From nobody@FreeBSD.org Sat Aug 13 09:31:54 2011 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62E2F106564A for ; Sat, 13 Aug 2011 09:31:54 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 38F8E8FC0A for ; Sat, 13 Aug 2011 09:31:54 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p7D9Vr2I035677 for ; Sat, 13 Aug 2011 09:31:53 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p7D9Vrfs035676; Sat, 13 Aug 2011 09:31:53 GMT (envelope-from nobody) Message-Id: <201108130931.p7D9Vrfs035676@red.freebsd.org> Date: Sat, 13 Aug 2011 09:31:53 GMT From: Ansgar Burchardt To: freebsd-gnats-submit@FreeBSD.org Subject: sysutils/dtc: many security issues X-Send-Pr-Version: www-3.1 X-GNATS-Notify: fkiernan@id.net.ar >Number: 159736 >Category: ports >Synopsis: sysutils/dtc: many security issues >Confidential: no >Severity: non-critical >Priority: low >Responsible: crees >State: closed >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Aug 13 09:40:03 UTC 2011 >Closed-Date: Sat Sep 17 17:45:31 UTC 2011 >Last-Modified: Tue Sep 20 14:40:07 UTC 2011 >Originator: Ansgar Burchardt >Release: >Organization: >Environment: >Description: The FreeBSD ports collection appears to distribute dtc/0.32.0.1 which has many security issues allowing full access even without an account. These include CVE-2011-0434, CVE-2011-0435, CVE-2011-0436, CVE-2011-0437[1]. Please be also aware of current issues[2]. Regards, Ansgar [1] [2] >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open->feedback State-Changed-By: edwin State-Changed-When: Sat Aug 13 09:40:13 UTC 2011 State-Changed-Why: Awaiting maintainers feedback (via the GNATS Auto Assign Tool) http://www.freebsd.org/cgi/query-pr.cgi?pr=159736 From: Edwin Groothuis To: fkiernan@id.net.ar Cc: bug-followup@FreeBSD.org Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Sat, 13 Aug 2011 09:40:11 UT Maintainer of sysutils/dtc, Please note that PR ports/159736 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/159736 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org Responsible-Changed-From-To: freebsd-ports-bugs->crees Responsible-Changed-By: crees Responsible-Changed-When: Sat Aug 13 13:28:45 UTC 2011 Responsible-Changed-Why: I'll take it. http://www.freebsd.org/cgi/query-pr.cgi?pr=159736 Class-Changed-From-To: sw-bug->update Class-Changed-By: crees Class-Changed-When: Sat Aug 13 15:03:22 UTC 2011 Class-Changed-Why: Thanks very much for reporting this Ansgar, I have added it to our vuln database and the port can no longer be installed. Maintainer, please would you update the port to the latest version and send it in a new PR? http://www.freebsd.org/cgi/query-pr.cgi?pr=159736 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/159736: commit references a PR Date: Sat, 13 Aug 2011 15:02:38 +0000 (UTC) crees 2011-08-13 15:02:29 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document dtc security issues PR: ports/159736 Submitted by: Ansgar Burchardt Revision Changes Path 1.2407 +37 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/159736: commit references a PR Date: Sun, 28 Aug 2011 17:53:38 +0000 (UTC) crees 2011-08-28 17:53:25 UTC FreeBSD ports repository Modified files: sysutils/dtc Makefile Log: - Mark FORBIDDEN in response to security issues in vuxml - While here, remove irrelevant CONFLICTS PR: ports/159736 Revision Changes Path 1.38 +1 -1 ports/sysutils/dtc/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" State-Changed-From-To: feedback->patched State-Changed-By: crees State-Changed-When: Thu Sep 1 18:25:14 UTC 2011 State-Changed-Why: Deprecated for removal on 01/10 http://www.freebsd.org/cgi/query-pr.cgi?pr=159736 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/159736: commit references a PR Date: Thu, 1 Sep 2011 18:24:37 +0000 (UTC) crees 2011-09-01 18:24:28 UTC FreeBSD ports repository Modified files: sysutils/dtc Makefile Log: Deprecate for removal on 2011/10/01 PR: ports/159736 Submitted by: Ansgar Burchardt Approved by: maintainer timeout (18 days) Revision Changes Path 1.39 +2 -0 ports/sysutils/dtc/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From: Kurt Jaeger To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org Cc: thomas@goirand.fr Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Fri, 2 Sep 2011 20:57:33 +0200 Hi! I got in contact with the dtc author and he provided the following update to the port. He's willing to become the maintainer for the port. Please have a look. -------------- diff -r -u sysutils/dtc/Makefile /usr/home/pi/myp/sysutils/dtc/Makefile --- sysutils/dtc/Makefile 2011-09-01 23:31:49.000000000 +0200 +++ /usr/home/pi/myp/sysutils/dtc/Makefile 2011-09-02 20:18:59.000000000 +0200 @@ -2,11 +2,11 @@ # Date created: 1 December 2003 # Whom: Frederic Cambus & Thomas Goirand & Marc G. Fournier # -# $FreeBSD: ports/sysutils/dtc/Makefile,v 1.39 2011/09/01 18:24:28 crees Exp $ +# $FreeBSD$ # PORTNAME= dtc -PORTVERSION= 0.32.0.1 +PORTVERSION= 0.34.2.1 CATEGORIES= sysutils MASTER_SITES= ftp://ftp.gplhost.sg/pub/dtc/bsd/ \ ftp://qala-sg.apt-proxy.gplhost.sg/pub/dtc/bsd/ \ @@ -18,7 +18,7 @@ ftp://972.apt-proxy.gplhost.com/pub/dtc/bsd/ \ http://ftp.gplhost.fr/pub/dtc/bsd/ -MAINTAINER= fkiernan@id.net.ar +MAINTAINER= thomas@goirand.fr COMMENT= A hosting web GUI for admin and accounting all hosting services RUN_DEPENDS= ${LOCALBASE}/${APACHEMODDIR}/mod_log_sql.so:${PORTSDIR}/www/mod_log_sql2-dtc \ @@ -40,9 +40,7 @@ ${LOCALBASE}/sbin/logrotate:${PORTSDIR}/sysutils/logrotate \ ${LOCALBASE}/bin/bash:${PORTSDIR}/shells/bash -DEPRECATED= ${FORBIDDEN} -EXPIRATION_DATE=2011-10-01 -FORBIDDEN= Many security issues, see http://bugs.freebsd.org/159736 +CONFLICTS= dtc-toaster-[0-9]* dtc-postfix-courier-[0-9]* USE_GETTEXT= yes @@ -54,11 +52,10 @@ USE_PHP= mysql pcre session MAN8= dtc-chroot-shell.8 MANCOMPRESSED= no -USE_APACHE_RUN= 22+ .if defined(WITH_PHP5) DEFAULT_PHP_VER=5 -IGNORE_WITH_PHP=4 +BROKEN_WITH_PHP=4 RUN_DEPENDS+= ${LOCALBASE}/bin/pear:${PORTSDIR}/devel/pear USE_PHP+= bz2 gd mbstring mcrypt mysql mysqli openssl pcre \ session sockets xml zlib curl @@ -120,14 +117,16 @@ RUN_DEPENDS+= ${LOCALBASE}/www/phpMyAdmin/index.php:${PORTSDIR}/databases/phpmyadmin .endif -.if defined(WITH_APACHE) -USE_APACHE= 22+ -.endif +USE_APACHE= 2.2+ .if defined(WITH_DOVECOT) RUN_DEPENDS+= ${LOCALBASE}/sbin/dovecot:${PORTSDIR}/mail/dovecot .endif +.if defined(WITH_MYSQMAIL) +RUN_DEPENDS+= ${LOCALBASE}/sbin/mysqmail-postfix-logger:${PORTSDIR}/sysutils/mysqmail +.endif + .if defined(WITH_FREERADIUS) RUN_DEPENDS+= ${LOCALBASE}/sbin/radiusd:${PORTSDIR}/net/freeradius2 .endif @@ -142,7 +141,7 @@ @${INSTALL_SCRIPT} ${WRKDIR}/dtc-deinstall ${PREFIX}/sbin/dtc-deinstall @${GMAKE} -C ${WRKSRC} install-dtc-common INSTALL=install \ DTC_APP_DIR=${WWWDIR} DTC_GEN_DIR=${PREFIX}/var/dtc CONFIG_DIR=${PREFIX}/etc DTC_ETC_DIRECTORY=${ETCDIR} \ - DTC_DOC_DIR=${DOCSDIR} MANUAL_DIR=${MANPREFIX}/man BIN_DIR=${PREFIX}/bin UNIX_TYPE=bsd VERS=0.32.0 + DTC_DOC_DIR=${DOCSDIR} MANUAL_DIR=${MANPREFIX}/man BIN_DIR=${PREFIX}/bin UNIX_TYPE=bsd VERS=0.34.2.1 @${CAT} ${PKGMESSAGE} .include diff -r -u sysutils/dtc/distinfo /usr/home/pi/myp/sysutils/dtc/distinfo --- sysutils/dtc/distinfo 2011-03-19 23:16:19.000000000 +0100 +++ /usr/home/pi/myp/sysutils/dtc/distinfo 2011-09-02 20:19:00.000000000 +0200 @@ -1,2 +1,2 @@ -SHA256 (dtc-0.32.0.1.tar.gz) = a863c53d11b5f0f1959173e01e42d830eee598ce17b436c0c804c388b5f94110 -SIZE (dtc-0.32.0.1.tar.gz) = 12099406 +SHA256 (dtc-0.34.2.1.tar.gz) = c6e1617f95ecf54273fef3f93f9260f35d39d40899b1ac175c6bc40c8c9f8299 +SIZE (dtc-0.34.2.1.tar.gz) = 8850302 Only in sysutils/dtc/files: patch-Makefile diff -r -u sysutils/dtc/pkg-descr /usr/home/pi/myp/sysutils/dtc/pkg-descr --- sysutils/dtc/pkg-descr 2006-11-20 15:19:39.000000000 +0100 +++ /usr/home/pi/myp/sysutils/dtc/pkg-descr 2011-09-02 20:49:35.000000000 +0200 @@ -4,13 +4,13 @@ task of creating subdomains, email, and FTP accounts to users for the domain names they own. DTC manages a MySQL database containing all the hosting informations. It has support for many programs (bind 8 and 9 and -compatibles, MySQL, Apache 1.3, php4, qmail, postfix 2, courier, dovecot, +compatibles, MySQL, Apache, php, qmail, postfix 2, courier, dovecot, proftpd, webalizer, mod-log-sql, etc...) thrue config files and/or MySQL plugin (when service is non-critical). It can also generates backup scripts, calculation scripts, and config files using a single system UID/GID, and monitor all trafic accounting per user and per service. Since version 0.12, -DTC is fully skinable and translated in 7 language (Chinese, English, -Spanish, French, Deuch, German and Russian). +DTC is fully skinable and translated in many languages (including: Chinese, +English, Spanish, French, Deuch, German and Russian, etc.). WWW: http://www.gplhost.com/software-dtc.html diff -r -u sysutils/dtc/pkg-plist /usr/home/pi/myp/sysutils/dtc/pkg-plist --- sysutils/dtc/pkg-plist 2010-09-16 23:13:14.000000000 +0200 +++ /usr/home/pi/myp/sysutils/dtc/pkg-plist 2011-09-02 20:19:05.000000000 +0200 @@ -44,7 +44,6 @@ %%WWWDIR%%/shared/inc/sql/vps.php %%WWWDIR%%/shared/inc/sql/ticket.php %%WWWDIR%%/shared/inc/sql/subdomain.php -%%WWWDIR%%/shared/inc/sql/ssh.php %%WWWDIR%%/shared/inc/sql/reseller.php %%WWWDIR%%/shared/inc/sql/lists.php %%WWWDIR%%/shared/inc/sql/email.php @@ -61,6 +60,7 @@ %%WWWDIR%%/shared/inc/forms/vps_installation.php %%WWWDIR%%/shared/inc/forms/vps_graphs.php %%WWWDIR%%/shared/inc/forms/vps_dom0graphs.php +%%WWWDIR%%/shared/inc/forms/user_cronjobs.php %%WWWDIR%%/shared/inc/forms/tools.php %%WWWDIR%%/shared/inc/forms/ticket.php %%WWWDIR%%/shared/inc/forms/subdomain.php @@ -69,6 +69,7 @@ %%WWWDIR%%/shared/inc/forms/reseller.php %%WWWDIR%%/shared/inc/forms/packager.php %%WWWDIR%%/shared/inc/forms/my_account.php +%%WWWDIR%%/shared/inc/forms/multiple_renew.php %%WWWDIR%%/shared/inc/forms/lists.php %%WWWDIR%%/shared/inc/forms/invoices.php %%WWWDIR%%/shared/inc/forms/ftp.php @@ -352,104 +353,6 @@ %%WWWDIR%%/shared/gfx/skin/paperboard/bgwin.png %%WWWDIR%%/shared/gfx/skin/paperboard/bgtitlewin.png %%WWWDIR%%/shared/gfx/skin/paperboard/bgcolor.php -%%WWWDIR%%/shared/gfx/skin/grayboard/skin.php -%%WWWDIR%%/shared/gfx/skin/grayboard/pagetop.html -%%WWWDIR%%/shared/gfx/skin/grayboard/layout.php -%%WWWDIR%%/shared/gfx/skin/grayboard/js/slide.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/pngfix/x.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/js/pngfix/supersleight-min.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/mbTooltip.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/jquery.uniform.min.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/jquery.timers.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/jquery.dropshadow.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/IePower_fr.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/IePower_en.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/gradualfader.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/general.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/easing.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/DD_roundies-min.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/css_adds.js -%%WWWDIR%%/shared/gfx/skin/grayboard/js/css_adds_IE.js -%%WWWDIR%%/shared/gfx/skin/grayboard/imgshort.png -%%WWWDIR%%/shared/gfx/skin/grayboard/imglong.