- Update to 4.6.12 - Security fix, see http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ Generated with FreeBSD Port Tools 0.99_6 (mode: update, diff: suffix)
Responsible Changed From-To: freebsd-ports-bugs->bdrewery I'll take it.
Author: bdrewery Date: Wed Aug 15 19:45:50 2012 New Revision: 302596 URL: http://svn.freebsd.org/changeset/ports/302596 Log: - Update www/typo3 to 4.7.4 [1] - Convert to new options framework [1] - Update www/typo345 to 4.5.19 [2] - Update www/typo346 to 4.6.12 [3] - Changes: https://typo3.org/news/article/typo3-4519-4612-and-474-released/ - Document security vulnerabilities [4] https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ PR: ports/170650 [1] PR: ports/170647 [2] PR: ports/170649 [3] Submitted by: Helmut Schneider <jumper99@gmx.de> (maintainer) Security: 48bcb4b2-e708-11e1-a59d-000d601460a4 [4] Approved by: eadler (mentor) Modified: head/security/vuxml/vuln.xml head/www/typo3/Makefile head/www/typo3/distinfo head/www/typo3/pkg-descr head/www/typo3/pkg-plist head/www/typo345/Makefile head/www/typo345/distinfo head/www/typo345/pkg-plist head/www/typo346/Makefile head/www/typo346/distinfo head/www/typo346/pkg-plist Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Aug 15 19:44:22 2012 (r302595) +++ head/security/vuxml/vuln.xml Wed Aug 15 19:45:50 2012 (r302596) @@ -52,6 +52,56 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="48bcb4b2-e708-11e1-a59d-000d601460a4"> + <topic>typo3 -- Multiple vulernabilities in TYPO3 Core</topic> + <affects> + <package> + <name>typo3</name> + <range><ge>4.5.0</ge><lt>4.5.19</lt></range> + <range><ge>4.6.0</ge><lt>4.6.12</lt></range> + <range><ge>4.7.0</ge><lt>4.7.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Typo Security Team reports:</p> + <blockquote cite="https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"> + <p>It has been discovered that TYPO3 Core is vulnerable to Cross-Site + Scripting, Information Disclosure, Insecure Unserialize leading to + Arbitrary Code Execution.</p> + <p>TYPO3 Backend Help System - Due to a missing signature (HMAC) for a + parameter in the view_help.php file, an attacker could unserialize + arbitrary objects within TYPO3. We are aware of a working exploit, + which can lead to arbitrary code execution. A valid backend user + login or multiple successful cross site request forgery attacks are + required to exploit this vulnerability.</p> + <p>TYPO3 Backend - Failing to properly HTML-encode user input in + several places, the TYPO3 backend is susceptible to Cross-Site + Scripting. A valid backend user is required to exploit these + vulnerabilities.</p> + <p>TYPO3 Backend - Accessing the configuration module discloses the + Encryption Key. A valid backend user with access to the + configuration module is required to exploit this vulnerability.</p> + <p>TYPO3 HTML Sanitizing API - By not removing several HTML5 + JavaScript events, the API method t3lib_div::RemoveXSS() fails to + filter specially crafted HTML injections, thus is susceptible to + Cross-Site Scripting. Failing to properly encode for JavaScript the + API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site + Scripting.</p> + <p>TYPO3 Install Tool - Failing to properly sanitize user input, the + Install Tool is susceptible to Cross-Site Scripting.</p> + </blockquote> + </body> + </description> + <references> + <url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/</url> + </references> + <dates> + <discovery>2012-08-15</discovery> + <entry>2012-08-15</entry> + </dates> + </vuln> + <vuln vid="83f9e943-e664-11e1-a66d-080027ef73ec"> <topic>fetchmail -- two vulnerabilities in NTLM authentication</topic> <affects> Modified: head/www/typo3/Makefile ============================================================================== --- head/www/typo3/Makefile Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo3/Makefile Wed Aug 15 19:45:50 2012 (r302596) @@ -6,7 +6,7 @@ # PORTNAME= typo3 -PORTVERSION= 4.7.2 +PORTVERSION= 4.7.4 CATEGORIES= www MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION} @@ -31,31 +31,30 @@ PLIST_SUB+= PORTVERSION="${PORTVERSION}" DISTFILES+= ${TYPO3SRC}${EXTRACT_SUFX} ${TYPO3DUMMY}${EXTRACT_SUFX} -OPTIONS= CURL "Configure with cURL support" off \ - GD "Configure with GDlib/freetype support" off \ - IMAGICK "Configure with ImageMagick support" off \ - MBSTRING "Configure with mbstring support" off \ - ZLIB "Configure with zlib support" off +OPTIONS_DEFINE= CURL GD IMAGICK MBSTRING ZLIB +IMAGICK_DESC= ${IMAGEMAGICK_DESC} +MBSTRING_DESC= ${MULTIBYTE_DESC} +GD_DESC= GDlib/freetype support .include <bsd.port.pre.mk> -.if defined(WITH_CURL) +.if ${PORT_OPTIONS:MCURL} USE_PHP+= curl .endif -.if defined(WITH_GD) +.if ${PORT_OPTIONS:MGD} USE_PHP+= gd .endif -.if defined(WITH_IMAGICK) +.if ${PORT_OPTIONS:MIMAGICK} RUN_DEPENDS+= ${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick .endif -.if defined(WITH_MBSTRING) +.if ${PORT_OPTIONS:MMBSTRING} USE_PHP+= mbstring .endif -.if defined(WITH_ZLIB) +.if ${PORT_OPTIONS:MZLIB} USE_PHP+= zlib .endif Modified: head/www/typo3/distinfo ============================================================================== --- head/www/typo3/distinfo Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo3/distinfo Wed Aug 15 19:45:50 2012 (r302596) @@ -1,4 +1,4 @@ -SHA256 (typo3_src-4.7.2.tar.gz) = 43a3390b2580f7c74819377441b669d3d2d0a62c686036224e073b7b1db90ee9 -SIZE (typo3_src-4.7.2.tar.gz) = 22374815 -SHA256 (dummy-4.7.2.tar.gz) = 693a2c30325aa1697f5f3bb905caf755fcf6db4718008635af1461ccea56761c -SIZE (dummy-4.7.2.tar.gz) = 10148 +SHA256 (typo3_src-4.7.4.tar.gz) = f770f8ae7cbb1b2a70547d9dcc53b6e2372467940884b3e0701b1c221682193d +SIZE (typo3_src-4.7.4.tar.gz) = 22375813 +SHA256 (dummy-4.7.4.tar.gz) = 21e17c67783a9e91ad39a011604fd61ceb946627e835943d32609f4a4393ba4b +SIZE (dummy-4.7.4.tar.gz) = 10139 Modified: head/www/typo3/pkg-descr ============================================================================== --- head/www/typo3/pkg-descr Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo3/pkg-descr Wed Aug 15 19:45:50 2012 (r302596) @@ -3,7 +3,7 @@ on the web and in intranets. It offers f featuring an accomplished set of ready-made interfaces, functions and modules. This version is the current stable release. It is recommended for existing -projects and will get full support (bugfixes and security fixes) until April 2013, -but will get security fixes until October 2013. +projects and will get full support (bugfixes and security fixes) until April +2013, but will get security fixes until October 2013. WWW: http://typo3.org/ Modified: head/www/typo3/pkg-plist ============================================================================== --- head/www/typo3/pkg-plist Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo3/pkg-plist Wed Aug 15 19:45:50 2012 (r302596) @@ -20,7 +20,6 @@ %%WWWDIR%%/uploads/media/index.html %%WWWDIR%%/uploads/pics/index.html %%WWWDIR%%/uploads/tf/index.html -%%WWWDIR%%_src-%%PORTVERSION%%/.travis.yml %%WWWDIR%%_src-%%PORTVERSION%%/ChangeLog %%WWWDIR%%_src-%%PORTVERSION%%/GPL.txt %%WWWDIR%%_src-%%PORTVERSION%%/INSTALL.txt @@ -136,6 +135,7 @@ %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php +%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/AbstractRecordCollection.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/RecordCollectionRepository.