Bug 41465 - Update: www/gallery - security fixes
Summary: Update: www/gallery - security fixes
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Trevor Johnson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-08-09 08:40 UTC by Jamie Hermans
Modified: 2002-08-09 11:43 UTC (History)
0 users

See Also:


Attachments
file.diff (6.15 KB, patch)
2002-08-09 08:40 UTC, Jamie Hermans
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jamie Hermans 2002-08-09 08:40:01 UTC
	This release includes several SECURITY FIXES that address weaknesses in the Gallery code that can lead to a REMOTE EXPLOIT.
	Cleaned up a minor pkg-plist error as well.
Comment 1 Trevor Johnson freebsd_committer 2002-08-09 09:36:38 UTC
Responsible Changed
From-To: freebsd-ports->trevor

I'm looking at this.
Comment 2 Trevor Johnson 2002-08-09 09:49:22 UTC
> -%%PORTDOCS%%@dirrm share/doc/gallery
[...]
> +@dirrm %%PORTDOCS%%share/doc/gallery

This change might be incorrect.  At least, I looked at several other ports
and they use the same syntax that the existing gallery port does.
-- 
Trevor Johnson
Comment 3 Trevor Johnson freebsd_committer 2002-08-09 11:37:33 UTC
State Changed
From-To: open->closed

Thank you for the PR.  I've updated your port.  Please synchronize 
your pkg-plist with the one in CVS, because yours is not sorted 
properly. 

When upgrading from version 1.3, I had to do: 

# chown www.wheel /usr/local/www/data-dist/gallery/config.php 
# chown www.wheel /usr/local/www/data-dist/gallery/.htaccess 

Probably the port should do this itself.  Do you have any objection?