patch with security fix for CVE-2015-5059
Submitted by: Torsten Zuhlsdorff & Jason Unovitch PR: 201106 202865 Approved by: mat (mentor) Differential Review: D4196
This commit is contained in:
parent
48c69118c7
commit
358229bc25
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=404324
2 changed files with 30 additions and 4 deletions
|
@ -3,7 +3,7 @@
|
|||
|
||||
PORTNAME= mantis
|
||||
PORTVERSION= 1.2.19
|
||||
PORTREVISION= 0
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= databases www
|
||||
MASTER_SITES= SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION}
|
||||
DISTNAME= mantisbt-${PORTVERSION}
|
||||
|
@ -12,14 +12,23 @@ MAINTAINER= dvl@FreeBSD.org
|
|||
COMMENT= Bug tracking system written in PHP
|
||||
|
||||
NO_BUILD= yes
|
||||
USE_PHP= hash pcre session
|
||||
USES= pgsql
|
||||
USE_PHP= hash pcre session xml
|
||||
|
||||
OPTIONS_MULTI= DB
|
||||
OPTIONS_MULTI_DB= MYSQL PGSQL
|
||||
|
||||
MYSQL_DESC= MySQL support
|
||||
PGSQL_DESC= PostgreSQL support
|
||||
|
||||
OPTIONS_DEFAULT= MYSQL
|
||||
|
||||
MYSQL_USE= mysql=yes php=mysql
|
||||
PGSQL_USE= pgsql=yes php=pgsql
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
|
||||
PLIST_SUB= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
|
||||
|
||||
|
||||
do-install:
|
||||
${MKDIR} ${STAGEDIR}${WWWDIR}
|
||||
cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR}
|
||||
|
|
17
databases/mantis/files/patch-config__defaults__inc.php
Normal file
17
databases/mantis/files/patch-config__defaults__inc.php
Normal file
|
@ -0,0 +1,17 @@
|
|||
--- config_defaults_inc.php.orig 2015-11-02 10:57:53 UTC
|
||||
+++ config_defaults_inc.php
|
||||
@@ -2347,9 +2347,13 @@
|
||||
|
||||
/**
|
||||
* Threshold needed to view project documentation
|
||||
+ * Note: setting this to ANYBODY will let any user download attachments
|
||||
+ * from private projects, regardless of their being a member of it.
|
||||
+ * @see $g_enable_project_documentation
|
||||
+ * @see $g_upload_project_file_threshold
|
||||
* @global int $g_view_proj_doc_threshold
|
||||
*/
|
||||
- $g_view_proj_doc_threshold = ANYBODY;
|
||||
+ $g_view_proj_doc_threshold = VIEWER;
|
||||
|
||||
/**
|
||||
* Site manager
|
Loading…
Reference in a new issue