diff options
author | Thomas Zander <riggs@FreeBSD.org> | 2016-03-13 16:19:27 +0000 |
---|---|---|
committer | Thomas Zander <riggs@FreeBSD.org> | 2016-03-13 16:19:27 +0000 |
commit | f923d51199c5b23f9556febf39182c723ccb58a9 (patch) | |
tree | f961ec2cfbc18c0329965db198ca1abec3f7a8ee /graphics/jpgraph2/Makefile | |
parent | ae96710903a8adde675284faa230341ea38c60ba (diff) | |
download | ports-f923d51199c5b23f9556febf39182c723ccb58a9.tar.gz ports-f923d51199c5b23f9556febf39182c723ccb58a9.zip |
Fix cross site scripting vulnerability, bump PORTREVISION
Fix CVE-2009-4422: Multiple cross-site scripting (XSS) vulnerabilities in
the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph
3.0.6 allow remote attackers to inject arbitrary web script or HTML via a
key to csim_in_html_ex1.php, and other unspecified vectors.
Despite ports tree version is 3.0.7, this vulnerability has not been fixed.
The solution is taken from
http://www.securityfocus.com/archive/1/archive/1/508586/100/0/threaded
While on it:
- Fix typo in port creator's mail address
- Add LICENSE*
- Add NO_ARCH=yes (port only installs scripts)
PR: 207001
Submitted by: venture37@geeklan.co.uk
MFH: 2016Q1
Security: CVE-2009-4422
Notes
Notes:
svn path=/head/; revision=410998
Diffstat (limited to 'graphics/jpgraph2/Makefile')
-rw-r--r-- | graphics/jpgraph2/Makefile | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/graphics/jpgraph2/Makefile b/graphics/jpgraph2/Makefile index 11ab65a97fdc..a0726f81dbfc 100644 --- a/graphics/jpgraph2/Makefile +++ b/graphics/jpgraph2/Makefile @@ -1,8 +1,9 @@ -# Created by: Alex Dupre <ale@FreeBSD.org: +# Created by: Alex Dupre <ale@FreeBSD.org> # $FreeBSD$ PORTNAME= jpgraph PORTVERSION= 3.0.7 +PORTREVISION= 1 CATEGORIES= graphics MASTER_SITES= http://hem.bredband.net/jpgraph2/ PKGNAMESUFFIX= 2 @@ -10,7 +11,13 @@ PKGNAMESUFFIX= 2 MAINTAINER= ports@FreeBSD.org COMMENT= Draw both "quick and dirty" graphs with a minimum of code +LICENSE= jpgraph +LICENSE_NAME= JpGraph license +LICENSE_FILE= ${WRKSRC}/README +LICENSE_PERMS= dist-mirror pkg-mirror auto-accept + USES= tar:bzip2 +NO_ARCH= yes NO_BUILD= yes NO_WRKSUBDIR= yes USE_PHP= gd |