That package is really old and unsupported, and I don't plan on continue maintaining it. The best thing we can do is to drop it.

We can certainly drop it in Cauldron, but we still have it in Mageia 5.  Could you try to track down the patch for this?

I'm sorry, I currently don't have the time to do it.

Done!

cakephp-1.3.13 is now fixed for Cauldron and mag5 too.

CC: (none) => geiger.david68210

Thanks David!

Advisory:
========================

Updated cakephp packages fix security vulnerability:

CakePHP, an open-source web application framework for PHP, was vulnerable to
SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for
at least DoS (Denial of Service) attacks, if the target application accepts
XML as an input. It is caused by insecure design of Cake's Xml class.

References:
http://lwn.net/Alerts/661886/
========================

Updated packages in core/updates_testing:
========================
cakephp-1.3.13-5.1.mga5
cakephp-cli-1.3.13-5.1.mga5

from cakephp-1.3.13-5.1.mga5.src.rpm

Version: Cauldron => 5
Assignee: juan.baptiste => qa-bugs
Whiteboard: MGA5TOO => (none)

Tried running cake after installing.

[brian@localhost ~]$ /bin/cake server
PHP Strict Standards:  Redefining already defined constructor for class Object in /usr/share/php/cakephp/cake/libs/object.php on line 54

Strict Standards: Redefining already defined constructor for class Object in /usr/share/php/cakephp/cake/libs/object.php on line 54
PHP Warning:  include_once(/usr/share/php/cakephp/cake/console/templates/skel/config/core.php): failed to open stream: No such file or directory in /usr/share/php/cakephp/cake/console/cake.php on line 273

Warning: include_once(/usr/share/php/cakephp/cake/console/templates/skel/config/core.php): failed to open stream: No such file or directory in /usr/share/php/cakephp/cake/console/cake.php on line 273
PHP Warning:  include_once(): Failed opening '/usr/share/php/cakephp/cake/console/templates/skel/config/core.php' for inclusion (include_path='.:/usr/lib64/php/:/usr/share/pear/:/usr/share/php/') in /usr/share/php/cakephp/cake/console/cake.php on line 273

Warning: include_once(): Failed opening '/usr/share/php/cakephp/cake/console/templates/skel/config/core.php' for inclusion (include_path='.:/usr/lib64/php/:/usr/share/pear/:/usr/share/php/') in /usr/share/php/cakephp/cake/console/cake.php on line 273
PHP Strict Standards:  Non-static method App::import() should not be called statically in /usr/share/php/cakephp/cake/basics.php on line 682

Strict Standards: Non-static method App::import() should not be called statically in /usr/share/php/cakephp/cake/basics.php on line 682
PHP Strict Standards:  Non-static method App::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/configure.php on line 917

Strict Standards: Non-static method App::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/configure.php on line 917
PHP Strict Standards:  Non-static method Inflector::underscore() should not be called statically in /usr/share/php/cakephp/cake/libs/configure.php on line 948

Strict Standards: Non-static method Inflector::underscore() should not be called statically in /usr/share/php/cakephp/cake/libs/configure.php on line 948
PHP Strict Standards:  Non-static method Inflector::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/inflector.php on line 518

Strict Standards: Non-static method Inflector::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/inflector.php on line 518
PHP Strict Standards:  Non-static method I18n::translate() should not be called statically in /usr/share/php/cakephp/cake/basics.php on line 688

Strict Standards: Non-static method I18n::translate() should not be called statically in /usr/share/php/cakephp/cake/basics.php on line 688
PHP Strict Standards:  Non-static method I18n::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 122

Strict Standards: Non-static method I18n::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 122
PHP Strict Standards:  Non-static method Configure::read() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 134

Strict Standards: Non-static method Configure::read() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 134
PHP Strict Standards:  Non-static method Configure::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/configure.php on line 163

Strict Standards: Non-static method Configure::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/configure.php on line 163
PHP Strict Standards:  Non-static method Cache::read() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 152

Strict Standards: Non-static method Cache::read() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 152
PHP Strict Standards:  Non-static method Cache::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/cache.php on line 345

Strict Standards: Non-static method Cache::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/cache.php on line 345
PHP Strict Standards:  Non-static method Cache::write() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 157

Strict Standards: Non-static method Cache::write() should not be called statically in /usr/share/php/cakephp/cake/libs/i18n.php on line 157
PHP Strict Standards:  Non-static method Cache::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/cache.php on line 299

Strict Standards: Non-static method Cache::getInstance() should not be called statically in /usr/share/php/cakephp/cake/libs/cache.php on line 299
Error: Class ServerShell could not be loaded.


something didn't go well.  maybe I didn't follow the installation from the cake project.  

Any thoughts?

Brian

CC: (none) => brtians1

Testing mga5 32

Same errors as Brian. Found no core.php file exists in the cakephp packages.

