Bug 251141 - databases/mantis: update to 2.24.3 [3 CVEs fixed]
Summary: databases/mantis: update to 2.24.3 [3 CVEs fixed]
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-11-14 18:56 UTC by Zoltan ALEXANDERSON BESSE
Modified: 2020-11-14 21:06 UTC (History)
2 users (show)

See Also:


Attachments
update to 2.24.3 (1.97 KB, patch)
2020-11-14 18:56 UTC, Zoltan ALEXANDERSON BESSE
no flags Details | Diff
adding vuxml entry (1.95 KB, patch)
2020-11-14 20:53 UTC, Zoltan ALEXANDERSON BESSE
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Zoltan ALEXANDERSON BESSE 2020-11-14 18:56:28 UTC
Created attachment 219687 [details]
update to 2.24.3

There is a new version available:
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3

This is a security release fixing:
- CVE-2020-25781
- CVE-2020-25288
- CVE-2020-25830
(no VuXML entry yet)

I created a patch for version update.
Changes:
- version to 2.24.3
- added files/patch-.imgbotconfig (its original exists in git repo but not included in official 2.24.3 package, there might be some users with configured imgbot depending on it + there is a PLIST_FILES entry in Makefile)
- adopt maintainership

QA:
- portlint: no new warns/errors (actual repo has 15)
- poudriere: ok (13-CURRENT, with/without my,pg,plugins)
- fresh install: works similar to previous version (12.2-RELEASE)
- update existing mantis 2.24.2 system to 2.24.3: works like 2.24.2, no changes seen in user flows (except fixed errors :)
- database schema: unchanged (checked on pg-12)
Comment 1 Automation User 2020-11-14 19:13:16 UTC
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/216145229
Comment 2 Kurt Jaeger freebsd_committer 2020-11-14 19:32:32 UTC
Can you provide vuxml entries ?

Testbuilds@work
Comment 3 commit-hook freebsd_committer 2020-11-14 19:47:36 UTC
A commit references this bug:

Author: pi
Date: Sat Nov 14 19:47:33 UTC 2020
New revision: 555143
URL: https://svnweb.freebsd.org/changeset/ports/555143

Log:
  databases/mantis: update 2.24.2 -> 2.24.3, fix 3 CVEs

  - submitter takes maintainer
  - added files/patch-.imgbotconfig
    original exists in git repo but not included in official 2.24.3 package,
    there might be some users with configured imgbot depending on it and
    there is a PLIST_FILES entry in Makefile

  QA:
  - run-tests are fine, no functional changes
  - database schema: unchanged (checked on pg-12)

  PR:		251141
  Submitted by:	Zoltan Alexanderson Besse <zab@zltech.eu>
  MFH:		2020Q4
  Relnotes:	https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3
  Security:	CVE-2020-25781, CVE-2020-25288, CVE-2020-25830

Changes:
  head/databases/mantis/Makefile
  head/databases/mantis/distinfo
  head/databases/mantis/files/patch-.imgbotconfig
Comment 4 Kurt Jaeger freebsd_committer 2020-11-14 19:47:49 UTC
Committed, pending MFH, vuxml
Comment 5 Zoltan ALEXANDERSON BESSE 2020-11-14 20:53:07 UTC
Created attachment 219691 [details]
adding vuxml entry
Comment 6 commit-hook freebsd_committer 2020-11-14 21:02:45 UTC
A commit references this bug:

Author: pi
Date: Sat Nov 14 21:02:17 UTC 2020
New revision: 555145
URL: https://svnweb.freebsd.org/changeset/ports/555145

Log:
  security/vuxml: add entries for databases/mantis

  PR:		251141
  Submitted by:	Zoltan Alexanderson Besse <zab@zltech.eu>

Changes:
  head/security/vuxml/vuln.xml
Comment 7 commit-hook freebsd_committer 2020-11-14 21:05:46 UTC
A commit references this bug:

Author: pi
Date: Sat Nov 14 21:05:15 UTC 2020
New revision: 555146
URL: https://svnweb.freebsd.org/changeset/ports/555146

Log:
  MFH: r555143

  databases/mantis: update 2.24.2 -> 2.24.3, fix 3 CVEs

  - submitter takes maintainer
  - added files/patch-.imgbotconfig
    original exists in git repo but not included in official 2.24.3 package,
    there might be some users with configured imgbot depending on it and
    there is a PLIST_FILES entry in Makefile

  QA:
  - run-tests are fine, no functional changes
  - database schema: unchanged (checked on pg-12)

  PR:		251141
  Submitted by:	Zoltan Alexanderson Besse <zab@zltech.eu>
  Relnotes:	https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3
  Security:	CVE-2020-25781, CVE-2020-25288, CVE-2020-25830
  Approved by:	ports-secteam (security blanket)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/databases/mantis/Makefile
  branches/2020Q4/databases/mantis/distinfo
  branches/2020Q4/databases/mantis/files/patch-.imgbotconfig
Comment 8 Kurt Jaeger freebsd_committer 2020-11-14 21:05:54 UTC
Thanks!