From root@www.unix-experience.fr  Tue May 14 14:38:13 2013
Return-Path: <root@www.unix-experience.fr>
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
	by hub.freebsd.org (Postfix) with ESMTP id 3BE40706
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 May 2013 14:38:13 +0000 (UTC)
	(envelope-from root@www.unix-experience.fr)
Received: from www.unix-experience.fr (unix-experience.fr [88.190.14.11])
	by mx1.freebsd.org (Postfix) with ESMTP id 0C5DBEE1
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 May 2013 14:38:12 +0000 (UTC)
Received: by www.unix-experience.fr (Postfix, from userid 0)
	id C4F3A5C8D7; Tue, 14 May 2013 16:32:20 +0200 (CEST)
Message-Id: <20130514143220.C4F3A5C8D7@www.unix-experience.fr>
Date: Tue, 14 May 2013 16:32:20 +0200 (CEST)
From: Loic Blot <loic.blot@unix-experience.fr>
Reply-To: Loic Blot <loic.blot@unix-experience.fr>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Critical fixes on owncloud (SQL inject, XSS & CSRF)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         178628
>Category:       ports
>Synopsis:       Critical fixes on www/owncloud (SQL inject, XSS & CSRF)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    culot
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 14 14:40:00 UTC 2013
>Closed-Date:    Tue Jun 11 21:06:45 UTC 2013
>Last-Modified:  Tue Jun 11 21:06:45 UTC 2013
>Originator:     Loic Blot
>Release:        FreeBSD 9.1-RELEASE amd64
>Organization:
Centre National de la Recherche Scientifique
>Environment:
System: FreeBSD www.unix-experience.fr 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64


>Description:
	SECURITY: SQL Injection (oC-SA-2013-019)
	SECURITY: Multiple directory traversals (oC-SA-2013-020)
	SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
	SECURITY: Open redirector (oC-SA-2013-022)
	SECURITY: Password autocompletion (oC-SA-2013-023)
	SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024)
	SECURITY: Privilege escalation and CSRF in the API (oC-SA-2013-025)
	SECURITY: Incomplete blacklist vulnerability (oC-SA-2013-026)
	SECURITY: Information disclosure: CSRF token + username (oC-SA-2013-027)
	Fix renaming of shared files
	Fix UUID handling with LDAP
	Fix several undelete files issues
	Fix LDAP cachekey handling
	Several OCS API fixes
	Dropbox mounting fixes
	Remove ldap group name restrictions
	Fix fetching of the userlist with multiple user backends
	Turn off password autocompletion
	Translation fixes of the Shared folder
	Fix the fileactions order for filetypes
	Allow to ship a default theme
	Disallow URLs containing “@”
	Smaller layout improvemens
	Log an upgrade warning
	Log a trash bin cleanup message
	Improved quota calculation
	Allow to set Quota to zero
	Fix performance regression for uploading of big files
	Several Calendar fixes
	Use displaynames in contacts
	Check for existing address books during migrate->import
	Texteditor fixes
	Increase the SQLite database timeout
	Order images in Gallery
>How-To-Repeat:
>Fix:

	Use this patch
--- own.diff begins here ---
--- Makefile.old	2013-05-14 16:13:27.000000000 +0200
+++ Makefile	2013-05-14 16:15:00.000000000 +0200
@@ -1,7 +1,7 @@
-# $FreeBSD: www/owncloud/Makefile 316156 2013-04-20 15:53:03Z kevlo $
+# $FreeBSD: www/owncloud/Makefile 316156 2013-05-14 16:20:08Z nerz $
 
 PORTNAME=	owncloud
-PORTVERSION=	5.0.5
+PORTVERSION=	5.0.6
 CATEGORIES=	www
 MASTER_SITES=	http://download.owncloud.org/community/
 
--- distinfo.old	2013-05-14 16:15:12.000000000 +0200
+++ distinfo	2013-05-14 16:19:22.000000000 +0200
@@ -1,2 +1,2 @@
-SHA256 (owncloud-5.0.5.tar.bz2) = d1538f598f7b06a2d0494a9675a461e4bcd976e7e4ddf372efc1a2ec50007a31
-SIZE (owncloud-5.0.5.tar.bz2) = 13865933
+SHA256 (owncloud-5.0.6.tar.bz2) = 1017a62e64ca820c6bd42a4e1c58a644f487cd7c4d81fda2b7bc82f811a288a3 
+SIZE (owncloud-5.0.6.tar.bz2) = 13864664
--- own.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->kevlo 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue May 14 18:53:44 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=178628 

From: Loic Blot <loic.blot@unix-experience.fr>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: ports/178628: Critical fixes on owncloud (SQL inject, XSS & CSRF)
Date: Tue, 14 May 2013 16:32:20 +0200 (CEST)

 --===============0404305211628027271==
 Content-Type: text/plain
 
 
 >Number:         178628
 >Category:       ports
 >Synopsis:       Critical fixes on owncloud (SQL inject, XSS & CSRF)
 >Confidential:   no
 >Severity:       critical
 >Priority:       high
 >Responsible:    freebsd-ports-bugs
 >State:          open
 >Quarter:        
 >Keywords:       
 >Date-Required:
 >Class:          update
 >Submitter-Id:   current-users
 >Arrival-Date:   Tue May 14 14:40:00 UTC 2013
 >Closed-Date:
 >Last-Modified:
 >Originator:     Loic Blot
 >Release:        FreeBSD 9.1-RELEASE amd64
 >Organization:
 Centre National de la Recherche Scientifique
 >Environment:
 System: FreeBSD www.unix-experience.fr 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
 
