pkgsrc/devel/mantis/MESSAGE

===========================================================================
$NetBSD: MESSAGE,v 1.6 2014/09/24 01:06:26 rodent Exp $

To complete the setup you will need to read the INSTALL guide in order
to setup MySQL properly.  In particular secion 3 of the document deals
with database setup.

The following URL can be used to complete the installation and database
setup:

	http://localhost/mantis/admin/install.php

You will need to make Mantis accessible through your HTTP server.
If you are running Apache then you may add the following lines to httpd.conf:

	Include ${PKG_SYSCONFDIR}/mantis.conf

to make Mantis accessible through:

	http://localhost/mantis/index.php


IMPORTANT SECURITY NOTES:

	* Once Mantis is running correctly remove or restrict access to
	  the admin directory.
===========================================================================
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis is free to use and modify. It is free to redistribute as long as you abide by the distribution terms of the GPL. 2004-11-08 20:05:33 +01:00			`===========================================================================`
Update to 1.2.17. pkgsrc changes: Add bash:run to USE_TOOLS and REPLACE_BASH in installed file. Replace PHP interpreter in installed *.php files. Move options framework into options.mk. Use INSTALLATION_DIRS instead of INSTALL_DATA_DIR. From doc/RELEASE: 1.2.17 Security Release (2014-03-04) ------------------------------------------------- MantisBT 1.2.17 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from [3]. An SQL injection vulnerability (CVE-2014-2238) in adm_config_report.php was patched. Refer to issue #17055 for detailed information. This release also includes a few bug fixes for the tracker, including News API correction for the regression issue #16940 introduced in 1.2.16, as well as updated translations in many languages. A full changelog for the 1.2.x series can be found on the official site. [1] 1.2.16 Security Release (2014-02-07) ------------------------------------------------- MantisBT 1.2.16 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from [3]. The following security issues were resolved: - Cross-site scripting (XSS) issue in account_sponsor_page.php, allowing a malicious user with project manager access to execute arbitrary JavaScript code (CVE-2013-4460). Affects MantisBT 1.1.0 and later. Refer to issue #16513 for detailed information. - SQL injection attacks through the SOAP API's mc_attachment_get() function (CVE-2014-1608). Affects MantisBT 1.1.0a4 and later. Refer to issue #16879 for detailed information. - Additional cases of unsanitized SQL query parameters usage were identified, potentially allowing SQL injection attacks (CVE-2014-1609). Refer to issue #16880 for detailed information. This release also includes many bug fixes and enhancements to the tracker and the SOAP api, as well as updated translations in many languages. A full changelog for the 1.2.x series can be found on the official site. [1] [1] The changelog is split between multiple releases: 1.2.17 http://www.mantisbt.org/bugs/changelog_page.php?version_id=189 1.2.16 http://www.mantisbt.org/bugs/changelog_page.php?version_id=183 2014-09-24 03:06:26 +02:00			$NetBSD: MESSAGE,v 1.6 2014/09/24 01:06:26 rodent Exp $
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis is free to use and modify. It is free to redistribute as long as you abide by the distribution terms of the GPL. 2004-11-08 20:05:33 +01:00
			`To complete the setup you will need to read the INSTALL guide in order`
Update to 1.2.17. pkgsrc changes: Add bash:run to USE_TOOLS and REPLACE_BASH in installed file. Replace PHP interpreter in installed *.php files. Move options framework into options.mk. Use INSTALLATION_DIRS instead of INSTALL_DATA_DIR. From doc/RELEASE: 1.2.17 Security Release (2014-03-04) ------------------------------------------------- MantisBT 1.2.17 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from [3]. An SQL injection vulnerability (CVE-2014-2238) in adm_config_report.php was patched. Refer to issue #17055 for detailed information. This release also includes a few bug fixes for the tracker, including News API correction for the regression issue #16940 introduced in 1.2.16, as well as updated translations in many languages. A full changelog for the 1.2.x series can be found on the official site. [1] 1.2.16 Security Release (2014-02-07) ------------------------------------------------- MantisBT 1.2.16 is a security update for the stable 1.2.x branch. All installations that are currently running any 1.2.x version are strongly advised to upgrade to this release. Download it from [3]. The following security issues were resolved: - Cross-site scripting (XSS) issue in account_sponsor_page.php, allowing a malicious user with project manager access to execute arbitrary JavaScript code (CVE-2013-4460). Affects MantisBT 1.1.0 and later. Refer to issue #16513 for detailed information. - SQL injection attacks through the SOAP API's mc_attachment_get() function (CVE-2014-1608). Affects MantisBT 1.1.0a4 and later. Refer to issue #16879 for detailed information. - Additional cases of unsanitized SQL query parameters usage were identified, potentially allowing SQL injection attacks (CVE-2014-1609). Refer to issue #16880 for detailed information. This release also includes many bug fixes and enhancements to the tracker and the SOAP api, as well as updated translations in many languages. A full changelog for the 1.2.x series can be found on the official site. [1] [1] The changelog is split between multiple releases: 1.2.17 http://www.mantisbt.org/bugs/changelog_page.php?version_id=189 1.2.16 http://www.mantisbt.org/bugs/changelog_page.php?version_id=183 2014-09-24 03:06:26 +02:00			`to setup MySQL properly. In particular secion 3 of the document deals`
Removed trailing white-space. 2005-09-28 16:15:48 +02:00			`with database setup.`
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis is free to use and modify. It is free to redistribute as long as you abide by the distribution terms of the GPL. 2004-11-08 20:05:33 +01:00
Update mantis to 1.0.0rc2 Many updates and bugfixes including security updates - upgrade is recommended For a full list of changes: http://www.mantisbt.org/changelog.php 2005-09-20 00:33:28 +02:00			`The following URL can be used to complete the installation and database`
			`setup:`

