pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2009Q3]: pkgsrc/www Pullup ticket #2952 - requested by taca
details: https://anonhg.NetBSD.org/pkgsrc/rev/fd4e17229e34
branches: pkgsrc-2009Q3
changeset: 400006:fd4e17229e34
user: tron <tron%pkgsrc.org@localhost>
date: Sun Dec 20 09:41:38 2009 +0000
description:
Pullup ticket #2952 - requested by taca
typolight26: security update
typolight26-example: security update
typolight27: security update
typolight27-example: security update
Revisions pulled up:
- www/typolight/Makefile.common 1.14
- www/typolight26-example/Makefile 1.2
- www/typolight26-translations/Makefile 1.3
- www/typolight26/DEINSTALL 1.2
- www/typolight26/Makefile 1.3-1.5
- www/typolight26/distinfo 1.3
- www/typolight26/patches/patch-ad 1.1
- www/typolight26/patches/patch-ae 1.1
- www/typolight27-example/Makefile 1.2
- www/typolight27-translations/Makefile 1.33
- www/typolight27/DEINSTALL 1.2
- www/typolight27/Makefile 1.10-1.12
- www/typolight27/Makefile.version 1.8
- www/typolight27/distinfo 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 22 16:18:00 UTC 2009
Modified Files:
pkgsrc/www/typolight: Makefile.common
pkgsrc/www/typolight26: Makefile
pkgsrc/www/typolight26-example: Makefile
pkgsrc/www/typolight26-translations: Makefile
pkgsrc/www/typolight27: Makefile
pkgsrc/www/typolight27-example: Makefile
pkgsrc/www/typolight27-translations: Makefile
Log Message:
Move LICENSE from typolight/Makefile.common to each Makefiles for
license change of forthcoming TYPOlihght 2.8(.RC1).
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 29 06:46:21 UTC 2009
Modified Files:
pkgsrc/www/typolight26: DEINSTALL Makefile
Log Message:
o DEINSTALL: remove .htacces under plugins/tcpdf/cache.
o make plugins/tcpdf/cache writable to web server.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 29 06:46:37 UTC 2009
Modified Files:
pkgsrc/www/typolight27: DEINSTALL Makefile
Log Message:
o DEINSTALL: remove .htacces under plugins/tcpdf/cache.
o make plugins/tcpdf/cache writable to web server.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 20 04:21:05 UTC 2009
Modified Files:
pkgsrc/www/typolight26: Makefile distinfo
Added Files:
pkgsrc/www/typolight26/patches: patch-ad patch-ae
Log Message:
Add security fix patches, refering http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Dec 20 04:22:04 UTC 2009
Modified Files:
pkgsrc/www/typolight27: Makefile Makefile.version distinfo
Log Message:
Update to TYPOlight 2.7.6.
Only security updates: http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html.
diffstat:
www/typolight/Makefile.common | 4 +--
www/typolight26-example/Makefile | 4 ++-
www/typolight26-translations/Makefile | 3 +-
www/typolight26/DEINSTALL | 4 ++-
www/typolight26/Makefile | 6 ++-
www/typolight26/distinfo | 4 ++-
www/typolight26/patches/patch-ad | 52 +++++++++++++++++++++++++++++++++++
www/typolight26/patches/patch-ae | 52 +++++++++++++++++++++++++++++++++++
www/typolight27-example/Makefile | 4 ++-
www/typolight27-translations/Makefile | 3 +-
www/typolight27/DEINSTALL | 4 ++-
www/typolight27/Makefile | 40 ++++++++++++++------------
www/typolight27/Makefile.version | 4 +-
www/typolight27/distinfo | 8 ++--
14 files changed, 155 insertions(+), 37 deletions(-)
diffs (truncated from 363 to 300 lines):
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight/Makefile.common
--- a/www/typolight/Makefile.common Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight/Makefile.common Sun Dec 20 09:41:38 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.13 2009/06/14 22:58:10 joerg Exp $
+# $NetBSD: Makefile.common,v 1.13.4.1 2009/12/20 09:41:38 tron Exp $
#
# used by www/typolight26/Makefile
# used by www/typolight27/Makefile
@@ -9,8 +9,6 @@
TL_VER?= ${TL_VERSION:C/([0-9]+)\.([0-9]+)\..*/\1\2/}
TL_PKGVER= ${TL_VERSION:S/.RC/rc/}
