Bug 229880 - databases/mantis: Update to 2.16.0 with CVE Fixes
Summary: databases/mantis: Update to 2.16.0 with CVE Fixes
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Tobias Kortkamp
URL: https://reviews.freebsd.org/D16890
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-19 04:03 UTC by Nathan
Modified: 2018-08-30 06:00 UTC (History)
2 users (show)

See Also:

Attachments
Patch to update (1.45 KB, patch)
2018-07-19 04:03 UTC, Nathan 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nathan 2018-07-19 04:03:44 UTC 
Created attachment 195271 [details]
Patch to update

Included is a patch to update to the latest version. 
Changelog: http://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.15.0

Builds fine on 11.2-Stable
Comment 1 Nathan 2018-07-19 04:10:01 UTC 
Also seems to fix several CVE:
https://github.com/mantisbt/mantisbt/search?q=XSS&unscoped_q=XSS&type=Commits
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-07-29 10:42:33 UTC 
A commit references this bug:

Author: joneum
Date: Sun Jul 29 10:42:24 UTC 2018
New revision: 475643
URL: https://svnweb.freebsd.org/changeset/ports/475643

Log:
  document mantis issues

  PR:		229880
  Submitted by:	Nathan <ndowens.fbsd@yandex.com>

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-07-29 10:51:42 UTC 
A commit references this bug:

Author: joneum
Date: Sun Jul 29 10:51:37 UTC 2018
New revision: 475644
URL: https://svnweb.freebsd.org/changeset/ports/475644

Log:
  databases/mantis: Update to 2.15.0

  Changelog: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.15.0

  PR:		229880
  Submitted by:	Nathan <ndowens.fbsd@yandex.com>
  MFH:		2018Q3
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d

Changes:
  head/databases/mantis/Makefile
  head/databases/mantis/distinfo
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-07-29 12:28:58 UTC 
A commit references this bug:

Author: joneum
Date: Sun Jul 29 12:28:46 UTC 2018
New revision: 475656
URL: https://svnweb.freebsd.org/changeset/ports/475656

Log:
  MFH: r475644

  databases/mantis: Update to 2.15.0

  Changelog: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.15.0

  PR:		229880
  Submitted by:	Nathan <ndowens.fbsd@yandex.com>
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/databases/mantis/Makefile
  branches/2018Q3/databases/mantis/distinfo
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-08-24 10:33:40 UTC 
A commit references this bug:

Author: tobik
Date: Fri Aug 24 10:32:47 UTC 2018
New revision: 477954
URL: https://svnweb.freebsd.org/changeset/ports/477954

Log:
  databases/mantis: Revert fake update from r475644

  The checksums and sizes from 2.9.0 and 2.15.0 are identical because
  GH_TAGNAME was not updated as well, so the update to 2.15.0 never
  actually happened.

  PR:		229880
  Pointy hat:	joneum
  MFH:		2018Q3
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d

Changes:
  head/databases/mantis/Makefile
  head/databases/mantis/distinfo
Comment 6 Tobias Kortkamp freebsd_committer freebsd_triage 2018-08-24 10:36:59 UTC 
Reopen as the update only bumped PORTVERSION without actually changing anything else.
Comment 7 Tobias Kortkamp freebsd_committer freebsd_triage 2018-08-24 22:04:52 UTC 
WIP update to 2.16.0 at https://reviews.freebsd.org/D16890 which should also
fix the CVE.
Comment 8 commit-hook freebsd_committer freebsd_triage 2018-08-29 12:03:58 UTC 
A commit references this bug:

Author: tobik
Date: Wed Aug 29 12:03:24 UTC 2018
New revision: 478349
URL: https://svnweb.freebsd.org/changeset/ports/478349

Log:
  databases/mantis: Update to 2.16.0

  - Use upstream release tarball instead of doing our own vendoring
  - Add missing PHP extensions
  - Flavorize
  - Update plugins and install them by default
  - Add LICENSE
  - Improve pkg-descr

  Changes:	https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.16.0
  PR:		229880
  Reviewed by:	dvl, mat, ndowens@yahoo.com
  MFH:		2018Q3 (with r477954, r477984)
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d
  Differential Revision:	https://reviews.freebsd.org/D16890

Changes:
  head/databases/mantis/Makefile
  head/databases/mantis/distinfo
  head/databases/mantis/files/patch-api_rest_swagger_index.php
  head/databases/mantis/files/pkg-message.in
  head/databases/mantis/pkg-descr
  head/databases/mantis/pkg-plist
Comment 9 commit-hook freebsd_committer freebsd_triage 2018-08-30 05:59:36 UTC 
A commit references this bug:

Author: tobik
Date: Thu Aug 30 05:59:04 UTC 2018
New revision: 478432
URL: https://svnweb.freebsd.org/changeset/ports/478432

Log:
  MFH: r477954 r477984 r478349

  databases/mantis: Revert fake update from r475644

  The checksums and sizes from 2.9.0 and 2.15.0 are identical because
  GH_TAGNAME was not updated as well, so the update to 2.15.0 never
  actually happened.

  PR:		229880
  Pointy hat:	joneum
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d

  Take maintainership of databases/mantis

  databases/mantis: Update to 2.16.0

  - Use upstream release tarball instead of doing our own vendoring
  - Add missing PHP extensions
  - Flavorize
  - Update plugins and install them by default
  - Add LICENSE
  - Improve pkg-descr

  Changes:	https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.16.0
  PR:		229880
  Reviewed by:	dvl, mat, ndowens@yahoo.com
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d
  Differential Revision:	https://reviews.freebsd.org/D16890

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/databases/mantis/Makefile
  branches/2018Q3/databases/mantis/distinfo
  branches/2018Q3/databases/mantis/files/patch-api_rest_swagger_index.php
  branches/2018Q3/databases/mantis/files/pkg-message.in
  branches/2018Q3/databases/mantis/pkg-descr
  branches/2018Q3/databases/mantis/pkg-plist
Comment 10 commit-hook freebsd_committer freebsd_triage 2018-08-30 05:59:38 UTC 
A commit references this bug:

Author: tobik
Date: Thu Aug 30 05:59:04 UTC 2018
New revision: 478432
URL: https://svnweb.freebsd.org/changeset/ports/478432

Log:
  MFH: r477954 r477984 r478349

  databases/mantis: Revert fake update from r475644

  The checksums and sizes from 2.9.0 and 2.15.0 are identical because
  GH_TAGNAME was not updated as well, so the update to 2.15.0 never
  actually happened.

  PR:		229880
  Pointy hat:	joneum
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d

  Take maintainership of databases/mantis

  databases/mantis: Update to 2.16.0

  - Use upstream release tarball instead of doing our own vendoring
  - Add missing PHP extensions
  - Flavorize
  - Update plugins and install them by default
  - Add LICENSE
  - Improve pkg-descr

  Changes:	https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.16.0
  PR:		229880
  Reviewed by:	dvl, mat, ndowens@yahoo.com
  Security:	0822a4cf-9318-11e8-8d88-00e04c1ea73d
  Differential Revision:	https://reviews.freebsd.org/D16890

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/databases/mantis/Makefile
  branches/2018Q3/databases/mantis/distinfo
  branches/2018Q3/databases/mantis/files/patch-api_rest_swagger_index.php
  branches/2018Q3/databases/mantis/files/pkg-message.in
  branches/2018Q3/databases/mantis/pkg-descr
  branches/2018Q3/databases/mantis/pkg-plist