Age | Commit message (Collapse) | Author | Files | Lines |
|
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
|
|
> - 7037: [security] Port: Login with disabled account possible (vboctor)
> - 7034: [bugtracker] Port: bug in string_sanitize_url() (vboctor)
> - 7028: [db mssql] Port: "Prune Accounts" function doesn't work with MS SQL (vboctor)
> - 7029: [db mssql] Port: MS SQL Error on View Filters Page (vboctor)
> - 7030: [db mssql] Port: installtion fails - administrator have no rights on db (vboctor)
> - 7032: [db mssql] Port: Error on opening Change Log (vboctor)
> - 7039: [db mssql] Notice: Only variables should be assigned by reference in coreadodbadodb.inc.php on line 2931 (vboctor)
> - 7035: [feature] Port: Global Profiles list not sorted (vboctor)
> - 7038: [filters] Port: SYSTEM WARNING: Argument 1 to array_multisort() is expected to be an array or a sort flag (vboctor)
> - 7031: [installation] Port: is_writable never success in install.php (vboctor)
> - 7041: [installation] Port: newbie admins may be redirected to blank page (vboctor)
> - 7033: [printing] Port: wrong strpos function call (vboctor)
> - 7027: [upgrade] Port: fixed_in_version is renamed to Fixed_in_version during database migration (vboctor)
|
|
> 2006.04.18 - 1.0.2
> - 0006902: [security] XSS in mantis bug track system .... (thraxisp)
> - 0006859: [bugtracker] Can send reminders to all recipients (thraxisp)
>
> 2006.02.18 - 1.0.1
> - 0006722: [installation] Remaining mysqli_ install problems (ref. #0006672): my sqli_real_escape_string() expects parameter 1 to be link (thraxisp)
> - 0006672: [installation] install.php assumes mysql extension, fails with mysqli extension (thraxisp)
> - 0006668: [filters] Parse error while saving new filter: Call to undefined function: string_strip_tags() (thraxisp)
>
> 2006.02.04 - 1.0.0
> - 0006044: [security] 'Return' _GET is not checked (thraxisp)
> - 0006650: [security] ADOdb can be exploited to execute arbitrary SQL code (vboctor)
> - 0006659: [security] Cross site scripting vulnerability (thraxisp)
> - 0006634: [filters] Filter does not work with profiles (vboctor)
|
|
need them, for example RESTRICTED and SUBST_MESSAGE.*.
|
|
|
|
of the shlib major bump.
PKGREVISION++ for the dependencies.
|
|
0006509: [security] Port: Additional XSS Vulnerabilities in Filter (thraxisp)
0006557: [security] XSS Vulnerability in manage_user (TKADV2005-11-002) (thraxisp)
0006563: [security] Port XSS Vulnerability in project documents (TKADV2005-11-02) (thraxisp)
0006569: [security] XSS Vulnerability in saved queries (TKADV2005-11-002) (thraxisp)
0006594: [bugtracker] config_flush_cache does not work correctly (thraxisp)
0006585: [documentation] don't see the documentation (thraxisp)
0006501: [filters] Categories can't be selected for filter-setting (thraxisp)
|
|
Use included files/mantis.conf to block apache access to core/adodb
|
|
pkg has been changed to 5.x). Reminded by wiz... thanks.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
From the ChangeLog:
- 0006421: [security] Private bugs show up in public RSS feed (vboctor)
- 0006458: [security] Port #6457: SQL Injection in manage user page (TKADV2005-11-002) (vboctor)
- 0006461: [security] Port #6460: HTTP Header CRLF Injection (TKADV2005-11-002) (vboctor)
- 0006485: [security] XSS Vulnerability in filters (TKADV2005-11-002) (thraxisp)
- 0006489: [security] Port Injection Vulnerabilities in Filters (TKADV2005-11-002) (thraxisp)
- 0006492: [security] Port #6453: Make note private has no effect when resolving bug (thraxisp)
- 0006432: [bugtracker] error processing does not work! (jlatour)
- 0006379: [filters] Filter returns private issues when it should not (thraxisp)
- 0006254: [localization] strings_korean_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006268: [localization] strings_chinese_simplified_utf8.txt has UTF-8 byte-order marker (ryandesign)
- 0006304: [localization] [PATCH] Major overhaul of strings_dutch.txt (jlatour)
- 0006358: [localization] Updated Dutch localization (Wanderer)
- 0006474: [localization] Calls to htmlspecialchars should take into account the current charset (jlatour)
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
From the Changelog:
- 0006273: [security] File Inclusion Vulnerability (vboctor)
- 0006275: [security] SQL injection (vboctor)
- 0006234: [filters] Filter sometimes returns no results (thraxisp)
- 0006295: [filters] Old filters and view_state problems. (thraxisp)
- 0006288: [filters] Patch against CVS HEAD for Saved filter problem with view_state (thraxisp)
- 0006296: [filters] Filter sql includes unnecessary links to custom_field_string_table for date custom fields (thraxisp)
- 0006297: [filters] sorting on custom field, bring MySQL to deadlock loop (thraxisp)
|
|
|
|
|
|
Fix ${INSTALL} typo in Makefile which caused the files to be installed
with the wrong permissions
Bump to nb1
|
|
Many updates and bugfixes including security updates - upgrade is recommended
For a full list of changes:
http://www.mantisbt.org/changelog.php
|
|
- Bump to nb4
|
|
- Relax restrictions for PHP and mySQL requirements - all versions should
work OK - this should fix the bulk-builds failures.
- Bump to nb3
|
|
|
|
removed from pkgsrc).
Bump PKGREVISION.
|
|
|
|
|
|
- Fix CONF_FILES handling
|
|
|
|
|
|
language and requires the MySQL database and a webserver. Mantis has been
installed on Windows, MacOS, OS/2, and a variety of Unix operating systems.
Almost any web browser should be able to function as a client. It is released
under the terms of the GNU General Public License (GPL).
Mantis is free to use and modify. It is free to redistribute as long as you
abide by the distribution terms of the GPL.
|