CVS commit: pkgsrc/www/php-concrete-cms

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Sun Mar 10 14:40:26 UTC 2024

Modified Files:
        pkgsrc/www/php-concrete-cms: Makefile distinfo

Log Message:
www/php-concrete-cms: update to 9.2.7

* pkgsrc change: use PHP_BASE_VERS for dependency to PHP.

9.2.7 (2024-03-05)

Behavioral Improvements

* Improved display of certain UI elements when Concrete was used with
  non-Bedrock/Bootstrap themes.

* Back to Website button in Dashboard now uses the vanity URL instead of the
  cID URL (Thanks JohnTheFish)

* Add db charset and collation to environment report (thanks JohnTheFish)

Bug Fixes

* Fixed: Time selector in the calendar event dialog not showing all times.

* Fixed: Undefined array key "value"' in
  /concrete/attributes/date_time/controller.php under PHP 8.

* Fixed: Undefined array key 0' in
  /concrete/blocks/calendar_event/controller.php:224 under PHP 8.

* Fix pagination not working in clipboard side panel (thanks
  quentinnorbert0)

* Fix double encoding when displaying page template name (thanks
  quentinnorbert0)

* Fixed inability to clear date/time attributes using the built-in HTML
  datepicker clear link.

* Fixed bug when attempting to do an advanced search by time in the Logs
  (thanks Quentin-Gach)

* Fixed error where including an ampersand in your site name would cause it
  to be displayed as & in your site browser title.

* Fixed: Undefined property: Concrete\Block\Survey\Controller::$cID' in
  /concrete/blocks/survey/controller.php:206 under PHP 8.

* Fixed: Undefined variable $fID' in
  /concrete/single_pages/download_file.php:23 under certain conditions in
  PHP 8.

* Fixed error when attempting to log values that were non-scalar (thanks
  JohnTheFish)

Security Updates

* Fixed CVE-2024-2179 Stored XSS in the Name field of a Group type with
  commit 11965.  A rogue administrator could inject malicious code into the
  Name field of a Group type which might be executed when users visit the
  affected page because of insufficient validation of administrator provided
  data.  The Concrete CMS Security team scored this 2.2 with CVSS v3 vector
  AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N.  Concrete versions below 9 do not
  include group types so they are not affected by this vulnerability.
  Thanks Luca Fuda for reporting HackerOne 2383192.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/php-concrete-cms/Makefile \
    pkgsrc/www/php-concrete-cms/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/php-concrete-cms/Makefile
diff -u pkgsrc/www/php-concrete-cms/Makefile:1.1 pkgsrc/www/php-concrete-cms/Makefile:1.2
--- pkgsrc/www/php-concrete-cms/Makefile:1.1    Mon Feb 26 15:06:27 2024
+++ pkgsrc/www/php-concrete-cms/Makefile        Sun Mar 10 14:40:26 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1 2024/02/26 15:06:27 taca Exp $
+# $NetBSD: Makefile,v 1.2 2024/03/10 14:40:26 taca Exp $
 #
 
 DISTNAME=      concrete-cms-${GITHUB_RELEASE}
@@ -6,7 +6,7 @@ PKGNAME=        ${PHP_PKG_PREFIX}-${DISTNAME}
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=concretecms/}
 GITHUB_PROJECT=        concretecms
-GITHUB_RELEASE=        9.2.6
+GITHUB_RELEASE=        9.2.7
 EXTRACT_SUFX=  .zip
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
@@ -14,12 +14,12 @@ HOMEPAGE=   https://www.concretecms.org/
 COMMENT=       Concrete CMS, Open sourece Content Management System
 LICENSE=       mit
 
-DEPENDS+=      ${PHP_PKG_PREFIX}-pdo_mysql>=5.3.3:../../databases/php-pdo_mysql
-DEPENDS+=      ${PHP_PKG_PREFIX}-gd>=5.3.3:../../graphics/php-gd
-DEPENDS+=      ${PHP_PKG_PREFIX}-curl>=5.3.3:../../www/php-curl
-DEPENDS+=      ${PHP_PKG_PREFIX}-zip>=5.3.3:../../archivers/php-zip
-DEPENDS+=      ${PHP_PKG_PREFIX}-iconv>=5.3.3:../../converters/php-iconv
-DEPENDS+=      ${PHP_PKG_PREFIX}-mbstring>=5.3.3:../../converters/php-mbstring
+DEPENDS+=      ${PHP_PKG_PREFIX}-pdo_mysql>=${PHP_BASE_VERS}:../../databases/php-pdo_mysql
+DEPENDS+=      ${PHP_PKG_PREFIX}-gd>=${PHP_BASE_VERS}:../../graphics/php-gd
+DEPENDS+=      ${PHP_PKG_PREFIX}-curl>=${PHP_BASE_VERS}:../../www/php-curl
+DEPENDS+=      ${PHP_PKG_PREFIX}-zip>=${PHP_BASE_VERS}:../../archivers/php-zip
+DEPENDS+=      ${PHP_PKG_PREFIX}-iconv>=${PHP_BASE_VERS}:../../converters/php-iconv
+DEPENDS+=      ${PHP_PKG_PREFIX}-mbstring>=${PHP_BASE_VERS}:../../converters/php-mbstring
 DEPENDS+=      ${PHP_PKG_PREFIX}-pecl-mcrypt>=1.0.0:../../security/php-pecl-mcrypt
 
 SUPERSEDES+=   ${PHP_PKG_PREFIX}-concrete5-[0-9]*
Index: pkgsrc/www/php-concrete-cms/distinfo
diff -u pkgsrc/www/php-concrete-cms/distinfo:1.1 pkgsrc/www/php-concrete-cms/distinfo:1.2
--- pkgsrc/www/php-concrete-cms/distinfo:1.1    Mon Feb 26 15:06:27 2024
+++ pkgsrc/www/php-concrete-cms/distinfo        Sun Mar 10 14:40:26 2024
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.1 2024/02/26 15:06:27 taca Exp $
+$NetBSD: distinfo,v 1.2 2024/03/10 14:40:26 taca Exp $
 
-BLAKE2s (concrete-cms-9.2.6.zip) = 3c2a1fc6a525b0e7855c2d40d5ec4dd0bed5bd098b7c0498cfcd7b1ef5720f3f
-SHA512 (concrete-cms-9.2.6.zip) = af22a597c2c96336d4226489d95d6ebdd5b4bca411b814641b8c2a121d2561d2f2eeb147d2e3c542fe9dcd9e636d4aa454ec0c277659f5417c8aa87b3cb3a5b1
-Size (concrete-cms-9.2.6.zip) = 76115980 bytes
+BLAKE2s (concrete-cms-9.2.7.zip) = d2e4865a0655f5dc0db55a0d34d0992c19715f6cb65a745b03d3fb921e77ea87
+SHA512 (concrete-cms-9.2.7.zip) = 9300ae11119217e1b641004bf0536f785a0b0b3b5ec0787bfcfacab3165e125fb3032003092ecbc42cc344619d821aa2e28545ee3a0fc6f195173d856c3a961b
+Size (concrete-cms-9.2.7.zip) = 76117302 bytes