| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security update for mantis
- pkgsrc/devel/mantis/Makefile 1.28
- pkgsrc/devel/mantis/PLIST 1.10
- pkgsrc/devel/mantis/distinfo 1.10
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Oct 27 22:31:10 UTC 2007
Modified Files:
pkgsrc/devel/mantis: Makefile PLIST distinfo
Log Message:
Update to 1.0.8
- 0007902: [bugtracker] constant_inc is missing statement in 1.0.7 (vboctor)
- 0008020: [installation] Port 7907: Allow using system adodb (giallu)
- 0008029: [localization] Spelling mistake in value of string
$s_by_severity file lang/strings_spanish.txt (giallu)
- 0008019: [other] Port 5333: Invalid zip file core/adodb/adodb-time.zip
in CVS (giallu)
- 0007939: [rss] Port 7738: Replace non free RSS creation class (vboctor)
2007.04.04 - 1.0.7
- 0007743: [security] Port: CVE-2006-6574 (vboctor)
- 0007772: [security] email notifications bypass security on custom
fields (vboctor)
- 0007784: [security] XSS vulnerabilities (vboctor)
- 0007774: [custom fields] custom fields not stored correctly in bug
history (vboctor)
- 0007783: [filters] Port: Dynamic filter selection (XMLHTTPRequest)
broken when using IE7
(vboctor)
|
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
|
|
|
|
2006.10.28 - 1.0.6
- 0007466: [security] Port: 6719: Manager of a project can assign the Administrator role to a user. (vboctor)
- 0007543: [security] Port 5163: Default value for $g_bug_reminder_threshold should be higher than "reporter" (vboctor)
- 0007467: [administration] Port 6637: Disabled projects don't appear under parent project (vboctor)
- 0007527: [localization] Port 7526: japanese_utf8 is more suitable than japanese_sjis ($g_language_auto_map) (vboctor)
- 0007470: [localization] [all lang] Port latest localization files from Mantis 1.1 to Mantis 1.0.x (vboctor)
- 0007530: [localization] Port:: New Languages: bulgarian, catalan, czech_utf8, french_utf8, italian_utf8, polish_utf8, russian_utf8, slovene_utf8 (vboctor)
- 0007412: [other] Update Mantis to refer to new website (vboctor)
2006.07.23 - 1.0.5
- 0007301: [upgrade] Login page inaccessible after upgrade to 1.0.4 (thraxisp)
2006.07.22 - 1.0.4
- 0007051: [bugtracker] Fix for #6869 / #7034 removes quoted "?" from arguments (thraxisp)
- 0007298: [bugtracker] Port: bugnote_delete.php redirection fails (vboctor)
- 0007299: [bugtracker] Port: Save login feature does not work (vboctor)
- 0007300: [bugtracker] Port: Remember login always redirects to main_page.php (vboctor)
- 0007143: [other] Port: checkin.php needs array_unique() (vboctor)
|
|
|
|
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
|
|
> - 7037: [security] Port: Login with disabled account possible (vboctor)
> - 7034: [bugtracker] Port: bug in string_sanitize_url() (vboctor)
> - 7028: [db mssql] Port: "Prune Accounts" function doesn't work with MS SQL (vboctor)
> - 7029: [db mssql] Port: MS SQL Error on View Filters Page (vboctor)
> - 7030: [db mssql] Port: installtion fails - administrator have no rights on db (vboctor)
> - 7032: [db mssql] Port: Error on opening Change Log (vboctor)
> - 7039: [db mssql] Notice: Only variables should be assigned by reference in coreadodbadodb.inc.php on line 2931 (vboctor)
> - 7035: [feature] Port: Global Profiles list not sorted (vboctor)
> - 7038: [filters] Port: SYSTEM WARNING: Argument 1 to array_multisort() is expected to be an array or a sort flag (vboctor)
> - 7031: [installation] Port: is_writable never success in install.php (vboctor)
> - 7041: [installation] Port: newbie admins may be redirected to blank page (vboctor)
> - 7033: [printing] Port: wrong strpos function call (vboctor)
> - 7027: [upgrade] Port: fixed_in_version is renamed to Fixed_in_version during database migration (vboctor)
|
|
> 2006.04.18 - 1.0.2
> - 0006902: [security] XSS in mantis bug track system .... (thraxisp)
> - 0006859: [bugtracker] Can send reminders to all recipients (thraxisp)
>
> 2006.02.18 - 1.0.1
> - 0006722: [installation] Remaining mysqli_ install problems (ref. #0006672): my sqli_real_escape_string() expects parameter 1 to be link (thraxisp)
> - 0006672: [installation] install.php assumes mysql extension, fails with mysqli extension (thraxisp)
> - 0006668: [filters] Parse error while saving new filter: Call to undefined function: string_strip_tags() (thraxisp)
>
> 2006.02.04 - 1.0.0
> - 0006044: [security] 'Return' _GET is not checked (thraxisp)
> - 0006650: [security] ADOdb can be exploited to execute arbitrary SQL code (vboctor)
> - 0006659: [security] Cross site scripting vulnerability (thraxisp)
> - 0006634: [filters] Filter does not work with profiles (vboctor)
|
|
need them, for example RESTRICTED and SUBST_MESSAGE.*.