Tried with several 'cake' commands from the help cake server, cake testsuite. Others seem to do something after returning the errors, eg cake console does give a console.

Adding feedback for now.

Whiteboard: advisory => advisory feedback

Assigning back to David, see issues above.

CC: (none) => qa-bugs
Assignee: qa-bugs => geiger.david68210
Whiteboard: advisory feedback => advisory

cakephp is now dropped from Cauldron.

Updated to 1.3.21, hopefully it will fix the issues.

Please update the package version in the advisory in SVN.

Updated packages in core/updates_testing:
========================
cakephp-1.3.21-1.mga5
cakephp-cli-1.3.21-1.mga5

from cakephp-1.3.21-1.mga5.src.rpm

CC: qa-bugs => (none)
Assignee: geiger.david68210 => qa-bugs
Whiteboard: advisory => (none)

Trying M5 x64

Installed cakephp & cakephp-cli from issued repos. Trying
 $ cake <nothing or anything valid>
yielded piles of error output in the style of Comment 6, but normally terminating in a sensible display.

Updated to
 cakephp-cli-1.3.21-1.mga5
 cakephp-1.3.21-1.mga5
gave an improvement, but the reduced errors still indicate as per Comment 7 a lack of 'core.php':
PHP Warning:  include_once(/usr/share/php/cakephp/cake/console/templates/skel/config/core.php): failed to open stream: No such file or directory in /usr/share/php/cakephp/cake/console/cake.php on line 273

Warning: include_once(/usr/share/php/cakephp/cake/console/templates/skel/config/core.php): failed to open stream: No such file or directory in /usr/share/php/cakephp/cake/console/cake.php on line 273
PHP Warning:  include_once(): Failed opening '/usr/share/php/cakephp/cake/console/templates/skel/config/core.php' for inclusion (include_path='.:/usr/lib64/php/:/usr/share/pear/:/usr/share/php/') in /usr/share/php/cakephp/cake/console/cake.php on line 273

Warning: include_once(): Failed opening '/usr/share/php/cakephp/cake/console/templates/skel/config/core.php' for inclusion (include_path='.:/usr/lib64/php/:/usr/share/pear/:/usr/share/php/') in /usr/share/php/cakephp/cake/console/cake.php on line 273
[3;J

Welcome to CakePHP v1.3.21 Console
---------------------------------------------------------------
etc, OK

 $ cake console
does indeed give a valid cake console prompt after the garbage.

 $ cake testsuite
concludes after the garbage:
"Sorry, Simpletest could not be found. Download it from http://simpletest.org and install it to your vendors directory."
which looks useful; but what/where is the 'vendors directory'?

This certainly looks better. Can DavidG comment on the residual error?

CC: (none) => lewyssmith

OK, packaging issues here, as it doesn't install all of the files from the tarball.  I've told it to install the templates directory that has the core.php that it was looking for, so that should be fixed now.

As for simpletest.php, the package already does install that file (you can use "rpm -ql cakephp" to find it), but it's not in one of the vendors directories.  There are several vendors directories (which you can also find by listing the RPM's files), so you'll have to try and figure out which one it wants you to copy it into for that test to work.

Updated packages in core/updates_testing:
========================
cakephp-1.3.21-2.mga5
cakephp-cli-1.3.21-2.mga5

from cakephp-1.3.21-2.mga5.src.rpm

x64 continued.
Updated to:
 cakephp-cli-1.3.21-2.mga5
 cakephp-1.3.21-2.mga5
Thanks David, much better. The main errors have gone. All the cake <shell> commands seem sensible, with caveats:
- They all start O/P with a junk line "[3;J".
- There is an error
"PHP Warning:  /home/lewis/tmp/cache/ is not writable in /usr/share/php/cakephp/cake/libs/cache/file.php on line 281

Warning: /home/lewis/tmp/cache/ is not writable in /usr/share/php/cakephp/cake/libs/cache/file.php on line 281"
Which I resolved simply by
 $ mkdir tmp/cache
but should this be necessary?

There are several vendor application test directories, which might be directly useable. To see.

(In reply to Lewis Smith from comment #13)
> but should this be necessary?

If you're using it from the command line, I guess so.

Trying M5 x64
Another doubt. Cake Server is not present: should it be?
$ cake
[3;J

Welcome to CakePHP v1.3.21 Console
---------------------------------------------------------------
Current Paths:
 -app: lewis
 -working: /home/lewis
 -root: /home
 -core: /usr/share/php/cakephp
...
Available Shells:
 acl [CORE]                             i18n [CORE]                            
 api [CORE]                             schema [CORE]                          
 bake [CORE]                            testsuite [CORE]                       
 console [CORE]                         

$ cake server
Error: Class ServerShell could not be loaded.

M5 x64
In the absence of feedback about the missing 'Server', and considering the greatly improved general behaviour, I am OKing this update. Feel free to countermand that.

Whiteboard: advisory => advisory MGA5-64-OK

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0044.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED