Created attachment 219687 [details] update to 2.24.3 There is a new version available: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3 This is a security release fixing: - CVE-2020-25781 - CVE-2020-25288 - CVE-2020-25830 (no VuXML entry yet) I created a patch for version update. Changes: - version to 2.24.3 - added files/patch-.imgbotconfig (its original exists in git repo but not included in official 2.24.3 package, there might be some users with configured imgbot depending on it + there is a PLIST_FILES entry in Makefile) - adopt maintainership QA: - portlint: no new warns/errors (actual repo has 15) - poudriere: ok (13-CURRENT, with/without my,pg,plugins) - fresh install: works similar to previous version (12.2-RELEASE) - update existing mantis 2.24.2 system to 2.24.3: works like 2.24.2, no changes seen in user flows (except fixed errors :) - database schema: unchanged (checked on pg-12)
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/216145229
Can you provide vuxml entries ? Testbuilds@work
A commit references this bug: Author: pi Date: Sat Nov 14 19:47:33 UTC 2020 New revision: 555143 URL: https://svnweb.freebsd.org/changeset/ports/555143 Log: databases/mantis: update 2.24.2 -> 2.24.3, fix 3 CVEs - submitter takes maintainer - added files/patch-.imgbotconfig original exists in git repo but not included in official 2.24.3 package, there might be some users with configured imgbot depending on it and there is a PLIST_FILES entry in Makefile QA: - run-tests are fine, no functional changes - database schema: unchanged (checked on pg-12) PR: 251141 Submitted by: Zoltan Alexanderson Besse <zab@zltech.eu> MFH: 2020Q4 Relnotes: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3 Security: CVE-2020-25781, CVE-2020-25288, CVE-2020-25830 Changes: head/databases/mantis/Makefile head/databases/mantis/distinfo head/databases/mantis/files/patch-.imgbotconfig
Committed, pending MFH, vuxml
Created attachment 219691 [details] adding vuxml entry
A commit references this bug: Author: pi Date: Sat Nov 14 21:02:17 UTC 2020 New revision: 555145 URL: https://svnweb.freebsd.org/changeset/ports/555145 Log: security/vuxml: add entries for databases/mantis PR: 251141 Submitted by: Zoltan Alexanderson Besse <zab@zltech.eu> Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: pi Date: Sat Nov 14 21:05:15 UTC 2020 New revision: 555146 URL: https://svnweb.freebsd.org/changeset/ports/555146 Log: MFH: r555143 databases/mantis: update 2.24.2 -> 2.24.3, fix 3 CVEs - submitter takes maintainer - added files/patch-.imgbotconfig original exists in git repo but not included in official 2.24.3 package, there might be some users with configured imgbot depending on it and there is a PLIST_FILES entry in Makefile QA: - run-tests are fine, no functional changes - database schema: unchanged (checked on pg-12) PR: 251141 Submitted by: Zoltan Alexanderson Besse <zab@zltech.eu> Relnotes: https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3 Security: CVE-2020-25781, CVE-2020-25288, CVE-2020-25830 Approved by: ports-secteam (security blanket) Changes: _U branches/2020Q4/ branches/2020Q4/databases/mantis/Makefile branches/2020Q4/databases/mantis/distinfo branches/2020Q4/databases/mantis/files/patch-.imgbotconfig
Thanks!