diff options
| author |   Renat Lumpau <rl03@gentoo.org> | 2005-09-14 11:21:19 +0000 |
|---|---|---|
| committer | Renat Lumpau <rl03@gentoo.org> | 2005-09-14 11:21:19 +0000 |
| commit | 5ab211e3c80d9bb0def1b176443bd293ff1b23a7 (patch) | |
| tree | 62bef1be292642a0e4ee0290506916ddb4dd2b2a /www-apps | |
| parent | Make zebra command line parameters configurable through conf.d (#102381) (diff) | |
| download | gentoo-2-5ab211e3c80d9bb0def1b176443bd293ff1b23a7.tar.gz gentoo-2-5ab211e3c80d9bb0def1b176443bd293ff1b23a7.tar.bz2 gentoo-2-5ab211e3c80d9bb0def1b176443bd293ff1b23a7.zip | |
Version bump wrt security bug #103308. Using a Debian patch.
(Portage version: 2.0.51.22-r2)
Diffstat (limited to 'www-apps')
| -rw-r--r-- | www-apps/mantisbt/ChangeLog | 8 | ||||
| -rw-r--r-- | www-apps/mantisbt/Manifest | 13 | ||||
| -rw-r--r-- | www-apps/mantisbt/files/0.19.2-debian.patch | 69 | ||||
| -rw-r--r-- | www-apps/mantisbt/files/digest-mantisbt-0.19.2 | 1 | ||||
| -rw-r--r-- | www-apps/mantisbt/mantisbt-0.19.2.ebuild | 41 |
5 files changed, 121 insertions, 11 deletions
diff --git a/www-apps/mantisbt/ChangeLog b/www-apps/mantisbt/ChangeLog index 9217867d9f8b..740b7e5cf3a0 100644 --- a/www-apps/mantisbt/ChangeLog +++ b/www-apps/mantisbt/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-apps/mantisbt # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.11 2005/09/14 10:36:38 rl03 Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.12 2005/09/14 11:21:19 rl03 Exp $ + +*mantisbt-0.19.2 (14 Sep 2005) + + 14 Sep 2005; Renat Lumpau <rl03@gentoo.org> +files/0.19.2-debian.patch, + +mantisbt-0.19.2.ebuild: + Version bump wrt security bug #103308. Using a Debian patch. *mantisbt-1.0.0_rc2 (14 Sep 2005) diff --git a/www-apps/mantisbt/Manifest b/www-apps/mantisbt/Manifest index 17dfa61ebab7..e49d323242ca 100644 --- a/www-apps/mantisbt/Manifest +++ b/www-apps/mantisbt/Manifest @@ -1,18 +1,11 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - +MD5 f708eba4f79eea128fd9704393aeebe2 mantisbt-0.19.2.ebuild 1085 MD5 6ce1a5afa10c30a0f884d736ffcea1a3 mantisbt-1.0.0_rc2.ebuild 897 MD5 d15ed5514ac496e71ffd67f104793eb2 ChangeLog 1823 MD5 f61bfa064e3acdfcd826e4a38b121196 metadata.xml 161 MD5 686ec1ebfc90a3c0c20836b50cc54934 mantisbt-0.18.3.ebuild 1030 +MD5 75ec77085b02cb655bacea926c7633a2 files/0.19.2-debian.patch 3172 MD5 aaabd486081a3b2aeb22bddd759bb22d files/digest-mantisbt-1.0.0_rc2 68 MD5 35d6b6f4cf6611c8b6232b0c83c67f52 files/postinstall-en.txt 680 MD5 4553a6ae29bae20c13ffa21fdb20281b files/digest-mantisbt-0.18.3 67 +MD5 19295fc78854d25c0fbde48abf533019 files/digest-mantisbt-0.19.2 66 MD5 97c947f30d07a6405194bed5981ceceb files/postinstall-en-1.0.0.txt 488 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFDJ/29EzitwsaoONoRAs/TAKDFnmfBK81q2YGihm8NMp9hJy60oACgtKkj -bnaM/UP9VDsfg3yOfBQg2vw= -=JMSO ------END PGP SIGNATURE----- diff --git a/www-apps/mantisbt/files/0.19.2-debian.patch b/www-apps/mantisbt/files/0.19.2-debian.patch new file mode 100644 index 000000000000..78891131e4ff --- /dev/null +++ b/www-apps/mantisbt/files/0.19.2-debian.patch @@ -0,0 +1,69 @@ +diff -ur mantis-0.19.2/core/database_api.php mantis-0.19.2.patched/core/database_api.php +--- mantis-0.19.2/core/database_api.php 2004-12-09 13:55:06.000000000 -0500 ++++ mantis-0.19.2.patched/core/database_api.php 2005-09-14 07:12:11.000000000 -0400 +@@ -9,6 +9,13 @@ + # $Id: 0.19.2-debian.patch,v 1.1 2005/09/14 11:21:19 rl03 Exp $ + # -------------------------------------------------------- + ++ # ++ # Patch for #0005956: Database system scanner via variable poisoning ++ # ++ ++ if (isset($_REQUEST["g_db_type"])) ++ die(""); ++ + ### Database ### + + # This is the general interface for all database calls. +diff -ur mantis-0.19.2/core/filter_api.php mantis-0.19.2.patched/core/filter_api.php +--- mantis-0.19.2/core/filter_api.php 2004-11-19 08:06:30.000000000 -0500 ++++ mantis-0.19.2.patched/core/filter_api.php 2005-09-14 07:13:54.000000000 -0400 +@@ -753,7 +753,7 @@ + ?