Bug 41465 - Update: www/gallery - security fixes
Summary: Update: www/gallery - security fixes
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Trevor Johnson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-08-09 08:40 UTC by Jamie Hermans
Modified: 2002-08-09 11:43 UTC (History)
0 users

See Also:

Attachments
file.diff (6.15 KB, patch)
2002-08-09 08:40 UTC, Jamie Hermans 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jamie Hermans 2002-08-09 08:40:01 UTC 
	This release includes several SECURITY FIXES that address weaknesses in the Gallery code that can lead to a REMOTE EXPLOIT.
	Cleaned up a minor pkg-plist error as well.
Comment 1 Trevor Johnson freebsd_committer freebsd_triage 2002-08-09 09:36:38 UTC 
Responsible Changed
From-To: freebsd-ports->trevor

I'm looking at this.
Comment 2 Trevor Johnson 2002-08-09 09:49:22 UTC 
> -%%PORTDOCS%%@dirrm share/doc/gallery
[...]
> +@dirrm %%PORTDOCS%%share/doc/gallery

This change might be incorrect.  At least, I looked at several other ports
and they use the same syntax that the existing gallery port does.
-- 
Trevor Johnson
Comment 3 Trevor Johnson freebsd_committer freebsd_triage 2002-08-09 11:37:33 UTC 
State Changed
From-To: open->closed

Thank you for the PR.  I've updated your port.  Please synchronize 
your pkg-plist with the one in CVS, because yours is not sorted 
properly. 

When upgrading from version 1.3, I had to do: 

# chown www.wheel /usr/local/www/data-dist/gallery/config.php 
# chown www.wheel /usr/local/www/data-dist/gallery/.htaccess 

Probably the port should do this itself.  Do you have any objection?