From nobody@FreeBSD.org  Thu Jun 29 11:11:24 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E44C316A407
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Jun 2006 11:11:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D33843DB0
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Jun 2006 11:11:18 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k5TBBHT7087813
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Jun 2006 11:11:17 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k5TBBH6K087812;
	Thu, 29 Jun 2006 11:11:17 GMT
	(envelope-from nobody)
Message-Id: <200606291111.k5TBBH6K087812@www.freebsd.org>
Date: Thu, 29 Jun 2006 11:11:17 GMT
From: Francisco Alves Cabrita <include@npf.deec.uc.pt>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [UPDATE] : www/joomla Several Security Update. Affect ALL Previous versions!
X-Send-Pr-Version: www-2.3

>Number:         99601
>Category:       ports
>Synopsis:       [UPDATE] : www/joomla Several Security Update. Affect ALL Previous versions!
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 29 11:20:22 GMT 2006
>Closed-Date:    Fri Jun 30 22:49:25 GMT 2006
>Last-Modified:  Fri Jun 30 22:49:25 GMT 2006
>Originator:     Francisco Alves Cabrita
>Release:        FreeBSD 6.1-RELEAS-p1
>Organization:
Ncleo Portugus de FreeBSD
>Environment:
FreeBSD fac.sufixo.com 6.1-RELEASE-p1 FreeBSD 6.1-RELEASE-p1 #0: Wed Jun 14 01:38:05 WEST 2006     fac@fac.sufixo.com:/usr/obj/usr/src/sys/SIXONE  i386
>Description:
All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla! 

1.0.10 contains the following important security fixes:

    * 03 High Level Security Fixes
    * 01 Medium Level Security Fixes
    * 05 Low Level security
    * 40+ General bug fixes

If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.10 

1.0.10 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.
>How-To-Repeat:

>Fix:
diff -ruN joomla.orig/Makefile joomla/Makefile
--- joomla.orig/Makefile	Thu Jun 29 11:44:23 2006
+++ joomla/Makefile	Thu Jun 29 11:46:29 2006
@@ -5,9 +5,9 @@
 # $FreeBSD: ports/www/joomla/Makefile,v 1.7 2006/06/18 19:35:00 miwi Exp $
 
 PORTNAME=	joomla
-PORTVERSION=	1.0.9
+PORTVERSION=	1.0.10
 CATEGORIES=	www
-MASTER_SITES=	http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_9/frs5459?dl=1/:source1
+MASTER_SITES=	http://developer.joomla.org/sf/frs/do/downloadFile/projects.joomla/frs.joomla_1_0.1_0_10/frs5789?dl=1/:source1
 DISTFILES=	${JOOMLA_SRC}:source1
 
