mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-18 19:49:40 +00:00
- update to 2.8.4
- add stage support Security: 3b86583a-66a7-11e3-868f-0025905a4771
This commit is contained in:
Florian Smeets
parent
9e2745ba75
commit
2a861f63a5
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=336678
@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file.
|
||||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="3b86583a-66a7-11e3-868f-0025905a4771">
|
||||
<topic>phpmyfaq -- arbitrary PHP code execution vulnerability</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>phpmyfaq</name>
|
||||
<range><lt>2.8.4</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>The phpMyFAQ team reports:</p>
|
||||
<blockquote cite="http://www.phpmyfaq.de/advisory_2013-11-26.php">
|
||||
<p>Secunia noticed while analysing the advisory that authenticated
|
||||
users with "Right to add attachments" are able to exploit an already
|
||||
publicly known issue in the bundled Ajax File Manager of phpMyFAQ version
|
||||
2.8.3, which leads to arbitrary PHP code execution for authenticated
|
||||
users with the permission "Right to add attachments".</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.phpmyfaq.de/advisory_2013-11-26.php</url>
|
||||
<url>http://en.securitylab.ru/lab/PT-2013-41</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2013-11-26</discovery>
|
||||
<entry>2013-12-16</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="44d0f8dc-6607-11e3-bb11-0025900931f8">
|
||||
<topic>zabbix -- shell command injection vulnerability</topic>
|
||||
<affects>
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= phpmyfaq
|
||||
PORTVERSION= 2.8.2
|
||||
PORTVERSION= 2.8.4
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= http://www.phpmyfaq.de/download/
|
||||
|
||||
@ -11,20 +11,20 @@ COMMENT= A multilingual, completely database-driven FAQ-system
|
||||
|
||||
WRKSRC= ${WRKDIR}/${PORTNAME}
|
||||
|
||||
NEED_ROOT= yes
|
||||
|
||||
USE_PHP= filter json mysql pcre pdf session xml xmlrpc xmlwriter zlib
|
||||
FAQ_DIR= attachments data images inc pdf xml
|
||||
NO_BUILD= YES
|
||||
WANT_PHP_WEB= YES
|
||||
NO_ARCH= YES
|
||||
|
||||
NO_STAGE= yes
|
||||
do-install:
|
||||
-${MKDIR} ${WWWDIR}
|
||||
@cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${WWWDIR}
|
||||
@${MKDIR} ${STAGEDIR}${WWWDIR}
|
||||
@cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${WWWDIR}
|
||||
.for i in ${FAQ_DIR}
|
||||
-@${MKDIR} ${WWWDIR}/${i}
|
||||
@${CHMOD} 777 ${WWWDIR}/${i}
|
||||
@${MKDIR} ${STAGEDIR}${WWWDIR}/${i}
|
||||
@${CHOWN} ${WWWOWN}:${WWWGRP} ${STAGEDIR}${WWWDIR}/${i} ${STAGEDIR}${WWWDIR}/config
|
||||
.endfor
|
||||
@${CHOWN} -R ${WWWOWN}:${WWWGRP} ${WWWDIR}
|
||||
@${CAT} ${PKGMESSAGE}
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (phpmyfaq-2.8.2.tar.gz) = 2ab6452da45dacd3bd771597671371881a4c9d13352b4c70d608b686779c3db6
|
||||
SIZE (phpmyfaq-2.8.2.tar.gz) = 3896352
|
||||
