Date: Thu, 30 Aug 2012 11:40:20 +0000 (UTC) From: Jase Thew <jase@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r303369 - in head: security/vuxml www/coppermine Message-ID: <201208301140.q7UBeKHa034001@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jase Date: Thu Aug 30 11:40:20 2012 New Revision: 303369 URL: http://svn.freebsd.org/changeset/ports/303369 Log: - Update to 1.5.20 - Update MASTER_SITES - Convert to optionsNG and add DOCS option - Document security vulnerabilities [1] PR: ports/169558 Requested by: Alexey <alexey@kouznetsov.com> (submitter) Security: 6dd5e45c-f084-11e1-8d0f-406186f3d89d [1] Approved by: flo (mentor) Modified: head/security/vuxml/vuln.xml head/www/coppermine/Makefile (contents, props changed) head/www/coppermine/distinfo (contents, props changed) Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Aug 30 10:54:49 2012 (r303368) +++ head/security/vuxml/vuln.xml Thu Aug 30 11:40:20 2012 (r303369) @@ -51,6 +51,40 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="6dd5e45c-f084-11e1-8d0f-406186f3d89d"> + <topic>coppermine -- Multiple vulnerabilites</topic> + <affects> + <package> + <name>coppermine</name> + <range><lt>1.5.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Coppermine Team reports:</p> + <blockquote cite="http://forum.coppermine-gallery.net/index.php/topic,74682.0.html">; + <p>The release covers several path disclosure vulnerabilities. If + unpatched, it's possible to generate an error that will reveal the + full path of the script. A remote user can determine the full path + to the web root directory and other potentially sensitive + information. Furthermore, the release covers a recently discovered + XSS vulnerability that allows (if unpatched) a malevolent visitor to + include own script routines under certain conditions.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1613</cvename> + <cvename>CVE-2012-1614</cvename> + <mlist>http://seclists.org/oss-sec/2012/q2/11</mlist>; + <url>http://forum.coppermine-gallery.net/index.php/topic,74682.0.html</url>; + </references> + <dates> + <discovery>2012-03-29</discovery> + <entry>2012-08-30</entry> + </dates> + </vuln> + <vuln vid="16846d1e-f1de-11e1-8bd8-0022156e8794"> <topic>Java 1.7 -- security manager bypass</topic> <affects> Modified: head/www/coppermine/Makefile ============================================================================== --- head/www/coppermine/Makefile Thu Aug 30 10:54:49 2012 (r303368) +++ head/www/coppermine/Makefile Thu Aug 30 11:40:20 2012 (r303369) @@ -6,15 +6,16 @@ # PORTNAME= coppermine -PORTVERSION= 1.5.18 +PORTVERSION= 1.5.20 CATEGORIES= www -MASTER_SITES= SF/${PORTNAME}/Coppermine/${PORTVERSION:R}.x/ +MASTER_SITES= SF/eenemeenemuu.u DISTNAME= cpg${PORTVERSION} MAINTAINER= ports@FreeBSD.org COMMENT= A web picture gallery script -OPTIONS= IMAGEMAGICK "Use ImageMagick instead of php5-gd" off +OPTIONS_DEFINE= DOCS IMAGEMAGICK +IMAGEMAGICK_DESC= Use ImageMagick instead of PHP GD extension USE_PHP= mysql pcre USE_ZIP= yes @@ -28,8 +29,8 @@ SUB_FILES+= pkg-message .include <bsd.port.options.mk> -.if defined (WITH_IMAGEMAGICK) -RUN_DEPENDS+= ${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick +.if ${PORT_OPTIONS:MIMAGEMAGICK} +RUN_DEPENDS+= convert:${PORTSDIR}/graphics/ImageMagick .else USE_PHP+= gd .endif @@ -37,14 +38,14 @@ USE_PHP+= gd pre-everything:: @${ECHO_MSG} "" @${ECHO_MSG} "By default, coppermine depends on PHP with GD support." - @${ECHO_MSG} "You may define WITH_IMAGEMAGICK to depend on ImageMagick instead of GD." + @${ECHO_MSG} "You may select IMAGEMAGICK to depend on ImageMagick instead of GD." @${ECHO_MSG} "" post-extract: @${CHMOD} -R o-w ${WRKSRC}/ do-install: -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR}/ @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCFILES} ${DOCSDIR} .endif Modified: head/www/coppermine/distinfo ============================================================================== --- head/www/coppermine/distinfo Thu Aug 30 10:54:49 2012 (r303368) +++ head/www/coppermine/distinfo Thu Aug 30 11:40:20 2012 (r303369) @@ -1,2 +1,2 @@ -SHA256 (cpg1.5.18.zip) = 58255ee376daae3592bb3118701119a5e2388a99a736e98c72f62ec53391fbe8 -SIZE (cpg1.5.18.zip) = 19035430 +SHA256 (cpg1.5.20.zip) = f5388d6fa0952f4aba8f51ae9f86c7f916c432831e02050c27d27737cececcf5 +SIZE (cpg1.5.20.zip) = 19122378
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208301140.q7UBeKHa034001>