- Update www/typo3 to 4.7.4 [1]
- Convert to new options framework [1] - Update www/typo345 to 4.5.19 [2] - Update www/typo346 to 4.6.12 [3] - Changes: https://typo3.org/news/article/typo3-4519-4612-and-474-released/ - Document security vulnerabilities [4] https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ PR: ports/170650 [1] PR: ports/170647 [2] PR: ports/170649 [3] Submitted by: Helmut Schneider <jumper99@gmx.de> (maintainer) Security: 48bcb4b2-e708-11e1-a59d-000d601460a4 [4] Approved by: eadler (mentor)
This commit is contained in:
Bryan Drewery
parent
7f76fecb9a
commit
f4ebd140ed
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=302596
11 changed files with 82 additions and 28 deletions
|
|
@ -52,6 +52,56 @@ Note: Please add new entries to the beginning of this file.
|
|||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="48bcb4b2-e708-11e1-a59d-000d601460a4">
|
||||
<topic>typo3 -- Multiple vulernabilities in TYPO3 Core</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>typo3</name>
|
||||
<range><ge>4.5.0</ge><lt>4.5.19</lt></range>
|
||||
<range><ge>4.6.0</ge><lt>4.6.12</lt></range>
|
||||
<range><ge>4.7.0</ge><lt>4.7.4</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Typo Security Team reports:</p>
|
||||
<blockquote cite="https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/">
|
||||
<p>It has been discovered that TYPO3 Core is vulnerable to Cross-Site
|
||||
Scripting, Information Disclosure, Insecure Unserialize leading to
|
||||
Arbitrary Code Execution.</p>
|
||||
<p>TYPO3 Backend Help System - Due to a missing signature (HMAC) for a
|
||||
parameter in the view_help.php file, an attacker could unserialize
|
||||
arbitrary objects within TYPO3. We are aware of a working exploit,
|
||||
which can lead to arbitrary code execution. A valid backend user
|
||||
login or multiple successful cross site request forgery attacks are
|
||||
required to exploit this vulnerability.</p>
|
||||
<p>TYPO3 Backend - Failing to properly HTML-encode user input in
|
||||
several places, the TYPO3 backend is susceptible to Cross-Site
|
||||
Scripting. A valid backend user is required to exploit these
|
||||
vulnerabilities.</p>
|
||||
<p>TYPO3 Backend - Accessing the configuration module discloses the
|
||||
Encryption Key. A valid backend user with access to the
|
||||
configuration module is required to exploit this vulnerability.</p>
|
||||
<p>TYPO3 HTML Sanitizing API - By not removing several HTML5
|
||||
JavaScript events, the API method t3lib_div::RemoveXSS() fails to
|
||||
filter specially crafted HTML injections, thus is susceptible to
|
||||
Cross-Site Scripting. Failing to properly encode for JavaScript the
|
||||
API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site
|
||||
Scripting.</p>
|
||||
<p>TYPO3 Install Tool - Failing to properly sanitize user input, the
|
||||
Install Tool is susceptible to Cross-Site Scripting.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2012-08-15</discovery>
|
||||
<entry>2012-08-15</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="83f9e943-e664-11e1-a66d-080027ef73ec">
|
||||
<topic>fetchmail -- two vulnerabilities in NTLM authentication</topic>
|
||||
<affects>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
#
|
||||
|
||||
PORTNAME= typo3
|
||||
PORTVERSION= 4.7.2
|
||||
PORTVERSION= 4.7.4
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION}
|
||||
|
||||
|
|
@ -31,31 +31,30 @@ PLIST_SUB+= PORTVERSION="${PORTVERSION}"
|
|||
|
||||
DISTFILES+= ${TYPO3SRC}${EXTRACT_SUFX} ${TYPO3DUMMY}${EXTRACT_SUFX}
|
||||
|
||||
OPTIONS= CURL "Configure with cURL support" off \
|
||||
GD "Configure with GDlib/freetype support" off \
|
||||
IMAGICK "Configure with ImageMagick support" off \
|
||||
MBSTRING "Configure with mbstring support" off \
|
||||
ZLIB "Configure with zlib support" off
|
||||
OPTIONS_DEFINE= CURL GD IMAGICK MBSTRING ZLIB
|
||||
IMAGICK_DESC= ${IMAGEMAGICK_DESC}
|
||||
MBSTRING_DESC= ${MULTIBYTE_DESC}
|
||||
GD_DESC= GDlib/freetype support
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if defined(WITH_CURL)
|
||||
.if ${PORT_OPTIONS:MCURL}
|
||||
USE_PHP+= curl
|
||||
.endif
|
||||
|
||||
.if defined(WITH_GD)
|
||||
.if ${PORT_OPTIONS:MGD}
|
||||
USE_PHP+= gd
|
||||
.endif
|
||||
|
||||
.if defined(WITH_IMAGICK)
|
||||
.if ${PORT_OPTIONS:MIMAGICK}
|
||||
RUN_DEPENDS+= ${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick
|
||||
.endif
|
||||
|
||||
.if defined(WITH_MBSTRING)
|
||||
.if ${PORT_OPTIONS:MMBSTRING}
|
||||
USE_PHP+= mbstring
|
||||
.endif
|
||||
|
||||
.if defined(WITH_ZLIB)
|
||||
.if ${PORT_OPTIONS:MZLIB}
|
||||
USE_PHP+= zlib
|
||||
.endif
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
SHA256 (typo3_src-4.7.2.tar.gz) = 43a3390b2580f7c74819377441b669d3d2d0a62c686036224e073b7b1db90ee9
|
||||
SIZE (typo3_src-4.7.2.tar.gz) = 22374815
|
||||
SHA256 (dummy-4.7.2.tar.gz) = 693a2c30325aa1697f5f3bb905caf755fcf6db4718008635af1461ccea56761c
|
||||
SIZE (dummy-4.7.2.tar.gz) = 10148
|
||||
SHA256 (typo3_src-4.7.4.tar.gz) = f770f8ae7cbb1b2a70547d9dcc53b6e2372467940884b3e0701b1c221682193d
|
||||
SIZE (typo3_src-4.7.4.tar.gz) = 22375813
|
||||
SHA256 (dummy-4.7.4.tar.gz) = 21e17c67783a9e91ad39a011604fd61ceb946627e835943d32609f4a4393ba4b
|
||||
SIZE (dummy-4.7.4.tar.gz) = 10139
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ on the web and in intranets. It offers full flexibility and extendability while
|
|||
featuring an accomplished set of ready-made interfaces, functions and modules.