> + + <br /> +- <form method="post" name="filters" action="<?php PRINT $t_action; ?>"> ++ <form method="post" name="filters" action="<?php PRINT htmlentities($t_action); ?>"> + <input type="hidden" name="type" value="5" /> + <?php + if ( $p_for_screen == false ) { +@@ -761,10 +761,10 @@ + PRINT '<input type="hidden" name="offset" value="0" />'; + } + ?> +- <input type="hidden" name="sort" value="<?php PRINT $t_sort ?>" /> +- <input type="hidden" name="dir" value="<?php PRINT $t_dir ?>" /> +- <input type="hidden" name="page_number" value="<?php PRINT $p_page_number ?>" /> +- <input type="hidden" name="view_type" value="<?php PRINT $t_view_type ?>" /> ++ <input type="hidden" name="sort" value="<?php PRINT htmlentities($t_sort) ?>" /> ++ <input type="hidden" name="dir" value="<?php PRINT htmlentities($t_dir) ?>" /> ++ <input type="hidden" name="page_number" value="<?php PRINT htmlentities($p_page_number) ?>" /> ++ <input type="hidden" name="view_type" value="<?php PRINT htmlentities($t_view_type) ?>" /> + <table class="width100" cellspacing="1"> + + <?php +diff -ur mantis-0.19.2/login_page.php mantis-0.19.2.patched/login_page.php +--- mantis-0.19.2/login_page.php 2004-08-14 11:26:20.000000000 -0400 ++++ mantis-0.19.2.patched/login_page.php 2005-09-14 07:11:16.000000000 -0400 +@@ -138,14 +138,13 @@ + echo '</div>'; + } + } +- +- # Check if the admin directory is available and is readable. +- $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; +- if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) { +- echo '<div class="warning" align="center">', "\n"; +- echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n"; +- echo '</div>', "\n"; +- } ++# # Check if the admin directory is available and is readable. ++# $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; ++# if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) { ++# echo '<div class="warning" align="center">', "\n"; ++# echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n"; ++# echo '</div>', "\n"; ++# } + ?> + + <!-- Autofocus JS --> diff --git a/www-apps/mantisbt/files/digest-mantisbt-0.19.2 b/www-apps/mantisbt/files/digest-mantisbt-0.19.2 new file mode 100644 index 000000000000..8aa8a6497929 --- /dev/null +++ b/www-apps/mantisbt/files/digest-mantisbt-0.19.2 @@ -0,0 +1 @@ +MD5 042c42c6de3bc536181391c1e9b25db3 mantis-0.19.2.tar.gz 1298615 diff --git a/www-apps/mantisbt/mantisbt-0.19.2.ebuild b/www-apps/mantisbt/mantisbt-0.19.2.ebuild new file mode 100644 index 000000000000..53dee53b7dc2 --- /dev/null +++ b/www-apps/mantisbt/mantisbt-0.19.2.ebuild @@ -0,0 +1,41 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/mantisbt-0.19.2.ebuild,v 1.1 2005/09/14 11:21:19 rl03 Exp $ + +inherit webapp eutils + +IUSE="" + +DESCRIPTION="PHP/MySQL/Web based bugtracking system" +HOMEPAGE="http://www.mantisbt.org/" +SRC_URI="mirror://sourceforge/${PN}/mantis-${PV}.tar.gz" + +KEYWORDS="~x86 ~ppc" + +RDEPEND=" + >=dev-db/mysql-3.23.32 + >=net-www/apache-1.3 + virtual/httpd-php +" + +LICENSE="GPL-2" + +src_unpack() { + unpack ${A} + find ${S} -name .cvsignore -exec rm {} \; + epatch ${FILESDIR}/${PV}-debian.patch +} + +src_install() { + webapp_src_preinst + dohtml doc/*.{html,css} + dodoc doc/{CREDITS,CUSTOMIZATION,ChangeLog,LICENSE,README,TROUBLESHOOTING,UPGRADING} + + cp -R *.php admin core css graphs images lang ${D}/${MY_HTDOCSDIR} + cp config_inc.php.sample ${D}/${MY_HTDOCSDIR}/config_inc.php + + webapp_configfile ${MY_HTDOCSDIR}/config_inc.php + webapp_postinst_txt en ${FILESDIR}/postinstall-en.txt + webapp_sqlscript mysql ${S}/sql/db_generate.sql + webapp_src_install +} |