Update to 1.0.3 > - 7037: [security] Port: Login with disabled account possible (vboctor) > - 7034: [bugtracker] Port: bug in string_sanitize_url() (vboctor) > - 7028: [db mssql] Port: "Prune Accounts" function doesn't work with MS SQL (vboctor) > - 7029: [db mssql] Port: MS SQL Error on View Filters Page (vboctor) > - 7030: [db mssql] Port: installtion fails - administrator have no rights on db (vboctor) > - 7032: [db mssql] Port: Error on opening Change Log (vboctor) > - 7039: [db mssql] Notice: Only variables should be assigned by reference in coreadodbadodb.inc.php on line 2931 (vboctor) > - 7035: [feature] Port: Global Profiles list not sorted (vboctor) > - 7038: [filters] Port: SYSTEM WARNING: Argument 1 to array_multisort() is expected to be an array or a sort flag (vboctor) > - 7031: [installation] Port: is_writable never success in install.php (vboctor) > - 7041: [installation] Port: newbie admins may be redirected to blank page (vboctor) > - 7033: [printing] Port: wrong strpos function call (vboctor) > - 7027: [upgrade] Port: fixed_in_version is renamed to Fixed_in_version during database migration (vboctor) 2006-05-28 17:17:47 +02:00			`http://localhost/mantis/admin/install.php`
Update mantis to 1.0.0rc2 Many updates and bugfixes including security updates - upgrade is recommended For a full list of changes: http://www.mantisbt.org/changelog.php 2005-09-20 00:33:28 +02:00
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis is free to use and modify. It is free to redistribute as long as you abide by the distribution terms of the GPL. 2004-11-08 20:05:33 +01:00			`You will need to make Mantis accessible through your HTTP server.`
			`If you are running Apache then you may add the following lines to httpd.conf:`

Fix mantis.conf path. PR#28497 by Wouter Schoot. 2004-12-06 00:19:08 +01:00			`Include ${PKG_SYSCONFDIR}/mantis.conf`
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis is free to use and modify. It is free to redistribute as long as you abide by the distribution terms of the GPL. 2004-11-08 20:05:33 +01:00
			`to make Mantis accessible through:`
Removed trailing white-space. 2005-09-28 16:15:48 +02:00
Update to 1.0.3 > - 7037: [security] Port: Login with disabled account possible (vboctor) > - 7034: [bugtracker] Port: bug in string_sanitize_url() (vboctor) > - 7028: [db mssql] Port: "Prune Accounts" function doesn't work with MS SQL (vboctor) > - 7029: [db mssql] Port: MS SQL Error on View Filters Page (vboctor) > - 7030: [db mssql] Port: installtion fails - administrator have no rights on db (vboctor) > - 7032: [db mssql] Port: Error on opening Change Log (vboctor) > - 7039: [db mssql] Notice: Only variables should be assigned by reference in coreadodbadodb.inc.php on line 2931 (vboctor) > - 7035: [feature] Port: Global Profiles list not sorted (vboctor) > - 7038: [filters] Port: SYSTEM WARNING: Argument 1 to array_multisort() is expected to be an array or a sort flag (vboctor) > - 7031: [installation] Port: is_writable never success in install.php (vboctor) > - 7041: [installation] Port: newbie admins may be redirected to blank page (vboctor) > - 7033: [printing] Port: wrong strpos function call (vboctor) > - 7027: [upgrade] Port: fixed_in_version is renamed to Fixed_in_version during database migration (vboctor) 2006-05-28 17:17:47 +02:00			`http://localhost/mantis/index.php`
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis is free to use and modify. It is free to redistribute as long as you abide by the distribution terms of the GPL. 2004-11-08 20:05:33 +01:00

			`IMPORTANT SECURITY NOTES:`

Update mantis to 1.0.0rc2 Many updates and bugfixes including security updates - upgrade is recommended For a full list of changes: http://www.mantisbt.org/changelog.php 2005-09-20 00:33:28 +02:00			`* Once Mantis is running correctly remove or restrict access to`
			`the admin directory.`
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Almost any web browser should be able to function as a client. It is released under the terms of the GNU General Public License (GPL). Mantis is free to use and modify. It is free to redistribute as long as you abide by the distribution terms of the GPL. 2004-11-08 20:05:33 +01:00			`===========================================================================`