Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Aug 2012 11:40:20 +0000 (UTC)
From:      Jase Thew <jase@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r303369 - in head: security/vuxml www/coppermine
Message-ID:  <201208301140.q7UBeKHa034001@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jase
Date: Thu Aug 30 11:40:20 2012
New Revision: 303369
URL: http://svn.freebsd.org/changeset/ports/303369

Log:
  - Update to 1.5.20
  - Update MASTER_SITES
  - Convert to optionsNG and add DOCS option
  - Document security vulnerabilities [1]
  
  PR:		ports/169558
  Requested by:	Alexey <alexey@kouznetsov.com> (submitter)
  Security:	6dd5e45c-f084-11e1-8d0f-406186f3d89d [1]
  Approved by:	flo (mentor)

Modified:
  head/security/vuxml/vuln.xml
  head/www/coppermine/Makefile   (contents, props changed)
  head/www/coppermine/distinfo   (contents, props changed)

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Aug 30 10:54:49 2012	(r303368)
+++ head/security/vuxml/vuln.xml	Thu Aug 30 11:40:20 2012	(r303369)
@@ -51,6 +51,40 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="6dd5e45c-f084-11e1-8d0f-406186f3d89d">
+    <topic>coppermine -- Multiple vulnerabilites</topic>
+    <affects>
+      <package>
+	<name>coppermine</name>
+	<range><lt>1.5.20</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The Coppermine Team reports:</p>
+	<blockquote cite="http://forum.coppermine-gallery.net/index.php/topic,74682.0.html">;
+	  <p>The release covers several path disclosure vulnerabilities. If 
+	    unpatched, it's possible to generate an error that will reveal the 
+	    full path of the script. A remote user can determine the full path 
+	    to the web root directory and other potentially sensitive 
+	    information. Furthermore, the release covers a recently discovered 
+	    XSS vulnerability that allows (if unpatched) a malevolent visitor to 
+	    include own script routines under certain conditions.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2012-1613</cvename>
+      <cvename>CVE-2012-1614</cvename>
+      <mlist>http://seclists.org/oss-sec/2012/q2/11</mlist>;
+      <url>http://forum.coppermine-gallery.net/index.php/topic,74682.0.html</url>;
+    </references>
+    <dates>
+      <discovery>2012-03-29</discovery>
+      <entry>2012-08-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="16846d1e-f1de-11e1-8bd8-0022156e8794">
     <topic>Java 1.7 -- security manager bypass</topic>
     <affects>

Modified: head/www/coppermine/Makefile
==============================================================================
--- head/www/coppermine/Makefile	Thu Aug 30 10:54:49 2012	(r303368)
+++ head/www/coppermine/Makefile	Thu Aug 30 11:40:20 2012	(r303369)
@@ -6,15 +6,16 @@
 #
 
 PORTNAME=	coppermine
-PORTVERSION=	1.5.18
+PORTVERSION=	1.5.20
 CATEGORIES=	www
-MASTER_SITES=	SF/${PORTNAME}/Coppermine/${PORTVERSION:R}.x/
+MASTER_SITES=	SF/eenemeenemuu.u
 DISTNAME=	cpg${PORTVERSION}
 
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	A web picture gallery script
 
-OPTIONS=	IMAGEMAGICK "Use ImageMagick instead of php5-gd" off
+OPTIONS_DEFINE=	DOCS IMAGEMAGICK
+IMAGEMAGICK_DESC=	Use ImageMagick instead of PHP GD extension
 
 USE_PHP=	mysql pcre
 USE_ZIP=	yes
@@ -28,8 +29,8 @@ SUB_FILES+=	pkg-message
 
 .include <bsd.port.options.mk>
 
-.if defined (WITH_IMAGEMAGICK)
-RUN_DEPENDS+=	${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick
+.if ${PORT_OPTIONS:MIMAGEMAGICK}
+RUN_DEPENDS+=	convert:${PORTSDIR}/graphics/ImageMagick
 .else
 USE_PHP+=	gd
 .endif
@@ -37,14 +38,14 @@ USE_PHP+=	gd
 pre-everything::
 	@${ECHO_MSG} ""
 	@${ECHO_MSG} "By default, coppermine depends on PHP with GD support."
-	@${ECHO_MSG} "You may define WITH_IMAGEMAGICK to depend on ImageMagick instead of GD."
+	@${ECHO_MSG} "You may select IMAGEMAGICK to depend on ImageMagick instead of GD."
 	@${ECHO_MSG} ""
 
 post-extract:
 	@${CHMOD} -R o-w ${WRKSRC}/
 
 do-install:
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
 	${MKDIR} ${DOCSDIR}/
 	@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCFILES} ${DOCSDIR}
 .endif

Modified: head/www/coppermine/distinfo
==============================================================================
--- head/www/coppermine/distinfo	Thu Aug 30 10:54:49 2012	(r303368)
+++ head/www/coppermine/distinfo	Thu Aug 30 11:40:20 2012	(r303369)
@@ -1,2 +1,2 @@
-SHA256 (cpg1.5.18.zip) = 58255ee376daae3592bb3118701119a5e2388a99a736e98c72f62ec53391fbe8
-SIZE (cpg1.5.18.zip) = 19035430
+SHA256 (cpg1.5.20.zip) = f5388d6fa0952f4aba8f51ae9f86c7f916c432831e02050c27d27737cececcf5
+SIZE (cpg1.5.20.zip) = 19122378



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208301140.q7UBeKHa034001>