From nobody Mon Apr 29 10:34:26 2024 X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VSfpB6Dv0z5J2d6; Mon, 29 Apr 2024 10:34:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VSfpB5QWnz4mC3; Mon, 29 Apr 2024 10:34:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714386866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EuWTKEI2n+eFjbrOybTwJVRTp4JGkTl3SSKfFmdYHqA=; b=v4cTGsX40dKS7YviUemGfyO3DAYTRqb9aSj1WicaAbUS65F8HQaRljvVuIWy/uCPSUn7bI rjBAgw84xFsY78ilvxmQhmf4fz61hfku79FqmV8chNU2jssMoIBl/4tADHx26aRU5qsif8 oJ1G18Y4IbqtGiCz5iebZf/SEJzjf9KDv4JHkXnMnLkJuNjVCmLcPuVptk/NKZzI4xQmkq 88lyD6PJi1UzkfCZXmUAvHEa0YRD8luZ4mfoUR1+FrY6ZsmLTYnBgmlbzJk2isquBMcyyX LPzw6UN/5y5QeT2PC4rziF6f1dLmmSQJ3ywvT6rAfaGli0E0eJ/iGcf/KORB9g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714386866; a=rsa-sha256; cv=none; b=uCw2Aed+5Ym/XUrTXu8PPH5f/42FPXvpXShtnQPJTGs/B0Ikai0hmb7HZh7twrEEPW6D8q wDFt9gLxwEVhCrNivoB8+plx2+Pv8x3hmmim0VuXXArKU/7YyZaBdRXrr4d+8Juh1PCufi iDNeXw4VuDyBF7rz3BJOqaULSB6XuokTTLUL1BEp+qTlC16Z3L/2S4/ouibfXrZPdOLwSJ 2Fmx5/RyNS9yt0kvNvOMiDTEYcRXZgGCMmvrh7hHSaIrYT5qUhsHYEDRQRLBDBdzbgwk0P /tYQmxxJT5S3zcyoh3lGt/Za/EqkqdpkLE8Lt4KMdMiznLYZqH3CRufCLLp75w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714386866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EuWTKEI2n+eFjbrOybTwJVRTp4JGkTl3SSKfFmdYHqA=; b=LZwFqt+l379EECfXqULOoPecq4dUF1Q3zs1GVjDDOov3yGW3RKYmbpdLyVjXH5IbAn2Ae7 NQ9+VhOs4u8AfbnzkSQBX9KKTmLL6Qs4kPqaeghe3oMRqabT3pxDeo0kFwDG4Iz01PaGJI agWgef1d2C1yEmj9MOCOVgQmpoJ4BepDEGSu/bKOtbsViPI1JNRWtyypUujMh4jTRaFOEh zROuZPBmsP3C66sgQzRkkqPGym3Kmy100jT1HlcMvQM/Xjnad/cOeNcUMCs0OqK53PBNZB pPxVBmEw5oDGaXNPtPuOL7/jov8Gs0+0VcA13hblf35kEo7A4s+5wSH+f6gY5Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VSfpB4wSNz15R1; Mon, 29 Apr 2024 10:34:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43TAYQeS071529; Mon, 29 Apr 2024 10:34:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43TAYQZD071522; Mon, 29 Apr 2024 10:34:26 GMT (envelope-from git) Date: Mon, 29 Apr 2024 10:34:26 GMT Message-Id: <202404291034.43TAYQZD071522@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Vladimir Druzenko Subject: git: 1492fce2c6ad - 2024Q2 - www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889) List-Id: Commits to the quarterly branches of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-branches@freebsd.org Sender: owner-dev-commits-ports-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: vvd X-Git-Repository: ports X-Git-Refname: refs/heads/2024Q2 X-Git-Reftype: branch X-Git-Commit: 1492fce2c6ad1c5b069735ed1fbc83bfe5fc5399 Auto-Submitted: auto-generated The branch 2024Q2 has been updated by vvd: URL: https://cgit.FreeBSD.org/ports/commit/?id=1492fce2c6ad1c5b069735ed1fbc83bfe5fc5399 commit 1492fce2c6ad1c5b069735ed1fbc83bfe5fc5399 Author: Mathias Monnerville AuthorDate: 2024-04-29 10:16:57 +0000 Commit: Vladimir Druzenko CommitDate: 2024-04-29 10:34:09 +0000 www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889) Mostly a security release (2 high severity security fixes). ChangeLog: https://github.com/glpi-project/glpi/releases/tag/10.0.15 This release fixes a few security issues that have been recently discovered. Update is recommended! You will find below the list of security issues fixed in this bugfixes version: * [SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456) * [SECURITY - high] Account takeover via SQL Injection in saved searches feature (CVE-2024-29889) Also, here is a short list of main changes done in this version: * [FIX] Fix used right by reservation form. * [FIX] Do not rely on input to apply rules rights. * [FIX] Always store updated SMTP Oauth refresh token. * [TASK] Upgrade tinymce. PR: 278641 MFH: 2024Q2 (cherry picked from commit 35c59aa6e4e0930a98b482bfc3594ec9cd53bf19) --- www/glpi/Makefile | 2 +- www/glpi/distinfo | 6 +++--- www/glpi/pkg-plist | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 56 insertions(+), 5 deletions(-) diff --git