From owner-svn-ports-head@FreeBSD.ORG Thu Aug 30 11:40:21 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFED1106564A; Thu, 30 Aug 2012 11:40:20 +0000 (UTC) (envelope-from jase@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id DA3368FC18; Thu, 30 Aug 2012 11:40:20 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7UBeK2w034006; Thu, 30 Aug 2012 11:40:20 GMT (envelope-from jase@svn.freebsd.org) Received: (from jase@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7UBeKHa034001; Thu, 30 Aug 2012 11:40:20 GMT (envelope-from jase@svn.freebsd.org) Message-Id: <201208301140.q7UBeKHa034001@svn.freebsd.org> From: Jase Thew Date: Thu, 30 Aug 2012 11:40:20 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r303369 - in head: security/vuxml www/coppermine X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2012 11:40:21 -0000 Author: jase Date: Thu Aug 30 11:40:20 2012 New Revision: 303369 URL: http://svn.freebsd.org/changeset/ports/303369 Log: - Update to 1.5.20 - Update MASTER_SITES - Convert to optionsNG and add DOCS option - Document security vulnerabilities [1] PR: ports/169558 Requested by: Alexey (submitter) Security: 6dd5e45c-f084-11e1-8d0f-406186f3d89d [1] Approved by: flo (mentor) Modified: head/security/vuxml/vuln.xml head/www/coppermine/Makefile (contents, props changed) head/www/coppermine/distinfo (contents, props changed) Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Aug 30 10:54:49 2012 (r303368) +++ head/security/vuxml/vuln.xml Thu Aug 30 11:40:20 2012 (r303369) @@ -51,6 +51,40 @@ Note: Please add new entries to the beg --> + + coppermine -- Multiple vulnerabilites + + + coppermine + 1.5.20 + + + + +

The Coppermine Team reports:

+
The release covers several path disclosure vulnerabilities. If + unpatched, it's possible to generate an error that will reveal the + full path of the script. A remote user can determine the full path + to the web root directory and other potentially sensitive + information. Furthermore, the release covers a recently discovered + XSS vulnerability that allows (if unpatched) a malevolent visitor to + include own script routines under certain conditions.
+

+ + + + CVE-2012-1613 + CVE-2012-1614 + http://seclists.org/oss-sec/2012/q2/11 + http://forum.coppermine-gallery.net/index.php/topic,74682.0.html + + + 2012-03-29 + 2012-08-30 + + + Java 1.7 -- security manager bypass Modified: head/www/coppermine/Makefile ============================================================================== --- head/www/coppermine/Makefile Thu Aug 30 10:54:49 2012 (r303368) +++ head/www/coppermine/Makefile Thu Aug 30 11:40:20 2012 (r303369) @@ -6,15 +6,16 @@ # PORTNAME= coppermine -PORTVERSION= 1.5.18 +PORTVERSION= 1.5.20 CATEGORIES= www -MASTER_SITES= SF/${PORTNAME}/Coppermine/${PORTVERSION:R}.x/ +MASTER_SITES= SF/eenemeenemuu.u DISTNAME= cpg${PORTVERSION} MAINTAINER= ports@FreeBSD.org COMMENT= A web picture gallery script -OPTIONS= IMAGEMAGICK "Use ImageMagick instead of php5-gd" off +OPTIONS_DEFINE= DOCS IMAGEMAGICK +IMAGEMAGICK_DESC= Use ImageMagick instead of PHP GD extension USE_PHP= mysql pcre USE_ZIP= yes @@ -28,8 +29,8 @@ SUB_FILES+= pkg-message .include -.if defined (WITH_IMAGEMAGICK) -RUN_DEPENDS+= ${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick +.if ${PORT_OPTIONS:MIMAGEMAGICK} +RUN_DEPENDS+= convert:${PORTSDIR}/graphics/ImageMagick .else USE_PHP+= gd .endif @@ -37,14 +38,14 @@ USE_PHP+= gd pre-everything:: @${ECHO_MSG} "" @${ECHO_MSG} "By default, coppermine depends on PHP with GD support." - @${ECHO_MSG} "You may define WITH_IMAGEMAGICK to depend on ImageMagick instead of GD." + @${ECHO_MSG} "You may select IMAGEMAGICK to depend on ImageMagick instead of GD." @${ECHO_MSG} "" post-extract: @${CHMOD} -R o-w ${WRKSRC}/ do-install: -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR}/ @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCFILES} ${DOCSDIR} .endif Modified: head/www/coppermine/distinfo ============================================================================== --- head/www/coppermine/distinfo Thu Aug 30 10:54:49 2012 (r303368) +++ head/www/coppermine/distinfo Thu Aug 30 11:40:20 2012 (r303369) @@ -1,2 +1,2 @@ -SHA256 (cpg1.5.18.zip) = 58255ee376daae3592bb3118701119a5e2388a99a736e98c72f62ec53391fbe8 -SIZE (cpg1.5.18.zip) = 19035430 +SHA256 (cpg1.5.20.zip) = f5388d6fa0952f4aba8f51ae9f86c7f916c432831e02050c27d27737cececcf5 +SIZE (cpg1.5.20.zip) = 19122378