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/StaticRecordCollection.php @@ -9251,6 +9251,7 @@ @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/interfaces @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection +@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception Modified: head/www/typo345/Makefile ============================================================================== --- head/www/typo345/Makefile Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo345/Makefile Wed Aug 15 19:45:50 2012 (r302596) @@ -6,7 +6,7 @@ # PORTNAME= typo3 -PORTVERSION= 4.5.18 +PORTVERSION= 4.5.19 CATEGORIES= www MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION} Modified: head/www/typo345/distinfo ============================================================================== --- head/www/typo345/distinfo Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo345/distinfo Wed Aug 15 19:45:50 2012 (r302596) @@ -1,4 +1,4 @@ -SHA256 (typo3_src-4.5.18.tar.gz) = 68da30e14124c697c070046b14886ec64ecd38b8b17895a122e1a5f45e516fa2 -SIZE (typo3_src-4.5.18.tar.gz) = 20559614 -SHA256 (dummy-4.5.18.tar.gz) = 9a88878e802ff1b743152cc0f79ed038e769c2436784266725e02d848a07f18d -SIZE (dummy-4.5.18.tar.gz) = 9858 +SHA256 (typo3_src-4.5.19.tar.gz) = 9a70d9e8980acdd5745c7b141d92ff9f680e360905befd484b51e07d13e3a0ba +SIZE (typo3_src-4.5.19.tar.gz) = 20560147 +SHA256 (dummy-4.5.19.tar.gz) = 9ed92532a2827e0d3503683e076b3cef90fe89ff1010a4a0b70a9a172c54bafb +SIZE (dummy-4.5.19.tar.gz) = 9858 Modified: head/www/typo345/pkg-plist ============================================================================== --- head/www/typo345/pkg-plist Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo345/pkg-plist Wed Aug 15 19:45:50 2012 (r302596) @@ -136,6 +136,7 @@ %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php +%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/config_default.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractcontextmenu.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractdataprovider.php @@ -8300,6 +8301,7 @@ @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/pagetree @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/extdirect @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu +@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception Modified: head/www/typo346/Makefile ============================================================================== --- head/www/typo346/Makefile Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo346/Makefile Wed Aug 15 19:45:50 2012 (r302596) @@ -6,7 +6,7 @@ # PORTNAME= typo3 -PORTVERSION= 4.6.11 +PORTVERSION= 4.6.12 CATEGORIES= www MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION} Modified: head/www/typo346/distinfo ============================================================================== --- head/www/typo346/distinfo Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo346/distinfo Wed Aug 15 19:45:50 2012 (r302596) @@ -1,4 +1,4 @@ -SHA256 (typo3_src-4.6.11.tar.gz) = 62acbc0876c2cbf452c435a5a09e11b60b3ea8d724a455f92d2caea07bb2ff89 -SIZE (typo3_src-4.6.11.tar.gz) = 21289682 -SHA256 (dummy-4.6.11.tar.gz) = 87e711ba875c3f9c90d730ff6a5c14b5c05bf2da06de46b0fe98090d04e9bdc2 -SIZE (dummy-4.6.11.tar.gz) = 10138 +SHA256 (typo3_src-4.6.12.tar.gz) = 99ba9550ed74b1c9185fda8bcaf17da3a7b433fd62608afcb24c21a7f25df8b8 +SIZE (typo3_src-4.6.12.tar.gz) = 21288826 +SHA256 (dummy-4.6.12.tar.gz) = cfa9a8a1b4fad18d27fc0a88b0e2e165b2d4d4cf5eada2343819f9621a77f508 +SIZE (dummy-4.6.12.tar.gz) = 10143 Modified: head/www/typo346/pkg-plist ============================================================================== --- head/www/typo346/pkg-plist Wed Aug 15 19:44:22 2012 (r302595) +++ head/www/typo346/pkg-plist Wed Aug 15 19:45:50 2012 (r302596) @@ -136,6 +136,7 @@ %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php +%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/config_default.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractcontextmenu.php %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractdataprovider.php @@ -8994,6 +8995,7 @@ @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/pagetree @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/extdirect @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu +@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend @dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!