svn commit: r303369 - in head: security/vuxml www/coppermine
Jase Thew
jase at FreeBSD.org
Thu Aug 30 11:40:21 UTC 2012
Author: jase
Date: Thu Aug 30 11:40:20 2012
New Revision: 303369
URL: http://svn.freebsd.org/changeset/ports/303369
Log:
- Update to 1.5.20
- Update MASTER_SITES
- Convert to optionsNG and add DOCS option
- Document security vulnerabilities [1]
PR: ports/169558
Requested by: Alexey <alexey at kouznetsov.com> (submitter)
Security: 6dd5e45c-f084-11e1-8d0f-406186f3d89d [1]
Approved by: flo (mentor)
Modified:
head/security/vuxml/vuln.xml
head/www/coppermine/Makefile (contents, props changed)
head/www/coppermine/distinfo (contents, props changed)
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Aug 30 10:54:49 2012 (r303368)
+++ head/security/vuxml/vuln.xml Thu Aug 30 11:40:20 2012 (r303369)
@@ -51,6 +51,40 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="6dd5e45c-f084-11e1-8d0f-406186f3d89d">
+ <topic>coppermine -- Multiple vulnerabilites</topic>
+ <affects>
+ <package>
+ <name>coppermine</name>
+ <range><lt>1.5.20</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Coppermine Team reports:</p>
+ <blockquote cite="http://forum.coppermine-gallery.net/index.php/topic,74682.0.html">
+ <p>The release covers several path disclosure vulnerabilities. If
+ unpatched, it's possible to generate an error that will reveal the
+ full path of the script. A remote user can determine the full path
+ to the web root directory and other potentially sensitive
+ information. Furthermore, the release covers a recently discovered
+ XSS vulnerability that allows (if unpatched) a malevolent visitor to
+ include own script routines under certain conditions.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-1613</cvename>
+ <cvename>CVE-2012-1614</cvename>
+ <mlist>http://seclists.org/oss-sec/2012/q2/11</mlist>
+ <url>http://forum.coppermine-gallery.net/index.php/topic,74682.0.html</url>
+ </references>
+ <dates>
+ <discovery>2012-03-29</discovery>
+ <entry>2012-08-30</entry>
+ </dates>
+ </vuln>
+
<vuln vid="16846d1e-f1de-11e1-8bd8-0022156e8794">
<topic>Java 1.7 -- security manager bypass</topic>
<affects>
Modified: head/www/coppermine/Makefile
==============================================================================
--- head/www/coppermine/Makefile Thu Aug 30 10:54:49 2012 (r303368)
+++ head/www/coppermine/Makefile Thu Aug 30 11:40:20 2012 (r303369)
@@ -6,15 +6,16 @@
#
PORTNAME= coppermine
-PORTVERSION= 1.5.18
+PORTVERSION= 1.5.20
CATEGORIES= www
-MASTER_SITES= SF/${PORTNAME}/Coppermine/${PORTVERSION:R}.x/
+MASTER_SITES= SF/eenemeenemuu.u
DISTNAME= cpg${PORTVERSION}
MAINTAINER= ports at FreeBSD.org
COMMENT= A web picture gallery script
-OPTIONS= IMAGEMAGICK "Use ImageMagick instead of php5-gd" off
+OPTIONS_DEFINE= DOCS IMAGEMAGICK
+IMAGEMAGICK_DESC= Use ImageMagick instead of PHP GD extension
USE_PHP= mysql pcre
USE_ZIP= yes
@@ -28,8 +29,8 @@ SUB_FILES+= pkg-message
.include <bsd.port.options.mk>
-.if defined (WITH_IMAGEMAGICK)
-RUN_DEPENDS+= ${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick
+.if ${PORT_OPTIONS:MIMAGEMAGICK}
+RUN_DEPENDS+= convert:${PORTSDIR}/graphics/ImageMagick
.else
USE_PHP+= gd
.endif
@@ -37,14 +38,14 @@ USE_PHP+= gd
pre-everything::
@${ECHO_MSG} ""
@${ECHO_MSG} "By default, coppermine depends on PHP with GD support."
- @${ECHO_MSG} "You may define WITH_IMAGEMAGICK to depend on ImageMagick instead of GD."
+ @${ECHO_MSG} "You may select IMAGEMAGICK to depend on ImageMagick instead of GD."
@${ECHO_MSG} ""
post-extract:
@${CHMOD} -R o-w ${WRKSRC}/
do-install:
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
${MKDIR} ${DOCSDIR}/
@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCFILES} ${DOCSDIR}
.endif
Modified: head/www/coppermine/distinfo
==============================================================================
--- head/www/coppermine/distinfo Thu Aug 30 10:54:49 2012 (r303368)
+++ head/www/coppermine/distinfo Thu Aug 30 11:40:20 2012 (r303369)
@@ -1,2 +1,2 @@
-SHA256 (cpg1.5.18.zip) = 58255ee376daae3592bb3118701119a5e2388a99a736e98c72f62ec53391fbe8
-SIZE (cpg1.5.18.zip) = 19035430
+SHA256 (cpg1.5.20.zip) = f5388d6fa0952f4aba8f51ae9f86c7f916c432831e02050c27d27737cececcf5
+SIZE (cpg1.5.20.zip) = 19122378
More information about the svn-ports-all
mailing list