diff options
| author |   Stuart Herbert <stuart@gentoo.org> | 2005-11-20 10:41:41 +0000 |
|---|---|---|
| committer | Stuart Herbert <stuart@gentoo.org> | 2005-11-20 10:41:41 +0000 |
| commit | 5bc7cbe816550f2b3db1b6c06bed7729b73c3854 (patch) | |
| tree | d14e39203dca380afb9c9ab9ea930b231a256995 /www-apps/mambo | |
| parent | Working to help clean up dev-perl stuff. Version bump upstream. (diff) | |
| download | gentoo-2-5bc7cbe816550f2b3db1b6c06bed7729b73c3854.tar.gz gentoo-2-5bc7cbe816550f2b3db1b6c06bed7729b73c3854.tar.bz2 gentoo-2-5bc7cbe816550f2b3db1b6c06bed7729b73c3854.zip | |
Fix for security bug #112968
(Portage version: 2.0.51.22-r2)
Diffstat (limited to 'www-apps/mambo')
| -rw-r--r-- | www-apps/mambo/ChangeLog | 9 | ||||
| -rw-r--r-- | www-apps/mambo/Manifest | 15 | ||||
| -rw-r--r-- | www-apps/mambo/files/digest-mambo-4.5.2.3-r1 | 1 | ||||
| -rw-r--r-- | www-apps/mambo/files/mambo-4.5.2.3-globals_overwrite.patch | 21 | ||||
| -rw-r--r-- | www-apps/mambo/mambo-4.5.2.3-r1.ebuild | 95 |
5 files changed, 129 insertions, 12 deletions
diff --git a/www-apps/mambo/ChangeLog b/www-apps/mambo/ChangeLog index ef3fea6d109c..5d1a79a495fc 100644 --- a/www-apps/mambo/ChangeLog +++ b/www-apps/mambo/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for www-apps/mambo # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/mambo/ChangeLog,v 1.17 2005/10/23 15:04:30 rl03 Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/mambo/ChangeLog,v 1.18 2005/11/20 10:41:41 stuart Exp $ + +*mambo-4.5.2.3-r1 (20 Nov 2005) + + 20 Nov 2005; Stuart Herbert <stuart@gentoo.org> + +files/mambo-4.5.2.3-globals_overwrite.patch, +mambo-4.5.2.3-r1.ebuild: + Added patch for security bug #112968; thanks to Vic Fryzel <vic@shellsage.com> + for the patch 23 Oct 2005; Renat Lumpau <rl03@gentoo.org> mambo-4.5.2.3.ebuild: Fixed emerge --config wrt bug #109482. diff --git a/www-apps/mambo/Manifest b/www-apps/mambo/Manifest index 565bb57cba48..8aca5b45182c 100644 --- a/www-apps/mambo/Manifest +++ b/www-apps/mambo/Manifest @@ -1,15 +1,8 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 833ddb4f175a688b0893107e846b608d mambo-4.5.2.3.ebuild 2891 MD5 4dcc371a6687e9d9d4fa5f013b81a0e1 ChangeLog 2417 MD5 f61bfa064e3acdfcd826e4a38b121196 metadata.xml 161 +MD5 833ddb4f175a688b0893107e846b608d mambo-4.5.2.3.ebuild 2891 +MD5 4d7e353112d4935ca9bf91238f58dd98 mambo-4.5.2.3-r1.ebuild 2985 +MD5 3d99cf82feda374b93fb14a227f3d37f files/mambo-4.5.2.3-globals_overwrite.patch 683 MD5 3601661ea6b8a216f15131f63bc24388 files/postinstall-en.txt 991 MD5 6c941a8ae21f670067d3ce092d91b9cc files/digest-mambo-4.5.2.3 73 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFDW6aXEzitwsaoONoRAvO1AKC2xINw33A85ATkgOjkX+OfogCufgCffR5t -cXnrPElM3VxP+CpDMAV0mcA= -=MHgr ------END PGP SIGNATURE----- +MD5 6c941a8ae21f670067d3ce092d91b9cc files/digest-mambo-4.5.2.3-r1 73 diff --git a/www-apps/mambo/files/digest-mambo-4.5.2.3-r1 b/www-apps/mambo/files/digest-mambo-4.5.2.3-r1 new file mode 100644 index 000000000000..2d9a21f68786 --- /dev/null +++ b/www-apps/mambo/files/digest-mambo-4.5.2.3-r1 @@ -0,0 +1 @@ +MD5 6f4f934bc26ceed05137a23a1dcf8a54 mamboV4.5.2.3-Stable.tar.gz 1561319 diff --git a/www-apps/mambo/files/mambo-4.5.2.3-globals_overwrite.patch b/www-apps/mambo/files/mambo-4.5.2.3-globals_overwrite.patch new file mode 100644 index 000000000000..c4df9686d4ef --- /dev/null +++ b/www-apps/mambo/files/mambo-4.5.2.3-globals_overwrite.patch @@ -0,0 +1,21 @@ +--- globals.php 2005-06-01 23:24:00.000000000 -0400 ++++ globals.php 2005-11-19 01:10:28.000000000 -0500 +@@ -30,10 +30,14 @@ + while(list($key,$value)=each($_SERVER)) $GLOBALS[$key]=$value; + while(list($key,$value)=@each($_SESSION)) $GLOBALS[$key]=$value; + foreach($_FILES