diff options
author | Dan Langille <dvl@FreeBSD.org> | 2015-12-27 02:30:12 +0000 |
---|---|---|
committer | Dan Langille <dvl@FreeBSD.org> | 2015-12-27 02:30:12 +0000 |
commit | 803958609f7562881d6a6e061e5a23e8872ae951 (patch) | |
tree | d361732e4418676b1414e3ace47731058cdb96d6 | |
parent | f2318bd1ad70e67b46d3e776ef49f399f406544c (diff) | |
download | ports-803958609f7562881d6a6e061e5a23e8872ae951.tar.gz ports-803958609f7562881d6a6e061e5a23e8872ae951.zip |
MFH: r404324
patch with security fix for CVE-2015-5059
Submitted by: Torsten Zuhlsdorff & Jason Unovitch
PR: 201106 202865
Approved by: mat (mentor)
Differential Review: D4196
Approved by: ports-secteam
Notes
Notes:
svn path=/branches/2015Q4/; revision=404544
-rw-r--r-- | databases/mantis/Makefile | 17 | ||||
-rw-r--r-- | databases/mantis/files/patch-config__defaults__inc.php | 17 |
2 files changed, 30 insertions, 4 deletions
diff --git a/databases/mantis/Makefile b/databases/mantis/Makefile index 9e175f94cd12..a7808bfa4ed6 100644 --- a/databases/mantis/Makefile +++ b/databases/mantis/Makefile @@ -3,7 +3,7 @@ PORTNAME= mantis PORTVERSION= 1.2.19 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION} DISTNAME= mantisbt-${PORTVERSION} @@ -12,14 +12,23 @@ MAINTAINER= dvl@FreeBSD.org COMMENT= Bug tracking system written in PHP NO_BUILD= yes -USE_PHP= hash pcre session -USES= pgsql +USE_PHP= hash pcre session xml + +OPTIONS_MULTI= DB +OPTIONS_MULTI_DB= MYSQL PGSQL + +MYSQL_DESC= MySQL support +PGSQL_DESC= PostgreSQL support + +OPTIONS_DEFAULT= MYSQL + +MYSQL_USE= mysql=yes php=mysql +PGSQL_USE= pgsql=yes php=pgsql SUB_FILES= pkg-message PLIST_SUB= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} - do-install: ${MKDIR} ${STAGEDIR}${WWWDIR} cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR} diff --git a/databases/mantis/files/patch-config__defaults__inc.php b/databases/mantis/files/patch-config__defaults__inc.php new file mode 100644 index 000000000000..dd5c680c4e6b --- /dev/null +++ b/databases/mantis/files/patch-config__defaults__inc.php @@ -0,0 +1,17 @@ +--- config_defaults_inc.php.orig 2015-11-02 10:57:53 UTC ++++ config_defaults_inc.php +@@ -2347,9 +2347,13 @@ + + /** + * Threshold needed to view project documentation ++ * Note: setting this to ANYBODY will let any user download attachments ++ * from private projects, regardless of their being a member of it. ++ * @see $g_enable_project_documentation ++ * @see $g_upload_project_file_threshold + * @global int $g_view_proj_doc_threshold + */ +- $g_view_proj_doc_threshold = ANYBODY; ++ $g_view_proj_doc_threshold = VIEWER; + + /** + * Site manager |