[Bug 284572] www/matomo: update to 5.2.2 (fixes security vulnerability)

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 04 Feb 2025 18:09:24 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284572

            Bug ID: 284572
           Summary: www/matomo: update to 5.2.2 (fixes security
                    vulnerability)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: joneum@FreeBSD.org
          Reporter: marko.cupac@mimar.rs
             Flags: maintainer-feedback?(joneum@FreeBSD.org)
          Assignee: joneum@FreeBSD.org

Created attachment 257230
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=257230&action=edit
matomo update to 5.2.2

Hi,

I updated www/matomo port to 5.2.2:
https://matomo.org/changelog/matomo-5-2-2/

According to announcement, "Matomo 5.2.2 is a patch release that includes
several high-impact security fixes. These fixes are essential to maintaining
the integrity and security of your analytics platform. We strongly advise
upgrading as soon as possible to benefit from these critical security
enhancements and keep your Matomo installation secure."

Summary of port changes:
- changed PKGNAMEPREFIX to PKGNAMESUFFIX. PKGNAMEPREFIX is for php modules such
as php83-gd, php83-ldap or php83-xml. PKGNAMESUFFIX is for applications such as
nextcloud-php83, phpmyadmin5-php or roundcube-php83.
- removed unneeded line in Makefile for creating /tmp/cache/tracker, replaced
by @dir(%%WWWOWN%%,%%WWWGRP%%,) %%WWWDIR%%/tmp in pkg-plist.
- All pkg-plist records containing (%%WWWOWN%%,%%WWWGRP%%,) moved to top of
list for better visibility, as well as empty folders with default ownership.

I tested upgrade by:
- backing up config.ini.php
- deleting matomo package, rm -rf www/matomo
- installing new package
- restoring config.ini.php

Everythying worked out of the box, except for system check error about
"required private directories" which links to:
https://matomo.org/faq/troubleshooting/how-do-i-fix-the-error-private-directories-are-accessible/

I had to run:

$ cd /usr/local/www/matomo
$ sudo -u www php console core:create-security-files

(perhaps if I waited some more cron would have created them)

-- 
You are receiving this mail because:
You are the assignee for the bug.