|
||||
|
||||
This version is the current stable release. It is recommended for existing
|
||||
projects and will get full support (bugfixes and security fixes) until April 2013,
|
||||
but will get security fixes until October 2013.
|
||||
projects and will get full support (bugfixes and security fixes) until April
|
||||
2013, but will get security fixes until October 2013.
|
||||
|
||||
WWW: http://typo3.org/
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@
|
|||
%%WWWDIR%%/uploads/media/index.html
|
||||
%%WWWDIR%%/uploads/pics/index.html
|
||||
%%WWWDIR%%/uploads/tf/index.html
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/.travis.yml
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/ChangeLog
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/GPL.txt
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/INSTALL.txt
|
||||
|
|
@ -136,6 +135,7 @@
|
|||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/AbstractRecordCollection.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/RecordCollectionRepository.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/StaticRecordCollection.php
|
||||
|
|
@ -9251,6 +9251,7 @@
|
|||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection/interfaces
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/collection
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
#
|
||||
|
||||
PORTNAME= typo3
|
||||
PORTVERSION= 4.5.18
|
||||
PORTVERSION= 4.5.19
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
SHA256 (typo3_src-4.5.18.tar.gz) = 68da30e14124c697c070046b14886ec64ecd38b8b17895a122e1a5f45e516fa2
|
||||
SIZE (typo3_src-4.5.18.tar.gz) = 20559614
|
||||
SHA256 (dummy-4.5.18.tar.gz) = 9a88878e802ff1b743152cc0f79ed038e769c2436784266725e02d848a07f18d
|
||||
SIZE (dummy-4.5.18.tar.gz) = 9858
|
||||
SHA256 (typo3_src-4.5.19.tar.gz) = 9a70d9e8980acdd5745c7b141d92ff9f680e360905befd484b51e07d13e3a0ba
|
||||
SIZE (typo3_src-4.5.19.tar.gz) = 20560147
|
||||
SHA256 (dummy-4.5.19.tar.gz) = 9ed92532a2827e0d3503683e076b3cef90fe89ff1010a4a0b70a9a172c54bafb
|
||||
SIZE (dummy-4.5.19.tar.gz) = 9858
|
||||
|
|
|
|||
|
|
@ -136,6 +136,7 @@
|
|||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/config_default.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractcontextmenu.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractdataprovider.php
|
||||
|
|
@ -8300,6 +8301,7 @@
|
|||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/pagetree
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/extdirect
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
#
|
||||
|
||||
PORTNAME= typo3
|
||||
PORTVERSION= 4.6.11
|
||||
PORTVERSION= 4.6.12
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= SF/${PORTNAME}/TYPO3%20Source%20and%20Dummy/TYPO3%20${PORTVERSION}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
SHA256 (typo3_src-4.6.11.tar.gz) = 62acbc0876c2cbf452c435a5a09e11b60b3ea8d724a455f92d2caea07bb2ff89
|
||||
SIZE (typo3_src-4.6.11.tar.gz) = 21289682
|
||||
SHA256 (dummy-4.6.11.tar.gz) = 87e711ba875c3f9c90d730ff6a5c14b5c05bf2da06de46b0fe98090d04e9bdc2
|
||||
SIZE (dummy-4.6.11.tar.gz) = 10138
|
||||
SHA256 (typo3_src-4.6.12.tar.gz) = 99ba9550ed74b1c9185fda8bcaf17da3a7b433fd62608afcb24c21a7f25df8b8
|
||||
SIZE (typo3_src-4.6.12.tar.gz) = 21288826
|
||||
SHA256 (dummy-4.6.12.tar.gz) = cfa9a8a1b4fad18d27fc0a88b0e2e165b2d4d4cf5eada2343819f9621a77f508
|
||||
SIZE (dummy-4.6.12.tar.gz) = 10143
|
||||
|
|
|
|||
|
|
@ -136,6 +136,7 @@
|
|||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauth.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_userauthgroup.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/class.t3lib_xml.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec/class.t3lib_codec_javascriptencoder.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/config_default.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractcontextmenu.php
|
||||
%%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/class.t3lib_contextmenu_abstractdataprovider.php
|
||||
|
|
@ -8994,6 +8995,7 @@
|
|||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/pagetree
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu/extdirect
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/contextmenu
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/codec
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend/interfaces
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/frontend
|
||||
@dirrm %%WWWDIR%%_src-%%PORTVERSION%%/t3lib/cache/exception
|
||||
|
|
|
|||
Loading…
Reference in a new issue