 
 >Description:
 	SECURITY: SQL Injection (oC-SA-2013-019)
 	SECURITY: Multiple directory traversals (oC-SA-2013-020)
 	SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
 	SECURITY: Open redirector (oC-SA-2013-022)
 	SECURITY: Password autocompletion (oC-SA-2013-023)
 	SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024)
 	SECURITY: Privilege escalation and CSRF in the API (oC-SA-2013-025)
 	SECURITY: Incomplete blacklist vulnerability (oC-SA-2013-026)
 	SECURITY: Information disclosure: CSRF token + username (oC-SA-2013-027)
 	Fix renaming of shared files
 	Fix UUID handling with LDAP
 	Fix several undelete files issues
 	Fix LDAP cachekey handling
 	Several OCS API fixes
 	Dropbox mounting fixes
 	Remove ldap group name restrictions
 	Fix fetching of the userlist with multiple user backends
 	Turn off password autocompletion
 	Translation fixes of the Shared folder
 	Fix the fileactions order for filetypes
 	Allow to ship a default theme
 	Disallow URLs containing “@”
 	Smaller layout improvemens
 	Log an upgrade warning
 	Log a trash bin cleanup message
 	Improved quota calculation
 	Allow to set Quota to zero
 	Fix performance regression for uploading of big files
 	Several Calendar fixes
 	Use displaynames in contacts
 	Check for existing address books during migrate->import
 	Texteditor fixes
 	Increase the SQLite database timeout
 	Order images in Gallery
 >How-To-Repeat:
 >Fix:
 
 	Use this patch
 --- own.diff begins here ---
 --- Makefile.old	2013-05-14 16:13:27.000000000 +0200
 +++ Makefile	2013-05-14 16:15:00.000000000 +0200
 @@ -1,7 +1,7 @@
 -# $FreeBSD: www/owncloud/Makefile 316156 2013-04-20 15:53:03Z kevlo $
 +# $FreeBSD: www/owncloud/Makefile 316156 2013-05-14 16:20:08Z nerz $
  
  PORTNAME=	owncloud
 -PORTVERSION=	5.0.5
 +PORTVERSION=	5.0.6
  CATEGORIES=	www
  MASTER_SITES=	http://download.owncloud.org/community/
  
 --- distinfo.old	2013-05-14 16:15:12.000000000 +0200
 +++ distinfo	2013-05-14 16:19:22.000000000 +0200
 @@ -1,2 +1,2 @@
 -SHA256 (owncloud-5.0.5.tar.bz2) = d1538f598f7b06a2d0494a9675a461e4bcd976e7e4ddf372efc1a2ec50007a31
 -SIZE (owncloud-5.0.5.tar.bz2) = 13865933
 +SHA256 (owncloud-5.0.6.tar.bz2) = 1017a62e64ca820c6bd42a4e1c58a644f487cd7c4d81fda2b7bc82f811a288a3 
 +SIZE (owncloud-5.0.6.tar.bz2) = 13864664
 --- own.diff ends here ---
 
 
 >Release-Note:
 >Audit-Trail:
 >Unformatted:
 
 --===============0404305211628027271==
 Content-Type: text/plain; charset="us-ascii"
 MIME-Version: 1.0
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 _______________________________________________
 freebsd-ports-bugs@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs
 To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe@freebsd.org"
 --===============0404305211628027271==--
Responsible-Changed-From-To: kevlo->culot 
Responsible-Changed-By: culot 
Responsible-Changed-When: Tue Jun 11 19:07:29 UTC 2013 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=178628 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/178628: commit references a PR
Date: Tue, 11 Jun 2013 20:27:55 +0000 (UTC)

 Author: culot
 Date: Tue Jun 11 20:27:48 2013
 New Revision: 320636
 URL: http://svnweb.freebsd.org/changeset/ports/320636
 
 Log:
   - Update to 5.0.7
   
   Changes:	http://owncloud.org/changelog/
   
   Security:	oC-SA-2013-[019-028]
   Security:	CVE-2013-[2039-2045,2047-2048,2085-2086,2089,2149-2150]
   
   PR:		ports/178628
   PR:		ports/179494
   Submitted by: 	Loic Blot <loic.blot@unix-experience.fr>
   Approved by:	kevlo@ (maintainer, timeout)
 
 Modified:
   head/www/owncloud/Makefile
   head/www/owncloud/distinfo
 
 Modified: head/www/owncloud/Makefile
 ==============================================================================
 --- head/www/owncloud/Makefile	Tue Jun 11 19:45:36 2013	(r320635)
 +++ head/www/owncloud/Makefile	Tue Jun 11 20:27:48 2013	(r320636)
 @@ -1,7 +1,7 @@
  # $FreeBSD$
  
  PORTNAME=	owncloud
 -PORTVERSION=	5.0.5
 +PORTVERSION=	5.0.7
  CATEGORIES=	www
  MASTER_SITES=	http://download.owncloud.org/community/
  
 
 Modified: head/www/owncloud/distinfo
 ==============================================================================
 --- head/www/owncloud/distinfo	Tue Jun 11 19:45:36 2013	(r320635)
 +++ head/www/owncloud/distinfo	Tue Jun 11 20:27:48 2013	(r320636)
 @@ -1,2 +1,2 @@
 -SHA256 (owncloud-5.0.5.tar.bz2) = d1538f598f7b06a2d0494a9675a461e4bcd976e7e4ddf372efc1a2ec50007a31
 -SIZE (owncloud-5.0.5.tar.bz2) = 13865933
 +SHA256 (owncloud-5.0.7.tar.bz2) = 8329a2b8ee7da48111455aca299eacef68bde22c6e6494c3e9c41d4619e5083d
 +SIZE (owncloud-5.0.7.tar.bz2) = 14016269
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: culot 
State-Changed-When: Tue Jun 11 21:06:44 UTC 2013 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=178628 
>Unformatted:
