- Update to 1.2.7

PR: ports/160368 Submitted by: gjb Approved by: dvl (maintainer), bapt (mentor) Security: CVE-2011-2938
svn path=/head/; revision=281245
2011-09-05 15:55:38 +00:00 · 2011-09-05 15:55:38 +00:00 · d853d81edd · 2021-03-31 03:12:20 +00:00
commit d853d81edd
parent 2b98a96259
4 changed files with 46 additions and 3 deletions
--- a/databases/mantis/Makefile
+++ b/databases/mantis/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	mantis
-PORTVERSION=	1.2.5
+PORTVERSION=	1.2.7
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION}
 DISTNAME=	mantisbt-${PORTVERSION}
--- a/databases/mantis/distinfo
+++ b/databases/mantis/distinfo
@ -1,2 +1,2 @@
-SHA256 (mantisbt-1.2.5.tar.gz) = 61ee5f65ec3bde92ee918934a5f463a5af6a603ff2684cf7125a6925bb802efe
-SIZE (mantisbt-1.2.5.tar.gz) = 3331571
+SHA256 (mantisbt-1.2.7.tar.gz) = ea6cf74c079144fbb9b3b1fdcdcc082177cd42efdada1ee64faa15911b209304
+SIZE (mantisbt-1.2.7.tar.gz) = 3366560
--- a/databases/mantis/pkg-plist
+++ b/databases/mantis/pkg-plist
@ -46,6 +46,7 @@
 %%WWWDIR%%/api/soap/mc_issue_attachment_api.php
 %%WWWDIR%%/api/soap/mc_project_api.php
 %%WWWDIR%%/api/soap/mc_project_attachment_api.php
+%%WWWDIR%%/api/soap/mc_user_pref_api.php
 %%WWWDIR%%/billing_inc.php
 %%WWWDIR%%/billing_page.php
 %%WWWDIR%%/browser_search_plugin.php
@ -894,6 +895,7 @@
 %%WWWDIR%%/news_update.php
 %%WWWDIR%%/news_view_page.php
 %%WWWDIR%%/permalink_page.php
+%%WWWDIR%%/phing/tasks/mantisbt/ExtractMantisBTVersion.php
 %%WWWDIR%%/plugin.php
 %%WWWDIR%%/plugin_file.php
 %%WWWDIR%%/plugins/MantisCoreFormatting/MantisCoreFormatting.php
@ -903,7 +905,9 @@
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_breton.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_bulgarian.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_catalan.txt
+%%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_czech.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_chinese_simplified.txt
+%%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_chinese_traditional.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_dutch.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_english.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_finnish.txt
@ -915,6 +919,7 @@
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_interlingua.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_italian.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_japanese.txt
+%%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_lithuanian.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_macedonian.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_norwegian_bokmal.txt
 %%WWWDIR%%/plugins/MantisCoreFormatting/lang/strings_occitan.txt
@ -937,10 +942,12 @@
 %%WWWDIR%%/plugins/MantisGraph/core/graph_api.php
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_arabic.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_arabicegyptianspoken.txt
+%%WWWDIR%%/plugins/MantisGraph/lang/strings_belarusian_tarask.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_breton.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_bulgarian.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_catalan.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_chinese_simplified.txt
+%%WWWDIR%%/plugins/MantisGraph/lang/strings_chinese_traditional.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_czech.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_dutch.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_english.txt
@ -969,6 +976,7 @@
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_swedish.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_swissgerman.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_tagalog.txt
+%%WWWDIR%%/plugins/MantisGraph/lang/strings_turkish.txt
 %%WWWDIR%%/plugins/MantisGraph/lang/strings_vietnamese.txt
 %%WWWDIR%%/plugins/MantisGraph/pages/bug_graph_bycategory.php
 %%WWWDIR%%/plugins/MantisGraph/pages/bug_graph_bystatus.php
@ -1005,9 +1013,12 @@
 %%WWWDIR%%/plugins/XmlImportExport/XmlImportExport.php
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_afrikaans.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_arabic.txt
+%%WWWDIR%%/plugins/XmlImportExport/lang/strings_belarusian_tarask.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_breton.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_catalan.txt
+%%WWWDIR%%/plugins/XmlImportExport/lang/strings_czech.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_chinese_simplified.txt
+%%WWWDIR%%/plugins/XmlImportExport/lang/strings_chinese_traditional.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_dutch.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_english.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_finnish.txt
@ -1019,6 +1030,7 @@
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_interlingua.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_italian.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_japanese.txt
+%%WWWDIR%%/plugins/XmlImportExport/lang/strings_lithuanian.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_macedonian.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_norwegian_bokmal.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_occitan.txt
@ -1028,6 +1040,7 @@
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_russian.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_slovak.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_spanish.txt
+%%WWWDIR%%/plugins/XmlImportExport/lang/strings_swedish.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_swissgerman.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_tagalog.txt
 %%WWWDIR%%/plugins/XmlImportExport/lang/strings_turkish.txt
@ -1092,7 +1105,10 @@
 %%WWWDIR%%/tests/soap/IssueUpdateTest.php
 %%WWWDIR%%/tests/soap/LoginTest.php
 %%WWWDIR%%/tests/soap/ProjectTest.php
+%%WWWDIR%%/tests/soap/RelationshipTest.php
 %%WWWDIR%%/tests/soap/SoapBase.php
+%%WWWDIR%%/tests/soap/UserTest.php
+%%WWWDIR%%/tests/soap/VersionTest.php
 %%WWWDIR%%/tests/test.php
 %%WWWDIR%%/tests/test_config_get_set.php
 %%WWWDIR%%/verify.php
@ -1120,6 +1136,9 @@
@dirrm %%WWWDIR%%/plugins/MantisCoreFormatting/lang
@dirrm %%WWWDIR%%/plugins/MantisCoreFormatting
@dirrm %%WWWDIR%%/plugins
+@dirrm %%WWWDIR%%/phing/tasks/mantisbt
+@dirrm %%WWWDIR%%/phing/tasks
+@dirrm %%WWWDIR%%/phing
@dirrm %%WWWDIR%%/library/utf8/utils
@dirrm %%WWWDIR%%/library/utf8/native
@dirrm %%WWWDIR%%/library/utf8/mbstring
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -34,6 +34,30 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="a83f25df-d775-11e0-8bf1-003067b2972c">
+	  <topic>XSS issue in MantisBT</topic>
+	  <affects>
+		  <package>
+			  <name>mantis</name>
+			  <range><ge>1.2.0</ge><lt>1.2.7</lt></range>
+		  </package>
+	  </affects>
+	  <description>
+		  <body xmlns="http://www.w3.org/1999/xhtml">
+			  <blockquote  cite="http://www.mantisbt.org/blog/?p=142">
+			    Net.Edit0r from BlACK Hat Group reported an XSS issue in search.php. All MantisBT users (including anonymous users that are not logged in to public bug trackers) could be impacted by this vulnerability.
+			  </blockquote>
+		  </body>
+	  </description>
+	  <references>
+		  <freebsdpr>ports/160368</freebsdpr>
+		  <cvename>CVE-2011-2938</cvename>
+	  </references>
+	  <dates>
+		  <discovery>2011-08-18</discovery>
+		  <entry>2011-09-05</entry>
+	  </dates>
+  </vuln>
  <vuln vid="e55f948f-d729-11e0-abd1-0017f22d6707">
    <topic>security/cfs -- buffer overflow</topic>
    <affects>