer ale@FreeBSD.org -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196026-13>