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/users.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/toggle_plus.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/toggle_minus.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/tab_r.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/tab_m.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/tab_l.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/tab_b.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/system-monitor.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/sprite.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/sprite-agent.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/shade.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/renew.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/plus.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/packs.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/minus.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/g_admin.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/g_admino.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/dtc_admin.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/domain.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/domaino.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/conf_gen.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/clients.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/client.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/cliento.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/bt_register.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/bt_open.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/btn2.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/bt_login.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/bt_close.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/black_arrow.png -%%WWWDIR%%/shared/gfx/skin/grayboard/images/bandwidth.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/zh.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/tw.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/treeview/box_wnb_tv_leaf_tree-finalbranch.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/treeview/box_wnb_tv_leaf_tree-branch.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/spacer.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/se.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/safari.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/ru.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/pt.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/pl.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/p_domainconfig.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/p_clientinterface.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/opera.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/nl.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/logo_dtc.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/it.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/hu.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/help.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/fr.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/flock.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/firefox.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/fi.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/es.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/en.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/de.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx_defaults.php -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/chrome.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons/btn_seepass.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons/btn_p_ok.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons/btn_p_delete.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons/btn_p_add.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons/btn_help.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons/btn_help.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons/btn_generatepass.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/btn_seepass.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/btn_p_ok.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/btn_p_delete.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/btn_p_add.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/btn_help.png -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/btn_generatepass.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/box_wnb_tv_leaf_tree.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/box_wnb_tv_leaf_tree-finalbranch.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/gfx/box_wnb_tv_leaf_tree-branch.gif -%%WWWDIR%%/shared/gfx/skin/grayboard/css/style.css -%%WWWDIR%%/shared/gfx/skin/grayboard/css/slide.css -%%WWWDIR%%/shared/gfx/skin/grayboard/css/skin.css -%%WWWDIR%%/shared/gfx/skin/grayboard/bgcolor.php %%WWWDIR%%/shared/gfx/skin/default_layout.php %%WWWDIR%%/shared/gfx/skin/bwoup/skin.php %%WWWDIR%%/shared/gfx/skin/bwoup/skin.css @@ -655,6 +558,7 @@ %%WWWDIR%%/shared/dtcrm/draw_adddomain.php %%WWWDIR%%/shared/dtc_lib.php %%WWWDIR%%/shared/drawlib/tree_menu.php +%%WWWDIR%%/shared/drawlib/top_bad_passwords.txt %%WWWDIR%%/shared/drawlib/templates.php %%WWWDIR%%/shared/drawlib/skin.php %%WWWDIR%%/shared/drawlib/skinLib.php @@ -721,13 +625,16 @@ %%WWWDIR%%/admin/vm-cpu.php %%WWWDIR%%/admin/vm-cpu-all.php %%WWWDIR%%/admin/view_waitingusers.php +%%WWWDIR%%/admin/update_sbox_bootstrap_copy %%WWWDIR%%/admin/updateChroot.sh %%WWWDIR%%/admin/support-receive.php %%WWWDIR%%/admin/stat_total_active_prods.php %%WWWDIR%%/admin/sa-wrapper %%WWWDIR%%/admin/rrdtool.sh %%WWWDIR%%/admin/restor_db.php +%%WWWDIR%%/admin/remount_aufs %%WWWDIR%%/admin/reminders.php +%%WWWDIR%%/admin/rbl_change.sh %%WWWDIR%%/admin/queuegraph/createrrd.sh %%WWWDIR%%/admin/queuegraph/count_qmail.sh %%WWWDIR%%/admin/queuegraph/count_postfix.sh @@ -751,6 +658,7 @@ %%WWWDIR%%/admin/mod-security/modsecurity_crs_21_protocol_anomalies.conf %%WWWDIR%%/admin/mod-security/modsecurity_crs_20_protocol_violations.conf %%WWWDIR%%/admin/mod-security/modsecurity_crs_10_config.conf +%%WWWDIR%%/admin/migrate_to_server.php %%WWWDIR%%/admin/memgraph.php %%WWWDIR%%/admin/memgraph/get_meminfo.sh %%WWWDIR%%/admin/memgraph/createrrd.sh @@ -763,6 +671,7 @@ %%WWWDIR%%/admin/install/redhat_config %%WWWDIR%%/admin/install/osx_config %%WWWDIR%%/admin/install/mk_root_mailbox.php +%%WWWDIR%%/admin/install/minimal_chroot %%WWWDIR%%/admin/install/interactive_installer %%WWWDIR%%/admin/install/install %%WWWDIR%%/admin/install/gentoo_config @@ -772,6 +681,7 @@ %%WWWDIR%%/admin/install/bsdphpmyadmin.conf %%WWWDIR%%/admin/install/bsd_config %%WWWDIR%%/admin/index.php +%%WWWDIR%%/admin/inc/transaction_export.php %%WWWDIR%%/admin/inc/submit_root_querys.php %%WWWDIR%%/admin/inc/renewals.php %%WWWDIR%%/admin/inc/nav.php @@ -780,10 +690,13 @@ %%WWWDIR%%/admin/inc/graphs.php %%WWWDIR%%/admin/inc/dtc_config.php %%WWWDIR%%/admin/inc/draw_user_admin.php +%%WWWDIR%%/admin/guess_ip.sh %%WWWDIR%%/admin/gfx +%%WWWDIR%%/admin/get_invoices.php %%WWWDIR%%/admin/genfiles/remote_mail_list.php %%WWWDIR%%/admin/genfiles/mailfilter_vacation_template %%WWWDIR%%/admin/genfiles/gen_webalizer_stat.php +%%WWWDIR%%/admin/genfiles/gen_user_cron.php %%WWWDIR%%/admin/genfiles/gen_ssh_account.php %%WWWDIR%%/admin/genfiles/gen_qmail_email_account.php %%WWWDIR%%/admin/genfiles/gen_pro_vhost.php @@ -803,12 +716,15 @@ %%WWWDIR%%/admin/dtcrm/submit_to_sql.php %%WWWDIR%%/admin/dtcrm/product_manager.php %%WWWDIR%%/admin/dtcrm/main.php +%%WWWDIR%%/admin/dtcpassadm +%%WWWDIR%%/admin/dtc_migrate +%%WWWDIR%%/admin/dtc_import_all_dbs %%WWWDIR%%/admin/dtc_db.php -%%WWWDIR%%/admin/dtc-chroot-shell %%WWWDIR%%/admin/dkfilter.patch %%WWWDIR%%/admin/deamons_state.php %%WWWDIR%%/admin/cron.php %%WWWDIR%%/admin/create_stat_total_active_prods_rrd.sh +%%WWWDIR%%/admin/create_sbox_bootstrap_copy %%WWWDIR%%/admin/cpugraph.php %%WWWDIR%%/admin/cpugraph/get_cpu_load.sh %%WWWDIR%%/admin/cpugraph/createrrd.sh @@ -822,9 +738,6 @@ %%DOCSDIR%%/todo %%DOCSDIR%%/README.gentoo %%DOCSDIR%%/more_chroot.sh -%%DOCSDIR%%/iglobalwall/mail_header.rar -%%DOCSDIR%%/iglobalwall/iglobalwall.tar.gz -%%DOCSDIR%%/iglobalwall/doc.txt %%DOCSDIR%%/html/fr/page_top.html %%DOCSDIR%%/html/fr/newadmin.png %%DOCSDIR%%/html/fr/menudtc.png @@ -875,6 +788,7 @@ %%DOCSDIR%%/dtc_storefront/gplhost-testimonials-delete.php %%DOCSDIR%%/dtc_storefront/dtc_storefront.php %%DOCSDIR%%/dtc_storefront/dtc_storefront/dbconnect.php +%%DOCSDIR%%/dtc-chroot-wrapper.8 %%DOCSDIR%%/dtc-chroot-shell.8 %%DOCSDIR%%/dtc_autodeploy.8 %%DOCSDIR%%/dns_transfer.sh @@ -886,6 +800,7 @@ %%DOCSDIR%%/contrib/upgrade-joomla.sh %%DOCSDIR%%/contrib/tail_apache_logs_for_a_domain.php %%DOCSDIR%%/contrib/start-stop-all-daemons +%%DOCSDIR%%/contrib/slavezone_update %%DOCSDIR%%/contrib/re_rsync.sh %%DOCSDIR%%/contrib/reassing_bandwidth_for_vps_and_dedicated.php %%DOCSDIR%%/contrib/get-slave-zones-from-master-dns @@ -1100,7 +1015,10 @@ %%ETCDIR%%/messages_header_es_ES.txt %%ETCDIR%%/messages_header_de_DE.txt %%ETCDIR%%/logrotate.template +%%ETCDIR%%/chroot_allowed_path etc/cron.d/dtc +bin/dtc-chroot-wrapper +bin/dtc-chroot-shell sbin/dtc-install sbin/dtc-deinstall @dirrm %%WWWDIR%%/shared/visitors_template @@ -1164,14 +1082,6 @@ @dirrm %%WWWDIR%%/shared/gfx/skin/paperboard/gfx/buttons @dirrm %%WWWDIR%%/shared/gfx/skin/paperboard/gfx @dirrm %%WWWDIR%%/shared/gfx/skin/paperboard -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard/js/pngfix -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard/js -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard/images -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard/gfx/treeview -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard/gfx/buttons -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard/gfx -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard/css -@dirrm %%WWWDIR%%/shared/gfx/skin/grayboard @dirrm %%WWWDIR%%/shared/gfx/skin/bwoup/gfx/treeview @dirrm %%WWWDIR%%/shared/gfx/skin/bwoup/gfx/tabs @dirrm %%WWWDIR%%/shared/gfx/skin/bwoup/gfx/navbar @@ -1195,8 +1105,6 @@ @dirrm %%WWWDIR%%/shared/gfx/dtc @dirrm %%WWWDIR%%/shared/gfx/bar @dirrm %%WWWDIR%%/shared/gfx -@dirrm %%WWWDIR%%/shared/dtcrm/webnic.cc -@dirrm %%WWWDIR%%/shared/dtcrm/srs @dirrm %%WWWDIR%%/shared/dtcrm/modules/webnic @dirrm %%WWWDIR%%/shared/dtcrm/modules/ovh @dirrm %%WWWDIR%%/shared/dtcrm/modules/internetbs @@ -1207,7 +1115,6 @@ @dirrm %%WWWDIR%%/shared @dirrm %%WWWDIR%%/email @dirrm %%WWWDIR%%/client -@dirrm %%WWWDIR%%/admin/tables @dirrm %%WWWDIR%%/admin/queuegraph @dirrm %%WWWDIR%%/admin/postfix_checks @dirrm %%WWWDIR%%/admin/patches @@ -1220,7 +1127,6 @@ @dirrm %%WWWDIR%%/admin/dtcrm @dirrm %%WWWDIR%%/admin/cpugraph @dirrm %%WWWDIR%%/admin -@dirrm %%DOCSDIR%%/iglobalwall @dirrm %%DOCSDIR%%/html/fr @dirrm %%DOCSDIR%%/html/en @dirrm %%DOCSDIR%%/html @@ -1237,6 +1143,7 @@ @dirrm %%ETCDIR%%/registration_msg @dirrm %%ETCDIR%% @dirrm etc/cron.d +@dirrm etc @dirrmtry var/dtc/etc/slave_zones @dirrmtry var/dtc/etc/zones @dirrmtry var/dtc/etc -------------- -- pi@opsec.eu +49 171 3101372 9 years to go ! State-Changed-From-To: patched->open State-Changed-By: crees State-Changed-When: Sun Sep 4 12:09:19 UTC 2011 State-Changed-Why: New patch by Kurt Jaeger. http://www.freebsd.org/cgi/query-pr.cgi?pr=159736 From: Chris Rees To: Kurt Jaeger , bug-followup@freebsd.org Cc: Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Sun, 4 Sep 2011 17:41:21 +0100 Hi Kurt, Thanks a lot for the patch. I'm testing it, though I've removed two incorrect changes (USE_APACHE to 2.2 and BROKEN_WITH_PHP). I'm also going to chop out the .if defined(WITH_MYSQMAIL) RUN_DEPENDS+= ${LOCALBASE}/sbin/mysqmail-postfix-logger:${PORTSDIR}/sysutils/mysqmail .endif block. A port for mysqmail has never existed.... Chris From: Kurt Jaeger To: Chris Rees Cc: bug-followup@freebsd.org, thomas@goirand.fr Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Sun, 4 Sep 2011 21:25:28 +0200 Hi! > Thanks a lot for the patch. I'm testing it, though I've removed two > incorrect changes (USE_APACHE to 2.2 and BROKEN_WITH_PHP). > > I'm also going to chop out the > > .if defined(WITH_MYSQMAIL) > RUN_DEPENDS+= > ${LOCALBASE}/sbin/mysqmail-postfix-logger:${PORTSDIR}/sysutils/mysqmail > .endif > > block. A port for mysqmail has never existed.... Thanks for the comments -- I've bounced it to thomas@goirand.fr as the author of the port. He'll fix it in the GIT, I hope. -- pi@opsec.eu +49 171 3101372 9 years to go ! State-Changed-From-To: open->feedback State-Changed-By: crees State-Changed-When: Mon Sep 5 19:08:46 UTC 2011 State-Changed-Why: Ask for maintainer fix. http://www.freebsd.org/cgi/query-pr.cgi?pr=159736 From: Chris Rees To: thomas@goirand.fr, Kurt Jaeger , bug-followup@freebsd.org Cc: Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Mon, 5 Sep 2011 20:07:55 +0100 Hey, Hm, it appears that there are pkg-plist issues... Please would you investig= ate? http://www.bayofrum.net/tb/index.php?action=3Ddisplay_markup_log&build=3D7.= 4-local&id=3D1384#510 Chris --=20 Chris Rees =A0 =A0 =A0 =A0 =A0| FreeBSD Developer crees@FreeBSD.org =A0 | http://people.freebsd.org/~crees From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/159736: commit references a PR Date: Fri, 16 Sep 2011 18:41:55 +0000 (UTC) crees 2011-09-16 18:35:48 UTC FreeBSD ports repository Modified files: sysutils/dtc Makefile Log: New maintainer, undeprecate so it doesn't get removed too hastily. PR: ports/159736 Revision Changes Path 1.40 +1 -3 ports/sysutils/dtc/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From: Chris Rees To: bug-followup@FreeBSD.org, thomas@goirand.fr, Kurt Jaeger Cc: Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Sat, 17 Sep 2011 08:22:11 +0100 Ah, I've investigated and it turns out the problem is using SUB_LIST= WWWDIR=${WWWDIR}, which gives an absolute path rather than PREFIX_REL path. Since WWWDIR is in PLIST_SUB anyway I've just chopped that line out and added the missing man page to MAN8. Should be committed later if it passes testing! Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From: Thomas Goirand To: Chris Rees , bug-followup@FreeBSD.org, Kurt Jaeger Cc: Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Sat, 17 Sep 2011 16:03:40 +0800 Hi, could this be committed to the project Git? The BSD port is generated, I fear things will be only in the BSD ports and it will reoccure at next release. Worst case, please send me a tar.gz of the port, so I can do a diff with what is generated. Also, sbox should be updated if possible, since it gives chroot capabilities to all virtualhosts. And dtc/admin/remount_aufs should also be adapted to any union filesystem available in FreeBSD if possible, plus a system to bootstrap a chroot system should be created. Cheers, thomas (from my mobile phone) ----- Original