Created attachment 160666 [details] patch to add dependency and options Hello, while installing mantis from ports, i figured out, that the php-xml extension is missing in the dependency list. Mantis uses the PHP function utf8_decode(), which is located in this extension. I also noted, that the Makefile stated "USES= pgsql". This is not completely wrong, but 2 points against it: - Mantis is written for MySQL and disadvise usage of other databases - it misses the needed extension php-pgsql to use it Therefore i removed this line and add two options: MYSQL and PGSQL. MySQL ist default as the project request it. Its a multi-option because you can switch later. Selecting an option adds the database client and the needed php-extension. Also i removed an unnecessary blank line. And i removed PORTREVISION= 0 because portlint told me. I'm not sure in this point. Greetings, Torsten
Dan, while working on the security issue this is a great possibility to have a look at this PR too :)
(In reply to Torsten Zühlsdorff from comment #0) We disagree on this point "Mantis is written for MySQL and disadvise usage of other databases. They recommend MySQL, as noted at https://www.mantisbt.org/docs/master-1.2.x/en/administration_guide.html#ADMIN.INSTALL.REQUIREMENTS.SOFTWARE As such, I would prefer changing your patch from "PostgreSQL support (disadvised)" to "PostgreSQL support"
Created attachment 163263 [details] add xml dependency, add pgsql/mysql option, fix plist Fair point, i'm fine with this. Attached an updated patch with renamed option. Also i fixed a plist issue mentioned by portlint.
See https://reviews.freebsd.org/D4196 Seems those permissions are too permissive.
I will work on this soon.
> I will work on this soon. Since this is 2 weeks ago: do you need help, Dan?
(In reply to Torsten Zühlsdorff from comment #6) Yes, please.
Hello Dan, i think it should be sufficient to just remove these lines from pkg-files: @owner %%WWWOWN%% @group %%WWWGRP%% At least the rights are just needed, if files needed to be modified by the application itself. There is just the config-file, but it is not created with installation and must be created manually. There could be the need for a writable upload dir, but i could not find its location. Currently it seems it must be created manually. Could you check, if this works?
A commit references this bug: Author: dvl Date: Wed Dec 23 21:20:51 UTC 2015 New revision: 404324 URL: https://svnweb.freebsd.org/changeset/ports/404324 Log: patch with security fix for CVE-2015-5059 Submitted by: Torsten Zuhlsdorff & Jason Unovitch PR: 201106 202865 Approved by: mat (mentor) Differential Review: D4196 Changes: head/databases/mantis/Makefile head/databases/mantis/files/patch-config__defaults__inc.php
Thank you.
A commit references this bug: Author: dvl Date: Sun Dec 27 02:30:13 UTC 2015 New revision: 404544 URL: https://svnweb.freebsd.org/changeset/ports/404544 Log: MFH: r404324 patch with security fix for CVE-2015-5059 Submitted by: Torsten Zuhlsdorff & Jason Unovitch PR: 201106 202865 Approved by: mat (mentor) Differential Review: D4196 Approved by: ports-secteam Changes: _U branches/2015Q4/ branches/2015Q4/databases/mantis/Makefile branches/2015Q4/databases/mantis/files/patch-config__defaults__inc.php