SHA256 (phpmyfaq-2.8.4.tar.gz) = da4762ce824a973f0303762e9028ea9c7e1b1b0bc0f7721388046bd1c35b0164
|
||||
SIZE (phpmyfaq-2.8.4.tar.gz) = 3903889
|
||||
|
||||
@ -1,3 +1,16 @@
|
||||
@exec mkdir -p %D/www/phpmyfaq/attachments
|
||||
@exec mkdir -p %D/www/phpmyfaq/data
|
||||
@exec mkdir -p %D/www/phpmyfaq/images
|
||||
@exec mkdir -p %D/www/phpmyfaq/inc
|
||||
@exec mkdir -p %D/www/phpmyfaq/pdf
|
||||
@exec mkdir -p %D/www/phpmyfaq/xml
|
||||
@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/attachments
|
||||
@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/config
|
||||
@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/data
|
||||
@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/images
|
||||
@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/inc
|
||||
@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/pdf
|
||||
@exec chown %%WWWOWN%%:%%WWWGRP%% %D/www/phpmyfaq/xml
|
||||
%%WWWDIR%%/_.htaccess
|
||||
%%WWWDIR%%/_httpd.ini
|
||||
%%WWWDIR%%/_lighttpd.conf
|
||||
@ -24,6 +37,7 @@
|
||||
%%WWWDIR%%/admin/assets/font/fontawesome-webfont.svg
|
||||
%%WWWDIR%%/admin/assets/font/fontawesome-webfont.ttf
|
||||
%%WWWDIR%%/admin/assets/font/fontawesome-webfont.woff
|
||||
%%WWWDIR%%/admin/assets/js/record.js
|
||||
%%WWWDIR%%/admin/assets/js/uploadcheck.js
|
||||
%%WWWDIR%%/admin/assets/js/user.js
|
||||
%%WWWDIR%%/admin/assets/less/style.less
|
||||
@ -876,6 +890,7 @@
|
||||
%%WWWDIR%%/assets/template/default/favicon.ico
|
||||
%%WWWDIR%%/assets/template/default/glossary.tpl
|
||||
%%WWWDIR%%/assets/template/default/images/arrow.gif
|
||||
%%WWWDIR%%/assets/template/default/indexPassword.tpl
|
||||
%%WWWDIR%%/assets/template/default/index.tpl
|
||||
%%WWWDIR%%/assets/template/default/indexLogin.tpl
|
||||
%%WWWDIR%%/assets/template/default/indexMaintenance.tpl
|
||||
@ -1264,7 +1279,7 @@
|
||||
@dirrm %%WWWDIR%%/xml
|
||||
@dirrm %%WWWDIR%%/services/twitter
|
||||
@dirrm %%WWWDIR%%/services
|
||||
@dirrmtry %%WWWDIR%%/pdf
|
||||
@dirrm %%WWWDIR%%/pdf
|
||||
@dirrm %%WWWDIR%%/multisite
|
||||
@dirrm %%WWWDIR%%/lang
|
||||
@dirrm %%WWWDIR%%/install
|
||||
@ -1357,16 +1372,16 @@
|
||||
@dirrm %%WWWDIR%%/inc/PMF/Attachment
|
||||
@dirrm %%WWWDIR%%/inc/PMF
|
||||
@dirrm %%WWWDIR%%/inc
|
||||
@dirrmtry %%WWWDIR%%/images
|
||||
@dirrm %%WWWDIR%%/images
|
||||
@dirrm %%WWWDIR%%/feed/topten
|
||||
@dirrm %%WWWDIR%%/feed/openquestions
|
||||
@dirrm %%WWWDIR%%/feed/news
|
||||
@dirrm %%WWWDIR%%/feed/latest
|
||||
@dirrm %%WWWDIR%%/feed/category
|
||||
@dirrm %%WWWDIR%%/feed
|
||||
@dirrmtry %%WWWDIR%%/data
|
||||
@dirrmtry %%WWWDIR%%/config
|
||||
@dirrmtry %%WWWDIR%%/attachments
|
||||
@dirrm %%WWWDIR%%/data
|
||||
@dirrm %%WWWDIR%%/config
|
||||
@dirrm %%WWWDIR%%/attachments
|
||||
@dirrm %%WWWDIR%%/assets/template/default/less
|
||||
@dirrm %%WWWDIR%%/assets/template/default/images
|
||||
@dirrm %%WWWDIR%%/assets/template/default/css
|
||||
|
||||
Loading…
Reference in New Issue
Block a user