1.0.4 Contains fixes for 6 Security Vunerabilities. Critical Level Threats Potentional XSS injection through GET and other variables - Affects all previous versions of Joomla! and Mambo 4.5.2.3 Hardened SEF against XSS injection - Affects all previous versions of Joomla! and Mambo 4.5.2.3 Low Level Threats Potential SQL injection in Polls modules through the Itemid variable - Affects all previous versions of Joomla! and Mambo 4.5.2.x series Potential SQL injection in several methods in mosDBTable class - Affects all previous versions of Joomla! and Mambo 4.5.2.x series Potential misuse of Media component file management functions - Affects all previous versions of Joomla! and Mambo 4.5.2.x series Add search limit param (default of 50) to `Search` Mambots to prevent search flooding - Affects all previous versions of Joomla! and Mambo 4.5.2.x series Fix: PORTNAME= joomla -PORTVERSION= 1.0.3 +PORTVERSION= 1.0.4 CATEGORIES= www -MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_3/frs1820?dl=1/:source1 +MASTER_SITES= http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_4/frs2532?dl=1/:source1 DISTFILES= ${JOOMLA_SRC}:source1 MAINTAINER= include@npf.pt.freebsd.org @@ -25,7 +25,7 @@ JOOMLA_DIR?= www/${PORTNAME} DIST_SUBDIR= ${PORTNAME} -JOOMLA_SRC= Joomla_1.0.3-Stable-Full_Package.tar.gz +JOOMLA_SRC= Joomla_1.0.4-Stable-Full_Package.tar.gz do-extract: @${MKDIR} ${WRKSRC} After diffing this 3 files i also ask to remove the dist file because it doesen't do nothing. Thanks in advance Francisco Cabrita--ZXHI408HAdtPK4R0CFOUs5z6Lvr2Sapna6Q5rkRMROSelFEh Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" --- Makefile_3 Sat Nov 26 17:50:40 2005 +++ Makefile Fri Nov 25 20:56:50 2005 @@ -5,9 +5,9 @@ # $FreeBSD: ports/www/joomla/Makefile,v 1.1 2005/11/25 02:08:33 edwin Exp $
Maintainer of www/joomla, Please note that PR ports/89596 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/89596 -- Edwin Groothuis edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback
Yes I approve :) Once again, many thanks Francisco Cabrita -- Nucleo Portugues de FreeBSD - Core Member http://npf.pt.freebsd.org http://npf.pt.freebsd.org/~include/ On Sat, 26 Nov 2005, Edwin Groothuis wrote: > Maintainer of www/joomla, > > Please note that PR ports/89596 has just been submitted. > > If it contains a patch for an upgrade, an enhancement or a bug fix > you agree on, reply to this email stating that you approve the patch > and a committer will take care of it. > > The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/89596 > > -- > Edwin Groothuis > edwin@FreeBSD.org >
State Changed From-To: feedback->open Feedback received
Please, don't send hand-made patches. Use diff -ruN instead. -- Sem.
State Changed From-To: open->closed Committed, thanks!
Thanks for the alert, i think i did a diff -ru (only) and something with the copy-past did not append the best way... next time i will pay more atention. In the pr I ask to remove the dist file (not ditinfo). Please can you remove it for me? Thanks again Francisco -- Nucleo Portugues de FreeBSD - Core Member http://npf.pt.freebsd.org http://npf.pt.freebsd.org/~include/ On Mon, 28 Nov 2005, Sergey Matveychuk wrote: > Please, don't send hand-made patches. Use diff -ruN instead. > > -- > Sem. >