a/www/glpi/Makefile b/www/glpi/Makefile index 7aa869f641ba..6d17e54cf093 100644 --- a/www/glpi/Makefile +++ b/www/glpi/Makefile @@ -1,5 +1,5 @@ PORTNAME= glpi -PORTVERSION= 10.0.14 +PORTVERSION= 10.0.15 PORTEPOCH= 1 CATEGORIES= www MASTER_SITES= https://github.com/glpi-project/glpi/releases/download/${PORTVERSION}/ diff --git a/www/glpi/distinfo b/www/glpi/distinfo index 0b85cf397454..729d25574dea 100644 --- a/www/glpi/distinfo +++ b/www/glpi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1711956961 -SHA256 (glpi-10.0.14.tgz) = 69c7503c453a85ef47b47cbf08d3ebe8cb8bfe0d45f6aeb32d58c10321e911f5 -SIZE (glpi-10.0.14.tgz) = 59541870 +TIMESTAMP = 1714325306 +SHA256 (glpi-10.0.15.tgz) = 8ce94c1403c1143a5b503f18f7b7b9a5d29e83489fc81cc7287b719df0b97236 +SIZE (glpi-10.0.15.tgz) = 59757265 diff --git a/www/glpi/pkg-plist b/www/glpi/pkg-plist index 2833fd3d9738..f8fefb667c40 100644 --- a/www/glpi/pkg-plist +++ b/www/glpi/pkg-plist @@ -711,6 +711,7 @@ %%WWWDIR%%/front/item_device.common.form.php %%WWWDIR%%/front/item_device.php %%WWWDIR%%/front/item_devicebattery.form.php +%%WWWDIR%%/front/item_devicecamera.form.php %%WWWDIR%%/front/item_devicecase.form.php %%WWWDIR%%/front/item_devicecontrol.form.php %%WWWDIR%%/front/item_devicedrive.form.php @@ -1187,6 +1188,8 @@ %%WWWDIR%%/install/migrations/update_10.0.12_to_10.0.13.php %%WWWDIR%%/install/migrations/update_10.0.12_to_10.0.13/configs.php %%WWWDIR%%/install/migrations/update_10.0.12_to_10.0.13/location.php +%%WWWDIR%%/install/migrations/update_10.0.14_to_10.0.15.php +%%WWWDIR%%/install/migrations/update_10.0.14_to_10.0.15/user.php %%WWWDIR%%/install/migrations/update_10.0.1_to_10.0.2.php %%WWWDIR%%/install/migrations/update_10.0.1_to_10.0.2/agent.php %%WWWDIR%%/install/migrations/update_10.0.1_to_10.0.2/configs.php @@ -1203,6 +1206,7 @@ %%WWWDIR%%/install/migrations/update_10.0.3_to_10.0.4/inventory.php %%WWWDIR%%/install/migrations/update_10.0.3_to_10.0.4/ticket.php %%WWWDIR%%/install/migrations/update_10.0.4_to_10.0.5.php +%%WWWDIR%%/install/migrations/update_10.0.4_to_10.0.5/items_disks.php %%WWWDIR%%/install/migrations/update_10.0.5_to_10.0.6.php %%WWWDIR%%/install/migrations/update_10.0.5_to_10.0.6/appliance.php %%WWWDIR%%/install/migrations/update_10.0.5_to_10.0.6/blacklist.php @@ -1360,6 +1364,7 @@ %%WWWDIR%%/install/mysql/glpi-10.0.11-empty.sql %%WWWDIR%%/install/mysql/glpi-10.0.12-empty.sql %%WWWDIR%%/install/mysql/glpi-10.0.13-empty.sql +%%WWWDIR%%/install/mysql/glpi-10.0.14-empty.sql %%WWWDIR%%/install/mysql/glpi-10.0.2-empty.sql %%WWWDIR%%/install/mysql/glpi-10.0.3-empty.sql %%WWWDIR%%/install/mysql/glpi-10.0.4-empty.sql @@ -2544,49 +2549,93 @@ %%WWWDIR%%/public/lib/tinymce.js.map %%WWWDIR%%/public/lib/tinymce.min.js %%WWWDIR%%/public/lib/tinymce/skins/content/dark/content.css +%%WWWDIR%%/public/lib/tinymce/skins/content/dark/content.js %%WWWDIR%%/public/lib/tinymce/skins/content/dark/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/content/dark/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/content/default/content.css +%%WWWDIR%%/public/lib/tinymce/skins/content/default/content.js %%WWWDIR%%/public/lib/tinymce/skins/content/default/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/content/default/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/content/document/content.css +%%WWWDIR%%/public/lib/tinymce/skins/content/document/content.js %%WWWDIR%%/public/lib/tinymce/skins/content/document/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/content/document/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5-dark/content.css +%%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5-dark/content.js %%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5-dark/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5-dark/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5/content.css +%%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5/content.js %%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/content/tinymce-5/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/content/writer/content.css +%%WWWDIR%%/public/lib/tinymce/skins/content/writer/content.js %%WWWDIR%%/public/lib/tinymce/skins/content/writer/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/content/writer/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.css %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.inline.