 MAINTAINER=	include@npf.pt.freebsd.org
diff -ruN joomla.orig/distinfo joomla/distinfo
--- joomla.orig/distinfo	Thu Jun 29 11:44:23 2006
+++ joomla/distinfo	Thu Jun 29 11:46:46 2006
@@ -1,3 +1,3 @@
-MD5 (joomla/Joomla_1.0.9-Stable-Full_Package.tar.bz2) = 3c18e37523a983d189c074c8591ee664
-SHA256 (joomla/Joomla_1.0.9-Stable-Full_Package.tar.bz2) = 8cac088a684af50458dd1c37e667064dac5cb3213b9556d1f966377f93b3c84a
-SIZE (joomla/Joomla_1.0.9-Stable-Full_Package.tar.bz2) = 2775408
+MD5 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 4c608dc14fe8952bd35803e5cc8f56cc
+SHA256 (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 99c265c9bc7d163e3f6bdcb92d3f48dcc51c6b5bb84aedd4d350c5cdbc37e9e2
+SIZE (joomla/Joomla_1.0.10-Stable-Full_Package.tar.bz2) = 1707685
diff -ruN joomla.orig/pkg-plist joomla/pkg-plist
--- joomla.orig/pkg-plist	Thu Jun 29 11:44:23 2006
+++ joomla/pkg-plist	Thu Jun 29 12:07:13 2006
@@ -702,6 +702,7 @@
 www/joomla/images/unarchive_f2.png
 www/joomla/images/unpublish_f2.png
 www/joomla/images/upload_f2.png
+www/joomla/includes/joomla.cache.php
 www/joomla/includes/Archive/Tar.php
 www/joomla/includes/Cache/LICENSE
 www/joomla/includes/Cache/Lite.php
@@ -1044,7 +1045,6 @@
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/index.html
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/langs/en.js
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/langs/index.html
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/license.txt
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/editor_plugin.js
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/editor_plugin_src.js
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/_template/images/index.html
@@ -1288,12 +1288,6 @@
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/editor_plugin_src.js
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/readme.txt
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/index.html
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/es.js
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/he.js
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/index.html
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru.js
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru_KOI8-R.js
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs/ru_UTF-8.js
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/about.htm
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/anchor.htm
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/charmap.htm
@@ -1319,7 +1313,6 @@
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/buttons.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/button_menu.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/cancel_button_bg.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/center.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/charmap.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/cleanup.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/close.gif
@@ -1329,7 +1322,6 @@
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/custom_1.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/cut.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/forecolor.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/full.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/help.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/hr.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/image.gif
@@ -1345,7 +1337,6 @@
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/justifyfull.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/justifyleft.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/justifyright.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/left.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/link.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/menu_check.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/newdocument.gif
@@ -1355,20 +1346,12 @@
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/paste.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/redo.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/removeformat.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/right.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/separator.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/spacer.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/statusbar_resize.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/strikethrough.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/sub.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/sup.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_delete_col.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_delete_row.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_col_after.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_col_before.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_row_after.gif
-www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/table_insert_row_before.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_es.gif
 www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/images/underline_fr.gif
@@ -1586,7 +1569,6 @@
 @dirrm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced/css
 @dirrm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes/advanced
 @dirrm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/themes
-@dirrm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom/langs
 @dirrm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/zoom
 @dirrm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/langs
 @dirrm www/joomla/mambots/editors/tinymce/jscripts/tiny_mce/plugins/table/jscripts

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Jun 29 11:20:55 UTC 2006 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=99601 
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Thu Jun 29 11:53:07 UTC 2006 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=99601 

From: "Francisco Cabrita <include>" <include@npf.pt.freebsd.org>
To: bug-followup@FreeBSD.org
Cc: Francisco Alves Cabrita <include@npf.deec.uc.pt>
Subject: Re: ports/99601: [UPDATE] : www/joomla Several Security Update.
 Affect ALL Previous versions!
Date: Thu, 29 Jun 2006 14:49:16 +0100 (WEST)

 I already sended the vuxml entry to security-team@FreeBSD.org but no one 
 as updated the database, so I will past it here again.
 
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
    <vuln vid="1f935f61-075d-11db-822b-728b50d539a3">
      <topic>Joomla -- High Level vulnerabilities affect ALL Previous 
 versions!</topic>
      <affects>
        <package>
          <name>joomla</name>
          <range><lt>1.0.10</lt></range>
        </package>
      </affects>
      <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
          <p>Joomla Site reports:</p>
          <blockquote cite="http://www.joomla.org/content/view/1510/74/">
            <p>All existing Joomla! users MUST UPGRADE to this version,
              due to several High Level vulnerabilities that affect ALL
              Previous versions of Joomla!
              1.0.10 contains the following important security fixes:
              * 03 High Level Security Fixes
              * 01 Medium Level Security Fixes
              * 05 Low Level security
              * 40+ General bug fixes
              If you are using ANY previous version of Joomla!, you need
              to upgrade to 1.0.10.
              1.0.10 is available as a Full Package, which contains all
              Joomla! files and Patch Packages which contain only the
              files that have been changed by the Stability work conducted
              from previous Joomla! 1.0.x versions.
            </p>
          </blockquote>
        </body>
      </description>
      <references>
        <url>http://secunia.com/advisories/20746/</url>
        <url>http://www.joomla.org/content/view/1510/74/</url>
      </references>
      <dates>
        <discovery>2006-06-26</discovery>
        <entry>2006-06-29</entry>
      </dates>
    </vuln>
 
 Best Regards
 Francisco
 
 --
 Nucleo Portugues de FreeBSD - Core Member
 http://npf.pt.freebsd.org
 http://npf.pt.freebsd.org/~include/
 
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Fri Jun 30 22:49:22 UTC 2006 
State-Changed-Why:  
Committed, with minor changes. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=99601 
>Unformatted:
