svn commit: r404324 - in head/databases/mantis: . files
Dan Langille
dvl at FreeBSD.org
Wed Dec 23 21:20:52 UTC 2015
Author: dvl
Date: Wed Dec 23 21:20:51 2015
New Revision: 404324
URL: https://svnweb.freebsd.org/changeset/ports/404324
Log:
patch with security fix for CVE-2015-5059
Submitted by: Torsten Zuhlsdorff & Jason Unovitch
PR: 201106 202865
Approved by: mat (mentor)
Differential Review: D4196
Added:
head/databases/mantis/files/patch-config__defaults__inc.php (contents, props changed)
Modified:
head/databases/mantis/Makefile
Modified: head/databases/mantis/Makefile
==============================================================================
--- head/databases/mantis/Makefile Wed Dec 23 20:47:08 2015 (r404323)
+++ head/databases/mantis/Makefile Wed Dec 23 21:20:51 2015 (r404324)
@@ -3,7 +3,7 @@
PORTNAME= mantis
PORTVERSION= 1.2.19
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME}bt/${PORTNAME}-stable/${PORTVERSION}
DISTNAME= mantisbt-${PORTVERSION}
@@ -12,14 +12,23 @@ MAINTAINER= dvl at FreeBSD.org
COMMENT= Bug tracking system written in PHP
NO_BUILD= yes
-USE_PHP= hash pcre session
-USES= pgsql
+USE_PHP= hash pcre session xml
+
+OPTIONS_MULTI= DB
+OPTIONS_MULTI_DB= MYSQL PGSQL
+
+MYSQL_DESC= MySQL support
+PGSQL_DESC= PostgreSQL support
+
+OPTIONS_DEFAULT= MYSQL
+
+MYSQL_USE= mysql=yes php=mysql
+PGSQL_USE= pgsql=yes php=pgsql
SUB_FILES= pkg-message
PLIST_SUB= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
-
do-install:
${MKDIR} ${STAGEDIR}${WWWDIR}
cd ${WRKSRC} && ${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR}
Added: head/databases/mantis/files/patch-config__defaults__inc.php
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/databases/mantis/files/patch-config__defaults__inc.php Wed Dec 23 21:20:51 2015 (r404324)
@@ -0,0 +1,17 @@
+--- config_defaults_inc.php.orig 2015-11-02 10:57:53 UTC
++++ config_defaults_inc.php
+@@ -2347,9 +2347,13 @@
+
+ /**
+ * Threshold needed to view project documentation
++ * Note: setting this to ANYBODY will let any user download attachments
++ * from private projects, regardless of their being a member of it.
++ * @see $g_enable_project_documentation
++ * @see $g_upload_project_file_threshold
+ * @global int $g_view_proj_doc_threshold
+ */
+- $g_view_proj_doc_threshold = ANYBODY;
++ $g_view_proj_doc_threshold = VIEWER;
+
+ /**
+ * Site manager
More information about the svn-ports-all
mailing list