-LICENSE= gnu-lgpl-v2.1
-
FILES_SUBST+= PAX=${PAX} TL_EGDIR=${TL_EGDIR:Q} TL_WEBDIR=${TL_WEBDIR:Q} \
WWWGRP=${APACHE_GROUP:Q} WWWOWN=${APACHE_USER:Q}
MESSAGE_SUBST+= TL_VER=${TL_VER}
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight26-example/Makefile
--- a/www/typolight26-example/Makefile Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight26-example/Makefile Sun Dec 20 09:41:38 2009 +0000
@@ -1,6 +1,8 @@
-# $NetBSD: Makefile,v 1.1.1.1 2009/04/26 03:53:53 taca Exp $
+# $NetBSD: Makefile,v 1.1.1.1.4.1 2009/12/20 09:41:39 tron Exp $
#
+LICENSE= gnu-lgpl-v2.1
+
.include "../../www/typolight26/Makefile.version"
.include "../../www/typolight/Makefile.example"
.include "../../www/typolight/Makefile.common"
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight26-translations/Makefile
--- a/www/typolight26-translations/Makefile Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight26-translations/Makefile Sun Dec 20 09:41:38 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2009/09/24 03:04:04 taca Exp $
+# $NetBSD: Makefile,v 1.2.2.1 2009/12/20 09:41:39 tron Exp $
#
DISTNAME= typolight${TL_VER}-translations-${VERS}
@@ -10,6 +10,7 @@
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= http://www.typolight.org/download-translations.html
COMMENT= Language files for TYPOlight CMS
+LICENSE= gnu-lgpl-v2.1
DEPENDS+= typolight${TL_VER}>=2.6.0:../../www/typolight26
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight26/DEINSTALL
--- a/www/typolight26/DEINSTALL Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight26/DEINSTALL Sun Dec 20 09:41:38 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: DEINSTALL,v 1.1.1.1 2009/04/26 03:52:30 taca Exp $
+# $NetBSD: DEINSTALL,v 1.1.1.1.4.1 2009/12/20 09:41:38 tron Exp $
TL_WEBDIR="@PREFIX@/@TL_WEBDIR@"
TL_DIRS="system/config system/drivers system/libraries system/logs \
@@ -9,6 +9,8 @@
# remove cache files.
${FIND} ${TL_WEBDIR}/system/html -type f ! -name index.html \
-exec ${RM} -f {} \;
+ ${FIND} ${TL_WEBDIR}/plugins/tcpdf/cache -type f ! -name .htaccess \
+ -exec ${RM} -f {} \;
;;
POST-DEINSTALL)
(cd ${TL_WEBDIR}
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight26/Makefile
--- a/www/typolight26/Makefile Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight26/Makefile Sun Dec 20 09:41:38 2009 +0000
@@ -1,15 +1,16 @@
-# $NetBSD: Makefile,v 1.2 2009/04/30 13:12:40 taca Exp $
+# $NetBSD: Makefile,v 1.2.4.1 2009/12/20 09:41:38 tron Exp $
#
DISTNAME= typolight-${TL_VERSION}
PKGNAME= typolight${TL_VER}-${TL_PKGVER}
-PKGREVISION= 1
+PKGREVISION= 3
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=typolight/}
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= http://www.typolight.org/
COMMENT= Powerful web content management system (CMS)
+LICENSE= gnu-lgpl-v2.1
DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.1.0:../../graphics/php-gd
DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.1.0:../../misc/php-mbstring
@@ -75,6 +76,7 @@
OWN_DIRS_PERMS+= \
${TL_WEBDIR} ${BINOWN} ${APACHE_GROUP} 0775 \
${TL_WEBDIR}/plugins ${BINOWN} ${APACHE_GROUP} 0775 \
+ ${TL_WEBDIR}/plugins/tcpdf/cache ${BINOWN} ${APACHE_GROUP} 0775 \
${TL_WEBDIR}/system ${BINOWN} ${APACHE_GROUP} 0775 \
${TL_WEBDIR}/system/drivers ${BINOWN} ${APACHE_GROUP} 0775 \
${TL_WEBDIR}/system/html ${BINOWN} ${APACHE_GROUP} 0770 \
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight26/distinfo
--- a/www/typolight26/distinfo Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight26/distinfo Sun Dec 20 09:41:38 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2009/04/30 13:12:40 taca Exp $
+$NetBSD: distinfo,v 1.2.4.1 2009/12/20 09:41:38 tron Exp $
SHA1 (typolight-2.6.7.tar.gz) = d360d5a974c3663488576f856302710c0529b500
RMD160 (typolight-2.6.7.tar.gz) = b15e3c1c910f3fc9bf3797ffd0dfd6dfc3dd7d5a
