patch with security fix for CVE-2015-5059

Submitted by: Torsten Zuhlsdorff & Jason Unovitch PR: 201106 202865 Approved by: mat (mentor) Differential Review: D4196
svn path=/head/; revision=404324
2015-12-23 21:20:51 +00:00 · 2015-12-23 21:20:51 +00:00 · 358229bc25 · 2021-03-31 03:12:20 +00:00
commit 358229bc25
parent 48c69118c7
2 changed files with 30 additions and 4 deletions
--- a/databases/mantis/Makefile
+++ b/databases/mantis/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	mantis
 PORTVERSION=	1.2.19
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION}
 DISTNAME=	mantisbt-${PORTVERSION}
@ -12,14 +12,23 @@ MAINTAINER=	dvl@FreeBSD.org
 COMMENT=	Bug tracking system written in PHP

 NO_BUILD=	yes
-USE_PHP=	hash pcre session
-USES=	pgsql
+USE_PHP=	hash pcre session xml
+
+OPTIONS_MULTI=	DB
+OPTIONS_MULTI_DB=	MYSQL PGSQL
+
+MYSQL_DESC=	MySQL support
+PGSQL_DESC=	PostgreSQL support
+
+OPTIONS_DEFAULT=	MYSQL
+
+MYSQL_USE=	mysql=yes php=mysql
+PGSQL_USE=	pgsql=yes php=pgsql

 SUB_FILES=	pkg-message

 PLIST_SUB=	WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}

-
 do-install:
 	${MKDIR} ${STAGEDIR}${WWWDIR}
 	cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR}
--- a/databases/mantis/files/patch-configdefaultsinc.php
+++ b/databases/mantis/files/patch-configdefaultsinc.php
@ -0,0 +1,17 @@
+--- config_defaults_inc.php.orig	2015-11-02 10:57:53 UTC
+++ config_defaults_inc.php
+@@ -2347,9 +2347,13 @@
+ 
+ 	/**
+ 	 * Threshold needed to view project documentation
+	 * Note: setting this to ANYBODY will let any user download attachments
+	 * from private projects, regardless of their being a member of it.
+	 * @see $g_enable_project_documentation
+	 * @see $g_upload_project_file_threshold
+ 	 * @global int $g_view_proj_doc_threshold
+ 	 */
+-	$g_view_proj_doc_threshold = ANYBODY;
+	$g_view_proj_doc_threshold = VIEWER;
+ 
+ 	/**
+ 	 * Site manager