- Update distinfo
Vendor's Announcement:
Hello again!
Just two days after the last security problem another flaw was discovered.
Luckily not as bad as the last one.
Andreas .kre Solberg discovered a security flaw which allows registered
users to view page content they usually have no access to. The problem is
in the way how a successful user profile change is handled.
This affects only installs which have Access Control Lists enabled (off by
default) and restricted the READ permission for certain pages even for
logged in users. Non-authenticated users can not exploit this bug.
The package available at http://www.splitbrain.org/go/dokuwiki was updated
again to reflect the change but fixing it manually is simple, too. Info on
how to do this is available at
http://bugs.splitbrain.org/?do=details&id=825
Andi
I request that the package be immediately rebuilt and distributed.
PR: ports/98599
Submitted by: aaron
Reviewed by: maintainer
Approved by: maintainer, tobez (implicit)
Security: http://bugs.splitbrain.org/index.php?do=details&id=825
* Fix rc.d file to use SIGKILL to terminate
* Add new port option to use bluecloth from ports (improved Markdown syntax support)
* Remove unfetchable MASTER_SITE URL
PR: ports/98418
Submitted by: Alastair Rankine <arsptr@internode.on.net> (maintainer)
- rewrite dependency lists
o use package dependency if it has a minimum version requirement
o Add two missing dependencies
o Remove Getopt::Long. This port requires Perl 5.8, which has it.
- rephrase IGNORE
PR: ports/98640
Submitted by: Rong-En Fan <rafan_AT_infor dot org>
Approved by: maintainer
- Add WWW entry
- Add missing dependency HTML::Tagset, as it is listed in Makefile.PL.
- Use package dependency list to meet the minimum version
PR: ports/98643
Submitted by: Rong-En Fan
Vendor's Announcement:
This patch fixes a LDAP security issue. Only systems who have PHP
configured with register_globals = On are vulnerable for this security
hole. You can check this in your php.ini script or using the phpinfo()
script.
It is advised however to patch your system using this patch even when
register_globals is set to Off. Install file is included in the patch.
PR: ports/98498
Submitted by: Filipe Rocha <filiperocha@gmail.com>
Reviewed by: aaron
Approved by: tobez (implicit)
Security: This patch fixes a LDAP security issue. Only systems who
have PHP configured with register_globals = On are vulnerable for this
security hole. You can check this in your php.ini script or using the
phpinfo() script. It is advised however to patch your system using this
patch even when register_globals is set to Off. Install file is included
in the patch.
that are no offically supported by a port.
Example 1: Support for firefox-devel
USE_GECKO=firefox-devel<->firefox firefox mozilla
if ${GECKO}==firefox-devel a simple sed -e 's|firefox|firefox-devel| will
be done on Makefile.in and configure files.
Example 2: Support for seamonkey
USE_GECKO=firefox seamonkey<->firefox
2.2.tweak the config file we install to work as intended on apache 2.2.
PR: ports/97995
Submitted by: maintainer
Approved by: lawrance (mentor, implicit)
- Assign maintainership to submitter since maintainer's email bounce and it
also did for the last PR. [1]
PR: ports/98503
Submitted by: Alexander Botero-Lowry <alex@foxybanana.com>
Approved by: portmgr (erwin) [1], lawrance (mentor, implicit)
- Bump PORTREVISION
- Change default install location
- This is a major security fix and I would ask that portmgr@ immediately
rebuild and redistribute the port's package!
PR: ports/98514
Submitted by: aaron
Approved by: secteam (simon)
