From nobody@FreeBSD.org  Fri Jun 29 22:13:43 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C6C7F106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 29 Jun 2012 22:13:43 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 983198FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 29 Jun 2012 22:13:43 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q5TMDgiN089597
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 29 Jun 2012 22:13:42 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q5TMDgsp089596;
	Fri, 29 Jun 2012 22:13:42 GMT
	(envelope-from nobody)
Message-Id: <201206292213.q5TMDgsp089596@red.freebsd.org>
Date: Fri, 29 Jun 2012 22:13:42 GMT
From: Alexey <alexey@kouznetsov.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Port www/coppermine is out of the date
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         169558
>Category:       ports
>Synopsis:       Port www/coppermine is out of the date
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jase
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 29 22:20:06 UTC 2012
>Closed-Date:    Thu Aug 30 12:44:30 BST 2012
>Last-Modified:  Thu Aug 30 11:50:01 UTC 2012
>Originator:     Alexey
>Release:        n/a
>Organization:
>Environment:
n/a
>Description:
From coppermine news 

---
2012-03-29: cpg1.5.20 has been released. It's a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.18 or older update to this latest version as soon as possible.
---

current version in the port is: coppermine-1.5.18

>How-To-Repeat:
Install port from the latest porttree
>Fix:
change version in the port to 1.5.20

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->jase 
Responsible-Changed-By: jase 
Responsible-Changed-When: Fri 29 Jun 2012 22:51:52 UTC 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169558 
State-Changed-From-To: open->closed 
State-Changed-By: jase 
State-Changed-When: Thu 30 Aug 2012 12:44:29 BST 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169558 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/169558: commit references a PR
Date: Thu, 30 Aug 2012 11:40:32 +0000 (UTC)

 Author: jase
 Date: Thu Aug 30 11:40:20 2012
 New Revision: 303369
 URL: http://svn.freebsd.org/changeset/ports/303369
 
 Log:
   - Update to 1.5.20
   - Update MASTER_SITES
   - Convert to optionsNG and add DOCS option
   - Document security vulnerabilities [1]
   
   PR:		ports/169558
   Requested by:	Alexey <alexey@kouznetsov.com> (submitter)
   Security:	6dd5e45c-f084-11e1-8d0f-406186f3d89d [1]
   Approved by:	flo (mentor)
 
 Modified:
   head/security/vuxml/vuln.xml
   head/www/coppermine/Makefile   (contents, props changed)
   head/www/coppermine/distinfo   (contents, props changed)
 
 Modified: head/security/vuxml/vuln.xml
 ==============================================================================
 --- head/security/vuxml/vuln.xml	Thu Aug 30 10:54:49 2012	(r303368)
 +++ head/security/vuxml/vuln.xml	Thu Aug 30 11:40:20 2012	(r303369)
 @@ -51,6 +51,40 @@ Note:  Please add new entries to the beg
  
  -->
  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
 +  <vuln vid="6dd5e45c-f084-11e1-8d0f-406186f3d89d">
 +    <topic>coppermine -- Multiple vulnerabilites</topic>
 +    <affects>
 +      <package>
 +	<name>coppermine</name>
 +	<range><lt>1.5.20</lt></range>
 +      </package>
 +    </affects>
 +    <description>
 +      <body xmlns="http://www.w3.org/1999/xhtml">
 +	<p>The Coppermine Team reports:</p>
 +	<blockquote cite="http://forum.coppermine-gallery.net/index.php/topic,74682.0.html">
 +	  <p>The release covers several path disclosure vulnerabilities. If 
 +	    unpatched, it's possible to generate an error that will reveal the 
 +	    full path of the script. A remote user can determine the full path 
 +	    to the web root directory and other potentially sensitive 
 +	    information. Furthermore, the release covers a recently discovered 
 +	    XSS vulnerability that allows (if unpatched) a malevolent visitor to 
 +	    include own script routines under certain conditions.</p>
 +	</blockquote>
 +      </body>
 +    </description>
 +    <references>
 +      <cvename>CVE-2012-1613</cvename>
 +      <cvename>CVE-2012-1614</cvename>
 +      <mlist>http://seclists.org/oss-sec/2012/q2/11</mlist>
 +      <url>http://forum.coppermine-gallery.net/index.php/topic,74682.0.html</url>
 +    </references>
 +    <dates>
 +      <discovery>2012-03-29</discovery>
 +      <entry>2012-08-30</entry>
 +    </dates>
 +  </vuln>
 +
    <vuln vid="16846d1e-f1de-11e1-8bd8-0022156e8794">
      <topic>Java 1.7 -- security manager bypass</topic>
      <affects>
 
 Modified: head/www/coppermine/Makefile
 ==============================================================================
 --- head/www/coppermine/Makefile	Thu Aug 30 10:54:49 2012	(r303368)
 +++ head/www/coppermine/Makefile	Thu Aug 30 11:40:20 2012	(r303369)
 @@ -6,15 +6,16 @@
  #
  
  PORTNAME=	coppermine
 -PORTVERSION=	1.5.18
 +PORTVERSION=	1.5.20
  CATEGORIES=	www
 -MASTER_SITES=	SF/${PORTNAME}/Coppermine/${PORTVERSION:R}.x/
 +MASTER_SITES=	SF/eenemeenemuu.u
  DISTNAME=	cpg${PORTVERSION}
  
  MAINTAINER=	ports@FreeBSD.org
  COMMENT=	A web picture gallery script
  
 -OPTIONS=	IMAGEMAGICK "Use ImageMagick instead of php5-gd" off
 +OPTIONS_DEFINE=	DOCS IMAGEMAGICK
 +IMAGEMAGICK_DESC=	Use ImageMagick instead of PHP GD extension
  
  USE_PHP=	mysql pcre
  USE_ZIP=	yes
 @@ -28,8 +29,8 @@ SUB_FILES+=	pkg-message
  
  .include <bsd.port.options.mk>
  
 -.if defined (WITH_IMAGEMAGICK)
 -RUN_DEPENDS+=	${LOCALBASE}/bin/convert:${PORTSDIR}/graphics/ImageMagick
 +.if ${PORT_OPTIONS:MIMAGEMAGICK}
 +RUN_DEPENDS+=	convert:${PORTSDIR}/graphics/ImageMagick
  .else
  USE_PHP+=	gd
  .endif
 @@ -37,14 +38,14 @@ USE_PHP+=	gd
  pre-everything::
  	@${ECHO_MSG} ""
  	@${ECHO_MSG} "By default, coppermine depends on PHP with GD support."
 -	@${ECHO_MSG} "You may define WITH_IMAGEMAGICK to depend on ImageMagick instead of GD."
 +	@${ECHO_MSG} "You may select IMAGEMAGICK to depend on ImageMagick instead of GD."
  	@${ECHO_MSG} ""
  
  post-extract:
  	@${CHMOD} -R o-w ${WRKSRC}/
  
  do-install:
 -.if !defined(NOPORTDOCS)
 +.if ${PORT_OPTIONS:MDOCS}
  	${MKDIR} ${DOCSDIR}/
  	@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCFILES} ${DOCSDIR}
  .endif
 
 Modified: head/www/coppermine/distinfo
 ==============================================================================
 --- head/www/coppermine/distinfo	Thu Aug 30 10:54:49 2012	(r303368)
 +++ head/www/coppermine/distinfo	Thu Aug 30 11:40:20 2012	(r303369)
 @@ -1,2 +1,2 @@
 -SHA256 (cpg1.5.18.zip) = 58255ee376daae3592bb3118701119a5e2388a99a736e98c72f62ec53391fbe8
 -SIZE (cpg1.5.18.zip) = 19035430
 +SHA256 (cpg1.5.20.zip) = f5388d6fa0952f4aba8f51ae9f86c7f916c432831e02050c27d27737cececcf5
 +SIZE (cpg1.5.20.zip) = 19122378
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