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.inline.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.inline.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.inline.min.js +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.shadowdom.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.shadowdom.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.shadowdom.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide-dark/skin.shadowdom.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.css %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.inline.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.inline.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.inline.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.inline.min.js +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.shadowdom.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.shadowdom.js %%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.shadowdom.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/oxide/skin.shadowdom.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.css %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.inline.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.inline.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.inline.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.inline.min.js +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.shadowdom.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.shadowdom.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.shadowdom.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5-dark/skin.shadowdom.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.css %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.inline.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.inline.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.inline.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.inline.min.js +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/content.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.min.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.shadowdom.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.shadowdom.js %%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.shadowdom.min.css +%%WWWDIR%%/public/lib/tinymce/skins/ui/tinymce-5/skin.shadowdom.min.js %%WWWDIR%%/resources/.htaccess %%WWWDIR%%/resources/Rules/RuleAsset.xml %%WWWDIR%%/resources/Rules/RuleDictionnaryOperatingSystem.xml @@ -3099,6 +3148,7 @@ %%WWWDIR%%/src/Lockedfield.php %%WWWDIR%%/src/Log.php %%WWWDIR%%/src/Mail/Protocol/ProtocolInterface.php +%%WWWDIR%%/src/Mail/SMTP/OAuthTokenProvider.php %%WWWDIR%%/src/Mail/SMTP/OauthConfig.php %%WWWDIR%%/src/Mail/SMTP/OauthProvider/Azure.php %%WWWDIR%%/src/Mail/SMTP/OauthProvider/Google.php @@ -6617,7 +6667,7 @@ %%WWWDIR%%/vendor/webmozart/assert/src/Assert.php %%WWWDIR%%/vendor/webmozart/assert/src/InvalidArgumentException.php %%WWWDIR%%/vendor/webmozart/assert/src/Mixin.php -%%WWWDIR%%/version/10.0.14 +%%WWWDIR%%/version/10.0.15 @dir %%WWWDIR%%/ajax @dir %%WWWDIR%%/bin @dir %%WWWDIR%%/config @@ -6694,6 +6744,7 @@ @dir %%WWWDIR%%/install/migrations/update_10.0.10_to_10.0.11 @dir %%WWWDIR%%/install/migrations/update_10.0.11_to_10.0.12 @dir %%WWWDIR%%/install/migrations/update_10.0.12_to_10.0.13 +@dir %%WWWDIR%%/install/migrations/update_10.0.14_to_10.0.15 @dir %%WWWDIR%%/install/migrations/update_10.0.1_to_10.0.2 @dir %%WWWDIR%%/install/migrations/update_10.0.2_to_10.0.3 @dir %%WWWDIR%%/install/migrations/update_10.0.3_to_10.0.4