diff options
| author | glarkin <glarkin@FreeBSD.org> | 2009-02-19 02:06:37 +0800 |
|---|---|---|
| committer | glarkin <glarkin@FreeBSD.org> | 2009-02-19 02:06:37 +0800 |
| commit | 7d4af3b749c0e106c541860794e039e3583a8d80 (patch) | |
| tree | e86b9a6f75405e43e6e0d5eb354301bad20b250a | |
| parent | 0d302b28c4264a5b6e6871597d36c34fdfef622e (diff) | |
| download | freebsd-ports-gnome-7d4af3b749c0e106c541860794e039e3583a8d80.tar.gz freebsd-ports-gnome-7d4af3b749c0e106c541860794e039e3583a8d80.tar.zst freebsd-ports-gnome-7d4af3b749c0e106c541860794e039e3583a8d80.zip | |
- Update to 1.7.5
- Added UPDATING entry about incompatibility between 1.7.4 and 1.7.5
- Added vuln.xml entry for local file inclusion vulnerability in <1.7.5
- Added maintainer mode target in ZF Makefile to speed up fixups of
pkg-plist output from genplist
Security: cf495fd4-fdcd-11dd-9a86-0050568452ac
Security: http://framework.zend.com/issues/browse/ZF-5748
Security: http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html
| -rw-r--r-- | UPDATING | 20 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 33 | ||||
| -rw-r--r-- | www/zend-framework/Makefile | 13 | ||||
| -rw-r--r-- | www/zend-framework/distinfo | 6 | ||||
| -rw-r--r-- | www/zend-framework/pkg-plist | 32 |
5 files changed, 75 insertions, 29 deletions
@@ -6,6 +6,26 @@ You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20090218: + AFFECTS: users of www/zend-framework + AUTHOR: glarkin@FreeBSD.org + + A local file inclusion (LFI) vulnerability was fixed in Zend + Framework 1.7.5. The LFI was present in the Zend_View::render() + method, and allowed inclusion of scripts with relative path + names, e.g. "../../../my/script/dir/myscript.php". + + If the script path name is hard-coded into the application and is not + generated by user input, the vulnerability does not apply. Because + of this exception, the Zend Framework team has added a flag to + disable the LFI protection in the render() method. + + Full details of the vulnerability, whether it applies to your + application and how to disable the LFI protection in the render() + method can be found here: + + http://framework.zend.com/manual/en/zend.view.migration.html + 20090216: AFFECTS: users of net/openldap24-{client,server} AUTHOR: delphij@FreeBSD.org diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3f035e6b8041..e05fbd413ca9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,7 +34,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> - <vuln vid="25eb365c-fd11-11dd-8424-c213de35965d"> + <vuln vid="cf495fd4-fdcd-11dd-9a86-0050568452ac"> + <topic>Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()</topic> + <affects> + <package> + <name>ZendFramework</name> + <range><lt>1.7.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthew Weier O'Phinney reports:</p> + <blockquote cite="http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html"> + <p>A potential Local File Inclusion (LFI) vulnerability exists in + the Zend_View::render() method. If user input is used to + specify the script path, then it is possible to trigger the + LFI.</p> + <p>Note that Zend Framework applications that never call the + Zend_View::render() method with a user-supplied parameter are + not affected by this vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <url>http://framework.zend.com/issues/browse/ZF-5748</url> + </references> + <dates> + <discovery>2009-02-11</discovery> + <entry>2009-02-18</entry> + </dates> + </vuln> + + <vuln vid="25eb365c-fd11-11dd-8424-c213de35965d"> <topic>dia -- remote command execution vulnerability</topic> <affects> <package> diff --git a/www/zend-framework/Makefile b/www/zend-framework/Makefile index 1cc7f3ae29ef..80695452cb41 100644 --- a/www/zend-framework/Makefile +++ b/www/zend-framework/Makefile @@ -6,7 +6,7 @@ # PORTNAME= ZendFramework -PORTVERSION= 1.7.4 +PORTVERSION= 1.7.5 CATEGORIES= www MASTER_SITES= http://framework.zend.com/releases/${DISTNAME}/ GENTOO/distfiles @@ -136,6 +136,17 @@ do-install: ${XARGS} -0 ${CHMOD} 755' >> ${TMPPLIST} .endif +# Maintainer-mode target to speed up fixup of output from genplist +fix-new-plist: + @if [ -f pkg-plist.new ]; then \ + ${PERL} -ni.bak -e 'next if /PORTDOCS/; \ + s#^(.*%%DATADIR%%/externals)#%%DOJO%%$$1#g; \ + s#^(.*%%DATADIR%%/incubator)#%%INCUBATOR%%$$1#g; \ + print;' pkg-plist.new; \ + else \ + ${ECHO_CMD} Please run genplist to create pkg-plist.new; \ + fi + post-install: .if !defined(NOPORTDOCS) @${INSTALL} -d ${DOCSDIR} diff --git a/www/zend-framework/distinfo b/www/zend-framework/distinfo index 6eb782464ab9..a58fbc790c5f 100644 --- a/www/zend-framework/distinfo +++ b/www/zend-framework/distinfo @@ -1,3 +1,3 @@ -MD5 (ZendFramework-1.7.4.tar.gz) = 5240444dc2b0af50086ba6b3b9ee285e -SHA256 (ZendFramework-1.7.4.tar.gz) = 8aff0bb4d27c246ee02de9622f7366a01533e6e5a4e89c18001f2d47bd791046 -SIZE (ZendFramework-1.7.4.tar.gz) = 21203764 +MD5 (ZendFramework-1.7.5.tar.gz) = c85cf1cf3f9b3a990ab3f33dfe114fde +SHA256 (ZendFramework-1.7.5.tar.gz) = 16559635e591af04f01ea66a2ad98dbdd39c75a890f4301611517b799916c62f +SIZE (ZendFramework-1.7.5.tar.gz) = 21238396 diff --git a/www/zend-framework/pkg-plist b/www/zend-framework/pkg-plist index 6bc635668477..3d94755809e0 100644 --- a/www/zend-framework/pkg-plist +++ b/www/zend-framework/pkg-plist @@ -3215,23 +3215,6 @@ %%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Reflection/Method.php %%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Reflection/Parameter.php %%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Reflection/Property.