@@ -6,3 +6,5 @@
SHA1 (patch-aa) = 254a1fef4e0baff7c5f10c25ceb9d1501f315684
SHA1 (patch-ab) = a005f8650564eb031def1f94156dcdc72799a758
SHA1 (patch-ac) = 035f7703721774b1cc9eaf99ffdbc6aa60489076
+SHA1 (patch-ad) = 1302dfb77f76f3d407f123b3e1f1d9f8dfe6e740
+SHA1 (patch-ae) = 7498d750dc902294163efd32cae3ac20feb08c08
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight26/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/typolight26/patches/patch-ad Sun Dec 20 09:41:38 2009 +0000
@@ -0,0 +1,52 @@
+$NetBSD: patch-ad,v 1.1.2.2 2009/12/20 09:41:38 tron Exp $
+
+* Security fix:
+ http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html
+
+--- typolight/ftp.php.orig 2008-12-13 15:27:05.000000000 +0000
++++ typolight/ftp.php
+@@ -88,6 +88,9 @@ class FtpCheck extends Controller
+ */
+ if ($this->Input->post('FORM_SUBMIT') == 'tl_login')
+ {
++ $_SESSION['TL_INSTALL_AUTH'] = '';
++ $_SESSION['TL_INSTALL_EXPIRE'] = 0;
++
+ $password = sha1($this->Input->post('password', true));
+
+ if (strlen($password) && $password != 'da39a3ee5e6b4b0d3255bfef95601890afd80709')
+@@ -95,7 +98,10 @@ class FtpCheck extends Controller
+ // Set cookie
+ if ($password == $GLOBALS['TL_CONFIG']['installPassword'])
+ {
+- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']);
++ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300);
++ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id());
++
++ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']);
+ $this->Config->update("\$GLOBALS['TL_CONFIG']['installCount']", 0);
+
+ $this->reload();
+@@ -109,14 +115,20 @@ class FtpCheck extends Controller
+ }
+
+ // Check cookie
+- if (!$this->Input->cookie('TL_INSTALL_AUTH'))
++ if (!$this->Input->cookie('TL_INSTALL_AUTH') || $_SESSION['TL_INSTALL_AUTH'] == '' || $this->Input->cookie('TL_INSTALL_AUTH') != $_SESSION['TL_INSTALL_AUTH'] ||
$_SESSION['TL_INSTALL_EXPIRE'] < time())
+ {
+ $this->Template->login = true;
+ $this->outputAndExit();
+ }
+
+ // Renew cookie
+- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']);
++ else
++ {
++ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300);
++ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id());
++
++ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']);
++ }
+
+
+ /**
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight26/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/typolight26/patches/patch-ae Sun Dec 20 09:41:38 2009 +0000
@@ -0,0 +1,52 @@
+$NetBSD: patch-ae,v 1.1.2.2 2009/12/20 09:41:38 tron Exp $
+
+* Security fix:
+ http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html
+
+--- typolight/install.php.orig 2008-12-13 15:27:05.000000000 +0000
++++ typolight/install.php
+@@ -113,6 +113,9 @@ class InstallTool extends Controller
+ */
+ if ($this->Input->post('FORM_SUBMIT') == 'tl_login')
+ {
++ $_SESSION['TL_INSTALL_AUTH'] = '';
++ $_SESSION['TL_INSTALL_EXPIRE'] = 0;
++
+ $password = sha1($this->Input->post('password', true));
+
+ if (strlen($password) && $password != 'da39a3ee5e6b4b0d3255bfef95601890afd80709')
+@@ -120,7 +123,10 @@ class InstallTool extends Controller
+ // Set cookie
+ if ($password == $GLOBALS['TL_CONFIG']['installPassword'])
+ {
+- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']);
++ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300);
++ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id());
++
++ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']);
+ $this->Config->update("\$GLOBALS['TL_CONFIG']['installCount']", 0);
+
+ $this->reload();
+@@ -134,14 +140,20 @@ class InstallTool extends Controller
+ }
+
+ // Check cookie
+- if (!$this->Input->cookie('TL_INSTALL_AUTH'))
++ if (!$this->Input->cookie('TL_INSTALL_AUTH') || $_SESSION['TL_INSTALL_AUTH'] == '' || $this->Input->cookie('TL_INSTALL_AUTH') != $_SESSION['TL_INSTALL_AUTH'] ||
$_SESSION['TL_INSTALL_EXPIRE'] < time())
