svn commit: r411047 - in branches/2016Q1/graphics/jpgraph2: . files

Thomas Zander riggs at FreeBSD.org
Mon Mar 14 06:13:17 UTC 2016 

Author: riggs
Date: Mon Mar 14 06:13:15 2016
New Revision: 411047
URL: https://svnweb.freebsd.org/changeset/ports/411047

Log:
  MFH: r410998
  
  Fix cross site scripting vulnerability, bump PORTREVISION
  
  Fix CVE-2009-4422: Multiple cross-site scripting (XSS) vulnerabilities in
  the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph
  3.0.6 allow remote attackers to inject arbitrary web script or HTML via a
  key to csim_in_html_ex1.php, and other unspecified vectors.
  
  Despite ports tree version is 3.0.7, this vulnerability has not been fixed.
  The solution is taken from
  http://www.securityfocus.com/archive/1/archive/1/508586/100/0/threaded
  
  While on it:
  - Fix typo in port creator's mail address
  - Add LICENSE*
  - Add NO_ARCH=yes (port only installs scripts)
  
  PR:		207001
  Submitted by:	venture37 at geeklan.co.uk
  Security:	CVE-2009-4422
  Approved by:	ports-secteam (feld)

Added:
  branches/2016Q1/graphics/jpgraph2/files/
     - copied from r410998, head/graphics/jpgraph2/files/
Modified:
  branches/2016Q1/graphics/jpgraph2/Makefile
Directory Properties:
  branches/2016Q1/   (props changed)

Modified: branches/2016Q1/graphics/jpgraph2/Makefile
==============================================================================
--- branches/2016Q1/graphics/jpgraph2/Makefile	Mon Mar 14 05:56:21 2016	(r411046)
+++ branches/2016Q1/graphics/jpgraph2/Makefile	Mon Mar 14 06:13:15 2016	(r411047)
@@ -1,8 +1,9 @@
-# Created by: Alex Dupre <ale at FreeBSD.org:
+# Created by: Alex Dupre <ale at FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	jpgraph
 PORTVERSION=	3.0.7
+PORTREVISION=	1
 CATEGORIES=	graphics
 MASTER_SITES=	http://hem.bredband.net/jpgraph2/
 PKGNAMESUFFIX=	2
@@ -10,7 +11,13 @@ PKGNAMESUFFIX=	2
 MAINTAINER=	ports at FreeBSD.org
 COMMENT=	Draw both "quick and dirty" graphs with a minimum of code
 
+LICENSE=	jpgraph
+LICENSE_NAME=	JpGraph license
+LICENSE_FILE=	${WRKSRC}/README
+LICENSE_PERMS=	dist-mirror pkg-mirror auto-accept
+
 USES=		tar:bzip2
+NO_ARCH=	yes
 NO_BUILD=	yes
 NO_WRKSUBDIR=	yes
 USE_PHP=	gd

More information about the svn-ports-branches mailing list