patch with security fix for CVE-2015-5059

Submitted by: Torsten Zuhlsdorff & Jason Unovitch
PR: 201106 202865
Approved by: mat (mentor)
Differential Review: D4196

2 files changed, 30 insertions, 4 deletions

diff --git a/databases/mantis/Makefile b/databases/mantis/Makefile
index 9e175f94cd12..a7808bfa4ed6 100644
--- a/databases/mantis/Makefile
+++ b/databases/mantis/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	mantis
 PORTVERSION=	1.2.19
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION}
 DISTNAME=	mantisbt-${PORTVERSION}
@@ -12,14 +12,23 @@ MAINTAINER=	dvl@FreeBSD.org
 COMMENT=	Bug tracking system written in PHP
 
 NO_BUILD=	yes
-USE_PHP=	hash pcre session
-USES=	pgsql
+USE_PHP=	hash pcre session xml
+
+OPTIONS_MULTI=	DB
+OPTIONS_MULTI_DB=	MYSQL PGSQL
+
+MYSQL_DESC=	MySQL support
+PGSQL_DESC=	PostgreSQL support
+
+OPTIONS_DEFAULT=	MYSQL
+
+MYSQL_USE=	mysql=yes php=mysql
+PGSQL_USE=	pgsql=yes php=pgsql
 
 SUB_FILES=	pkg-message
 
 PLIST_SUB=	WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
 
-
 do-install:
 	${MKDIR} ${STAGEDIR}${WWWDIR}
 	cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR}
diff --git a/databases/mantis/files/patch-config__defaults__inc.php b/databases/mantis/files/patch-config__defaults__inc.php
new file mode 100644
index 000000000000..dd5c680c4e6b
--- /dev/null
+++ b/databases/mantis/files/patch-config__defaults__inc.php
@@ -0,0 +1,17 @@
+--- config_defaults_inc.php.orig	2015-11-02 10:57:53 UTC
++++ config_defaults_inc.php
+@@ -2347,9 +2347,13 @@
+ 
+ 	/**
+ 	 * Threshold needed to view project documentation
++	 * Note: setting this to ANYBODY will let any user download attachments
++	 * from private projects, regardless of their being a member of it.
++	 * @see $g_enable_project_documentation
++	 * @see $g_upload_project_file_threshold
+ 	 * @global int $g_view_proj_doc_threshold
+ 	 */
+-	$g_view_proj_doc_threshold = ANYBODY;
++	$g_view_proj_doc_threshold = VIEWER;
+ 
+ 	/**
+ 	 * Site manager