+ {
+ $this->Template->login = true;
+ $this->outputAndExit();
+ }
+
+ // Renew cookie
+- $this->setCookie('TL_INSTALL_AUTH', md5($this->Environment->ip.session_id()), (time()+300), $GLOBALS['TL_CONFIG']['websitePath']);
++ else
++ {
++ $_SESSION['TL_INSTALL_EXPIRE'] = (time() + 300);
++ $_SESSION['TL_INSTALL_AUTH'] = md5(uniqid('', true) . $this->Environment->ip . session_id());
++
++ $this->setCookie('TL_INSTALL_AUTH', $_SESSION['TL_INSTALL_AUTH'], $_SESSION['TL_INSTALL_EXPIRE'], $GLOBALS['TL_CONFIG']['websitePath']);
++ }
+
+
+ /**
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight27-example/Makefile
--- a/www/typolight27-example/Makefile Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight27-example/Makefile Sun Dec 20 09:41:38 2009 +0000
@@ -1,6 +1,8 @@
-# $NetBSD: Makefile,v 1.1.1.1 2009/04/26 04:00:12 taca Exp $
+# $NetBSD: Makefile,v 1.1.1.1.4.1 2009/12/20 09:41:39 tron Exp $
#
+LICENSE= gnu-lgpl-v2.1
+
.include "../../www/typolight27/Makefile.version"
.include "../../www/typolight/Makefile.example"
.include "../../www/typolight/Makefile.common"
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight27-translations/Makefile
--- a/www/typolight27-translations/Makefile Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight27-translations/Makefile Sun Dec 20 09:41:38 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.27 2009/10/10 02:17:59 taca Exp $
+# $NetBSD: Makefile,v 1.27.2.1 2009/12/20 09:41:39 tron Exp $
#
DISTNAME= typolight${TL_VER}-translations-${VERS}
@@ -10,6 +10,7 @@
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= http://www.typolight.org/download.html
COMMENT= Language files for TYPOlight CMS
+LICENSE= gnu-lgpl-v2.1
DEPENDS+= typolight${TL_VER}>=${TL_PKGVER}:../../www/typolight${TL_VER}
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight27/DEINSTALL
--- a/www/typolight27/DEINSTALL Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight27/DEINSTALL Sun Dec 20 09:41:38 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: DEINSTALL,v 1.1.1.1 2009/04/26 03:58:41 taca Exp $
+# $NetBSD: DEINSTALL,v 1.1.1.1.4.1 2009/12/20 09:41:39 tron Exp $
TL_WEBDIR="@PREFIX@/@TL_WEBDIR@"
TL_DIRS="system/config system/drivers system/libraries system/logs \
@@ -9,6 +9,8 @@
# remove cache files.
${FIND} ${TL_WEBDIR}/system/html -type f ! -name index.html \
-exec ${RM} -f {} \;
+ ${FIND} ${TL_WEBDIR}/plugins/tcpdf/cache -type f ! -name .htaccess \
+ -exec ${RM} -f {} \;
;;
POST-DEINSTALL)
(cd ${TL_WEBDIR}
diff -r 4384928cdf9b -r fd4e17229e34 www/typolight27/Makefile
--- a/www/typolight27/Makefile Sat Dec 19 21:28:26 2009 +0000
+++ b/www/typolight27/Makefile Sun Dec 20 09:41:38 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.9 2009/10/02 14:32:52 taca Exp $
+# $NetBSD: Makefile,v 1.9.2.1 2009/12/20 09:41:39 tron Exp $
#
DISTNAME= typolight-${TL_VERSION}
@@ -9,6 +9,7 @@
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= http://www.typolight.org/
COMMENT= Powerful web content management system (CMS)
+LICENSE= gnu-lgpl-v2.1
DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.1.0:../../graphics/php-gd
DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.1.0:../../misc/php-mbstring
@@ -75,22 +76,23 @@
INSTALLATION_DIRS+= ${TL_DOCDIR} ${TL_EGDIR} ${TL_WEBDIR}/system/config
OWN_DIRS_PERMS+= \
- ${TL_WEBDIR} ${BINOWN} ${APACHE_GROUP} 0775 \
- ${TL_WEBDIR}/plugins ${BINOWN} ${APACHE_GROUP} 0775 \
- ${TL_WEBDIR}/system ${BINOWN} ${APACHE_GROUP} 0775 \
- ${TL_WEBDIR}/system/drivers ${BINOWN} ${APACHE_GROUP} 0775 \
- ${TL_WEBDIR}/system/html ${BINOWN} ${APACHE_GROUP} 0770 \
- ${TL_WEBDIR}/system/libraries ${BINOWN} ${APACHE_GROUP} 0775 \
- ${TL_WEBDIR}/system/logs ${BINOWN} ${APACHE_GROUP} 0770 \
- ${TL_WEBDIR}/system/modules ${BINOWN} ${APACHE_GROUP} 0775 \
Home |
Main Index |
Thread Index |
Old Index