|
|
|
|
of the shlib major bump.
PKGREVISION++ for the dependencies.
|
|
0006509: [security] Port: Additional XSS Vulnerabilities in Filter (thraxisp)
0006557: [security] XSS Vulnerability in manage_user (TKADV2005-11-002) (thraxisp)
0006563: [security] Port XSS Vulnerability in project documents (TKADV2005-11-02) (thraxisp)
0006569: [security] XSS Vulnerability in saved queries (TKADV2005-11-002) (thraxisp)
0006594: [bugtracker] config_flush_cache does not work correctly (thraxisp)
0006585: [documentation] don't see the documentation (thraxisp)
0006501: [filters] Categories can't be selected for filter-setting (thraxisp)
|
|
Use included files/mantis.conf to block apache access to core/adodb
|
|
pkg has been changed to 5.x). Reminded by wiz... thanks.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
From the ChangeLog:
- 0006421: [security] Private bugs show up in public RSS feed (vboctor)
- 0006458: [security] Port #6457: SQL Injection in manage user page (TKADV2005-11-002) (vboctor)
- 0006461: [security] Port #6460: HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- 0006485: [security] XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
- 0006489: [security] Port Injection Vulnerabilities in Filters (TKADV2005-11-002) (thraxisp)
- 0006492: [security] Port #6453: Make note private has no effect when resolving bug (thraxisp)
- 0006432: [bugtracker] error processing does not work! (jlatour)
- 0006379: [filters] Filter returns private issues when it should not (thraxisp)
- 0006254: [localization] strings_korean_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006268: [localization] strings_chinese_simplified_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006304: [localization] [PATCH] Major overhaul of strings_dutch.txt (jlatour)
- 0006358: [localization] Updated Dutch localization (Wanderer)
- 0006474: [localization] Calls to htmlspecialchars should take into account the current charset (jlatour)
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
From the Changelog:
- 0006273: [security] File Inclusion Vulnerability (vboctor)
- 0006275: [security] SQL injection (vboctor)
- 0006234: [filters] Filter sometimes returns no results (thraxisp)
- 0006295: [filters] Old filters and view_state problems. (thraxisp)
- 0006288: [filters] Patch against CVS HEAD for Saved filter problem with view_state (thraxisp)
- 0006296: [filters] Filter sql includes unnecessary links to custom_field_string_table for date custom fields (thraxisp)
- 0006297: [filters] sorting on custom field, bring MySQL to deadlock loop (thraxisp)
|
|
|
|
|
|
Fix ${INSTALL} typo in Makefile which caused the files to be installed
with the wrong permissions
Bump to nb1
|
|
Many updates and bugfixes including security updates - upgrade is recommended
For a full list of changes:
http://www.mantisbt.org/changelog.php
|
|
- Bump to nb4
|
|
- Relax restrictions for PHP and mySQL requirements - all versions should
work OK - this should fix the bulk-builds failures.
- Bump to nb3
|
|
|
|
removed from pkgsrc).
Bump PKGREVISION.
|
|
|
|
|
|
- Fix CONF_FILES handling
|
|
|
|
|
|
language and requires the MySQL database and a webserver. Mantis has been
installed on Windows, MacOS, OS/2, and a variety of Unix operating systems.
Almost any web browser should be able to function as a client. It is released
under the terms of the GNU General Public License (GPL).
Mantis is free to use and modify. It is free to redistribute as long as you
abide by the distribution terms of the GPL.
|
