From 358229bc250ff3a0a76847abe4575489ab037126 Mon Sep 17 00:00:00 2001 From: Dan Langille Date: Wed, 23 Dec 2015 21:20:51 +0000 Subject: [PATCH] patch with security fix for CVE-2015-5059 Submitted by: Torsten Zuhlsdorff & Jason Unovitch PR: 201106 202865 Approved by: mat (mentor) Differential Review: D4196 --- databases/mantis/Makefile | 17 +++++++++++++---- .../files/patch-config__defaults__inc.php | 17 +++++++++++++++++ 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 databases/mantis/files/patch-config__defaults__inc.php diff --git a/databases/mantis/Makefile b/databases/mantis/Makefile index 9e175f94cd12..a7808bfa4ed6 100644 --- a/databases/mantis/Makefile +++ b/databases/mantis/Makefile @@ -3,7 +3,7 @@ PORTNAME= mantis PORTVERSION= 1.2.19 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION} DISTNAME= mantisbt-${PORTVERSION} @@ -12,14 +12,23 @@ MAINTAINER= dvl@FreeBSD.org COMMENT= Bug tracking system written in PHP NO_BUILD= yes -USE_PHP= hash pcre session -USES= pgsql +USE_PHP= hash pcre session xml + +OPTIONS_MULTI= DB +OPTIONS_MULTI_DB= MYSQL PGSQL + +MYSQL_DESC= MySQL support +PGSQL_DESC= PostgreSQL support + +OPTIONS_DEFAULT= MYSQL + +MYSQL_USE= mysql=yes php=mysql +PGSQL_USE= pgsql=yes php=pgsql SUB_FILES= pkg-message PLIST_SUB= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} - do-install: ${MKDIR} ${STAGEDIR}${WWWDIR} cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR} diff --git a/databases/mantis/files/patch-config__defaults__inc.php b/databases/mantis/files/patch-config__defaults__inc.php new file mode 100644 index 000000000000..dd5c680c4e6b --- /dev/null +++ b/databases/mantis/files/patch-config__defaults__inc.php @@ -0,0 +1,17 @@ +--- config_defaults_inc.php.orig 2015-11-02 10:57:53 UTC ++++ config_defaults_inc.php +@@ -2347,9 +2347,13 @@ + + /** + * Threshold needed to view project documentation ++ * Note: setting this to ANYBODY will let any user download attachments ++ * from private projects, regardless of their being a member of it. ++ * @see $g_enable_project_documentation ++ * @see $g_upload_project_file_threshold + * @global int $g_view_proj_doc_threshold + */ +- $g_view_proj_doc_threshold = ANYBODY; ++ $g_view_proj_doc_threshold = VIEWER; + + /** + * Site manager