svn commit: r404324 - in head/databases/mantis: . files

Dan Langille dvl at FreeBSD.org
Wed Dec 23 21:20:52 UTC 2015 

Author: dvl
Date: Wed Dec 23 21:20:51 2015
New Revision: 404324
URL: https://svnweb.freebsd.org/changeset/ports/404324

Log:
  patch with security fix for CVE-2015-5059
  
  Submitted by: Torsten Zuhlsdorff & Jason Unovitch
  PR: 201106 202865
  Approved by: mat (mentor)
  Differential Review: D4196

Added:
  head/databases/mantis/files/patch-config__defaults__inc.php   (contents, props changed)
Modified:
  head/databases/mantis/Makefile

Modified: head/databases/mantis/Makefile
==============================================================================
--- head/databases/mantis/Makefile	Wed Dec 23 20:47:08 2015	(r404323)
+++ head/databases/mantis/Makefile	Wed Dec 23 21:20:51 2015	(r404324)
@@ -3,7 +3,7 @@
 
 PORTNAME=	mantis
 PORTVERSION=	1.2.19
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION}
 DISTNAME=	mantisbt-${PORTVERSION}
@@ -12,14 +12,23 @@ MAINTAINER=	dvl at FreeBSD.org
 COMMENT=	Bug tracking system written in PHP
 
 NO_BUILD=	yes
-USE_PHP=	hash pcre session
-USES=	pgsql
+USE_PHP=	hash pcre session xml
+
+OPTIONS_MULTI=	DB
+OPTIONS_MULTI_DB=	MYSQL PGSQL
+
+MYSQL_DESC=	MySQL support
+PGSQL_DESC=	PostgreSQL support
+
+OPTIONS_DEFAULT=	MYSQL
+
+MYSQL_USE=	mysql=yes php=mysql
+PGSQL_USE=	pgsql=yes php=pgsql
 
 SUB_FILES=	pkg-message
 
 PLIST_SUB=	WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
 
-
 do-install:
 	${MKDIR} ${STAGEDIR}${WWWDIR}
 	cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR}

Added: head/databases/mantis/files/patch-config__defaults__inc.php
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/databases/mantis/files/patch-config__defaults__inc.php	Wed Dec 23 21:20:51 2015	(r404324)
@@ -0,0 +1,17 @@
+--- config_defaults_inc.php.orig	2015-11-02 10:57:53 UTC
++++ config_defaults_inc.php
+@@ -2347,9 +2347,13 @@
+ 
+ 	/**
+ 	 * Threshold needed to view project documentation
++	 * Note: setting this to ANYBODY will let any user download attachments
++	 * from private projects, regardless of their being a member of it.
++	 * @see $g_enable_project_documentation
++	 * @see $g_upload_project_file_threshold
+ 	 * @global int $g_view_proj_doc_threshold
+ 	 */
+-	$g_view_proj_doc_threshold = ANYBODY;
++	$g_view_proj_doc_threshold = VIEWER;
+ 
+ 	/**
+ 	 * Site manager

More information about the svn-ports-all mailing list