as $key => $value){ +- $GLOBALS[$key]=$_FILES[$key]['tmp_name']; +- foreach($value as $ext => $value2){ +- $key2 = $key . '_' . $ext; +- $GLOBALS[$key2] = $value2; ++ if(!isset($GLOBALS[$key])) { ++ $GLOBALS[$key]=$_FILES[$key]['tmp_name']; ++ foreach($value as $ext => $value2){ ++ $key2 = $key . '_' . $ext; ++ if(!isset($GLOBALS[$key2])) { ++ $GLOBALS[$key2] = $value2; ++ } ++ } + } + } + } diff --git a/www-apps/mambo/mambo-4.5.2.3-r1.ebuild b/www-apps/mambo/mambo-4.5.2.3-r1.ebuild new file mode 100644 index 000000000000..1c2c9ce0112b --- /dev/null +++ b/www-apps/mambo/mambo-4.5.2.3-r1.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/mambo/mambo-4.5.2.3-r1.ebuild,v 1.1 2005/11/20 10:41:41 stuart Exp $ + +inherit webapp eutils + +MY_P="${PN/M/m}V${PV}-Stable" +DESCRIPTION="Mambo is yet another CMS" +HOMEPAGE="http://www.mamboserver.com/" +SRC_URI="http://mamboforge.net/frs/download.php/4004/${MY_P}.tar.gz" + +LICENSE="GPL-2" +KEYWORDS="~x86 ~ppc ~sparc ~amd64" +S=${WORKDIR} + +IUSE="" + +RDEPEND="dev-db/mysql + virtual/httpd-php + net-www/apache" +DEPEND="app-arch/unzip" + +pkg_setup () { + webapp_pkg_setup + einfo "Please make sure that your PHP is compiled with XML and MySQL support" +} + +src_install () { + webapp_src_preinst + local files="administrator/backups administrator/components components + images images/banners images/stories mambots mambots/content mambots/search + media language administrator/modules administrator/templates cache modules + templates" + + dodoc CHANGELOG INSTALL + + cp -R [^d]* ${D}/${MY_HTDOCSDIR} + + cd "${D}/${MY_HTDOCSDIR}" + epatch "${FILESDIR}/${PN}-4.5.2.3-globals_overwrite.patch" + + for file in ${files}; do + webapp_serverowned "${MY_HTDOCSDIR}/${file}" + done + + webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt + + webapp_src_install +} + +pkg_postinst () { + einfo "Now run \"emerge --config =${PF}\"" + einfo "to setup the database" + einfo "Note that db and dbuser need to be present prior to running db setup" + webapp_pkg_postinst +} + +pkg_config() { + # default values for db stuff + D_DB="mambo" + D_HOST="localhost" + D_USER="mambo" + + # do we want to start mysqld? + /etc/init.d/mysql restart || die "mysql needs to be running" + + echo -n "mysql db name [${D_DB}]: "; read MY_DB + [[ -z ${MY_DB} ]] && MY_DB=${D_DB} + + echo -n "mysql db host [${D_HOST}]: "; read MY_HOST + [[ -z ${MY_HOST} ]] && MY_HOST=${D_HOST} + + echo -n "mysql dbuser name [${D_USER}]: "; read MY_USER + [[ -z ${MY_USER} ]] && MY_USER=${D_USER} + + echo -n "mysql dbuser password: "; read mypwd + [[ -z ${mypwd} ]] && die "Error: no dbuser password" + + # privileges + echo -n "Please enter login info for user who has grant privileges on ${MY_HOST} [$USER]: "; read adminuser + [[ -z ${adminuser} ]] && adminuser="$USER" + if [ "${MY_HOST}" != "localhost" ]; then + echo -n "Client address (at db side) [$(hostname -f)]: "; read clientaddr + [[ -z ${clientaddr} ]] && clientaddr="$(hostname -f)" + fi + # this will be default for localhost + [[ -z ${clientaddr} ]] && clientaddr="${MY_HOST}" + + # if $MY_HOST == localhost, don't specify -h argument, so local socket can be used. + host=${MY_HOST/localhost} + mysqladmin -u ${adminuser} ${host:+-h ${host}} -p create ${MY_DB} || die "Error creating database" + mysql -u "${adminuser}" "${host:+-h ${host}}" -p \ + -e "GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,REFERENCES + ON ${MY_DB}.* TO '${MY_USER}'@'${clientaddr}' IDENTIFIED BY '${mypwd}'; FLUSH PRIVILEGES;" || die "Error initializing database. Please grant permissions manually." +} |