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Abstract.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Apache/File.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Exception.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Abstract.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Body.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Class.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Docblock.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Docblock/Tag.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Docblock/Tag/Param.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Docblock/Tag/Return.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Exception.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/File.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Member/Abstract.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Member/Container.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Method.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Parameter.php -%%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Property.php %%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/Framework/Client/Abstract.php %%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/Framework/Client/Cli.php %%INCUBATOR%%%%DATADIR%%/incubator/library/Zend/Tool/Framework/Client/Cli/ArgumentParser.php @@ -3971,6 +3954,8 @@ %%DATADIR%%/library/Zend/Gdata/Spreadsheets/WorksheetEntry.php %%DATADIR%%/library/Zend/Gdata/Spreadsheets/WorksheetFeed.php %%DATADIR%%/library/Zend/Gdata/YouTube.php +%%DATADIR%%/library/Zend/Gdata/YouTube/ActivityEntry.php +%%DATADIR%%/library/Zend/Gdata/YouTube/ActivityFeed.php %%DATADIR%%/library/Zend/Gdata/YouTube/CommentEntry.php %%DATADIR%%/library/Zend/Gdata/YouTube/CommentFeed.php %%DATADIR%%/library/Zend/Gdata/YouTube/ContactEntry.php @@ -4805,6 +4790,7 @@ %%DATADIR%%/library/Zend/Search/Lucene/Analysis/TokenFilter/StopWords.php %%DATADIR%%/library/Zend/Search/Lucene/Document.php %%DATADIR%%/library/Zend/Search/Lucene/Document/Docx.php +%%DATADIR%%/library/Zend/Search/Lucene/Document/Exception.php %%DATADIR%%/library/Zend/Search/Lucene/Document/Html.php %%DATADIR%%/library/Zend/Search/Lucene/Document/OpenXml.php %%DATADIR%%/library/Zend/Search/Lucene/Document/Pptx.php @@ -5341,9 +5327,9 @@ %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/numberAmf3Response.bin %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/objectAmf0Response.bin %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/sparseArrayAmf0Response.bin -%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/stringKeyArrayAmf0Response.bin %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/stringAmf0Response.bin %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/stringAmf3Response.bin +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/stringKeyArrayAmf0Response.bin %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/Response/mock/typedObjectAmf0Response.bin %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/ResponseTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Amf/ServerTest.php @@ -6047,6 +6033,8 @@ %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/WhenTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/WhereTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/WhoTest.php +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/ActivityEntryTest.php +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/ActivityFeedTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/CommentEntryTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/CommentFeedTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/ContactEntryTest.php @@ -6061,6 +6049,8 @@ %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/VideoEntryTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/VideoFeedTest.php %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/VideoQueryTest.php +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/_files/ActivityEntryDataSample1.xml +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/_files/ActivityFeedDataSample1.xml %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/_files/CommentEntryDataSample1.xml %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/_files/CommentFeedDataSample1.xml %%PORTEXAMPLES%%%%EXAMPLESDIR%%/tests/Zend/Gdata/YouTube/_files/ContactEntryDataSample1.xml @@ -7653,12 +7643,6 @@ %%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/Framework/Client/Cli %%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/Framework/Client %%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/Framework -%%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Member -%%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Docblock/Tag -%%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php/Docblock -%%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Php -%%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator/Apache -%%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool/CodeGenerator %%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Tool %%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Reflection/Docblock/Tag %%INCUBATOR%%@dirrm %%DATADIR%%/incubator/library/Zend/Reflection/Docblock |