message ----- > Ah, I've investigated and it turns out the problem is using SUB_LIST= > WWWDIR=${WWWDIR}, which gives an absolute path rather than PREFIX_REL > path. Since WWWDIR is in PLIST_SUB anyway I've just chopped that line > out and added the missing man page to MAN8. > > Should be committed later if it passes testing! > > Chris > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > State-Changed-From-To: feedback->closed State-Changed-By: crees State-Changed-When: Sat Sep 17 17:33:09 UTC 2011 State-Changed-Why: Committed. Thanks! I've cloned the latest git, and a patch to the port generation code is at http://www.bayofrum.net/~crees/patches/dtc-generating-fixed.diff http://www.freebsd.org/cgi/query-pr.cgi?pr=159736 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/159736: commit references a PR Date: Sat, 17 Sep 2011 17:32:48 +0000 (UTC) crees 2011-09-17 17:32:34 UTC FreeBSD ports repository Modified files: sysutils/dtc Makefile distinfo pkg-descr pkg-message pkg-plist sysutils/dtc/files patch-Makefile Log: - Update to 0.34.2.1 - Remove FORBIDDEN; up to date - Add appropriate conflicts PR: ports/159736 Submitted by: Thomas Goirand (maintainer) Revision Changes Path 1.41 +6 -10 ports/sysutils/dtc/Makefile 1.11 +2 -2 ports/sysutils/dtc/distinfo 1.2 +8 -6 ports/sysutils/dtc/files/patch-Makefile 1.4 +3 -3 ports/sysutils/dtc/pkg-descr 1.2 +0 -2 ports/sysutils/dtc/pkg-message 1.9 +22 -116 ports/sysutils/dtc/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From: Kurt Jaeger To: Thomas Goirand Cc: Chris Rees , bug-followup@FreeBSD.org Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Tue, 20 Sep 2011 14:40:51 +0200 Hi! > could this be committed to the project Git? If you commit it ? I have no idea how to commit it to the git repository for dtc. > Also, sbox should be updated if possible, since it > gives chroot capabilities to all virtualhosts. And > dtc/admin/remount_aufs should also be adapted to > any union filesystem available in FreeBSD if > possible, plus a system to bootstrap a chroot > system should be created. What exactly do you mean with "sbox" ? Is it the software that is described on http://stein.cshl.org/software/sbox/ ? -- pi@opsec.eu +49 171 3101372 9 years to go ! From: Thomas Goirand To: Kurt Jaeger Cc: Chris Rees , bug-followup@FreeBSD.org Subject: Re: ports/159736: sysutils/dtc: many security issues Date: Tue, 20 Sep 2011 22:36:14 +0800 On 09/20/2011 08:40 PM, Kurt Jaeger wrote: > Hi! > >> could this be committed to the project Git? > > If you commit it ? I have no idea how to commit it to the git > repository for dtc. I just need a patch made with "git format-patch". But anyway, any diff file will be ok too, it just wont keep your authorship, that's the only problem. >> Also, sbox should be updated if possible, since it >> gives chroot capabilities to all virtualhosts. And >> dtc/admin/remount_aufs should also be adapted to >> any union filesystem available in FreeBSD if >> possible, plus a system to bootstrap a chroot >> system should be created. > > What exactly do you mean with "sbox" ? Is it the software that > is described on > > http://stein.cshl.org/software/sbox/ > > ? Well it's the same software, except that I did lots of modifications in it, so I guess my version could be called a fork now. Some of the additions are: - Reworked the PATH_TRANSLATED and PATH_INFO variables. - Reworked some of the logic in which things are executed. - Added support for a configuration file instead of build-time options. - Added support for interpreters instead of just starting the CGI. The project page is here, but there's not much there: http://www.gplhost.com/software-sboxdtc.html In FreeBSD, the port is in /usr/ports/www/sbox-dtc Thomas >Unformatted: