From nobody@FreeBSD.org  Wed Aug  3 09:46:43 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 54D9F16A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  3 Aug 2005 09:46:43 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BBD0843D45
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  3 Aug 2005 09:46:42 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j739kg6Q029655
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 3 Aug 2005 09:46:42 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j739kgPF029654;
	Wed, 3 Aug 2005 09:46:42 GMT
	(envelope-from nobody)
Message-Id: <200508030946.j739kgPF029654@www.freebsd.org>
Date: Wed, 3 Aug 2005 09:46:42 GMT
From: Francisco Cabrita <francisco@nortenet.pt>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [SECURITY UPDATE]: Update for www/mambo - Security Patch for 4.5.2.2 to 4.5.2.3
X-Send-Pr-Version: www-2.3

>Number:         84510
>Category:       ports
>Synopsis:       [SECURITY UPDATE]: Update for www/mambo - Security Patch for 4.5.2.2 to 4.5.2.3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lawrance
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 03 09:50:16 GMT 2005
>Closed-Date:    Thu Aug 04 05:30:36 GMT 2005
>Last-Modified:  Thu Aug 04 05:30:36 GMT 2005
>Originator:     Francisco Cabrita
>Release:        FreeBSD 5.4-RELEASE-p6
>Organization:
Ncleo Portugus de FreeBSD
>Environment:
FreeBSD fac.e10.pt 5.4-RELEASE-p6 FreeBSD 5.4-RELEASE-p6 #0: Sat Jul 30 04:12:24 WEST 2005     fac@fac.e10.pt:/usr/obj/usr/src/sys/MOBILE  i386
>Description:
The 4.5.2.3 patch is available that fixes an over-zealous filter on the main content fields and well as plugging a security hole in the voting form submission. It also includes a slight revision to the database class that will give you a small boost in performance.

The Makefile

--- Makefile_SAFE       Wed Aug  3 10:31:46 2005
+++ Makefile    Wed Aug  3 10:24:25 2005
@@ -5,14 +5,12 @@
 # $FreeBSD: ports/www/mambo/Makefile,v 1.4 2005/06/13 14:02:54 pav Exp $

 PORTNAME=      mambo
-PORTVERSION=   4.5.2.2
+PORTVERSION=   4.5.2.3
 CATEGORIES=    www
 MASTER_SITES=  http://mamboforge.net/frs/download.php/4004/:source1 \
-               http://mamboforge.net/frs/download.php/4043/:source2 \
-               http://mamboforge.net/frs/download.php/5886/:source3
+               http://mamboforge.net/frs/download.php/6159/:source2
 DISTFILES=     ${MAMBO_SRC}:source1 \
-               ${MAMBO_PATCH1}:source2 \
-               ${MAMBO_PATCH2}:source3
+               ${MAMBO_PATCH1}:source2

 MAINTAINER=    include@npf.pt.freebsd.org
 COMMENT=       A dynamic web content management system (CMS)
@@ -32,14 +30,12 @@
 DIST_SUBDIR=   ${PORTNAME}

 MAMBO_SRC=     MamboV4.5.2-Stable.tar.gz
-MAMBO_PATCH1=  Patch_4.5.2_to_4.5.2.1.zip
-MAMBO_PATCH2=  Patch_4.5.2_to_4.5.2.2.zip
+MAMBO_PATCH1=  Patch_4.5.2_to_4.5.2.3.zip

 do-extract:
                @${MKDIR} ${WRKSRC}
                @${TAR} -zxf ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_SRC} -C ${WRKSRC}
                @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH1} -d ${WRKSRC}
-               @${UNZIP_CMD} -qo ${DISTDIR}/${DIST_SUBDIR}/${MAMBO_PATCH2} -d ${WRKSRC}
                @${RM} -rf ${WRKSRC}/templates/rhuk_solarflare # remove empty

 do-install:

The distinfo:

--- distinfo_SAFE       Wed Aug  3 10:41:47 2005
+++ distinfo    Wed Aug  3 10:24:25 2005
@@ -1,6 +1,4 @@
 MD5 (mambo/MamboV4.5.2-Stable.tar.gz) = 6f4f934bc26ceed05137a23a1dcf8a54
 SIZE (mambo/MamboV4.5.2-Stable.tar.gz) = 1561319
-MD5 (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 0dc49db1cf7a5c0ff11d69f05cfae69f
-SIZE (mambo/Patch_4.5.2_to_4.5.2.1.zip) = 32429
-MD5 (mambo/Patch_4.5.2_to_4.5.2.2.zip) = ce66ecab53e6af3215d664a6b24b7ab0
-SIZE (mambo/Patch_4.5.2_to_4.5.2.2.zip) = 88100
+MD5 (mambo/Patch_4.5.2_to_4.5.2.3.zip) = 3202877a1f03b2ff723bf5a2c1f07869
+SIZE (mambo/Patch_4.5.2_to_4.5.2.3.zip) = 88505

The pkg-plist:
--- pkg-plist_SAFE      Wed Aug  3 10:41:50 2005
+++ pkg-plist   Wed Aug  3 10:24:25 2005
@@ -1,7 +1,6 @@
 @exec mkdir -p %D/%%MAMBO_DIR%%/cache/com_banners
 %%MAMBO_DIR%%/CHANGELOG
 %%MAMBO_DIR%%/INSTALL
-%%MAMBO_DIR%%/README
 %%MAMBO_DIR%%/LICENSE
 %%MAMBO_DIR%%/administrator/backups/index.html
 %%MAMBO_DIR%%/administrator/components/com_admin/admin.admin.html.php
@@ -831,6 +830,8 @@
 %%MAMBO_DIR%%/includes/patTemplate/tmpl/page.html
 %%MAMBO_DIR%%/includes/pathway.php
 %%MAMBO_DIR%%/includes/pdf.php
+%%MAMBO_DIR%%/includes/phpInputFilter/index.html
+%%MAMBO_DIR%%/includes/phpInputFilter/class.inputfilter.php
 %%MAMBO_DIR%%/includes/phpmailer/LICENSE
 %%MAMBO_DIR%%/includes/phpmailer/class.phpmailer.php
 %%MAMBO_DIR%%/includes/phpmailer/class.smtp.php
@@ -1194,6 +1195,7 @@
 @dirrm %%MAMBO_DIR%%/language
 @dirrm %%MAMBO_DIR%%/installation/sql
 @dirrm %%MAMBO_DIR%%/installation
+@dirrm %%MAMBO_DIR%%/includes/phpInputFilter/
 @dirrm %%MAMBO_DIR%%/includes/phpmailer/language
 @dirrm %%MAMBO_DIR%%/includes/phpmailer
 @dirrm %%MAMBO_DIR%%/includes/patTemplate/tmpl


and thats all

Francisco Cabrita aka include
 
 --
 Nucleo Portugues de FreeBSD - Core Member
 http://npf.pt.freebsd.org
 http://npf.pt.freebsd.org/~include/

>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:
Class-Changed-From-To: update->maintainer-update 
Class-Changed-By: ceri 
Class-Changed-When: Wed Aug 3 10:04:16 GMT 2005 
Class-Changed-Why:  
This is a maintainer security update. 


Responsible-Changed-From-To: freebsd-www->freebsd-port-bugs 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Wed Aug 3 10:04:16 GMT 2005 
Responsible-Changed-Why:  
Reassign to ports team. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84510 
Responsible-Changed-From-To: freebsd-port-bugs->lawrance 
Responsible-Changed-By: lawrance 
Responsible-Changed-When: Wed Aug 3 14:51:30 GMT 2005 
Responsible-Changed-Why:  
I'll take this 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84510 
State-Changed-From-To: open->closed 
State-Changed-By: lawrance 
State-Changed-When: Thu Aug 4 05:25:01 GMT 2005 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84510 
>Unformatted:
