pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/devel/mantis
Module Name: pkgsrc
Committed By: maya
Date: Mon Apr 17 09:57:14 UTC 2017
Modified Files:
pkgsrc/devel/mantis: Makefile distinfo
Added Files:
pkgsrc/devel/mantis/patches: patch-verify.php
Log Message:
mantisBT: patch CVE-2017-7615, allowing any user to authenticate as admin
using upstream provided patch.
XXX THIS IS THE WRONG FIX, PACKAGE SHOULD BE UPDATED TO LATEST VERSION
bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 pkgsrc/devel/mantis/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/devel/mantis/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/mantis/patches/patch-verify.php
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/devel/mantis/Makefile
diff -u pkgsrc/devel/mantis/Makefile:1.48 pkgsrc/devel/mantis/Makefile:1.49
--- pkgsrc/devel/mantis/Makefile:1.48 Sun Sep 11 17:03:25 2016
+++ pkgsrc/devel/mantis/Makefile Mon Apr 17 09:57:14 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2016/09/11 17:03:25 taca Exp $
+# $NetBSD: Makefile,v 1.49 2017/04/17 09:57:14 maya Exp $
DISTNAME= mantisbt-1.3.1
-PKGREVISION= 1
+PKGREVISION= 2
PKGNAME= ${DISTNAME:S/mantisbt/mantis/}
CATEGORIES= devel www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mantisbt/}
@@ -53,6 +53,10 @@ INSTALLATION_DIRS+= share/doc/mantis ${E
post-extract:
${CP} ${FILESDIR}/mantis.conf ${WRKSRC}
+# Get rid of patch leftovers
+post-patch:
+ ${RM} ${WRKSRC}/*.orig
+
do-install:
cd ${WRKSRC}/doc && \
pax -rwpppm en-US ${DESTDIR}${PREFIX}/share/doc/mantis
Index: pkgsrc/devel/mantis/distinfo
diff -u pkgsrc/devel/mantis/distinfo:1.19 pkgsrc/devel/mantis/distinfo:1.20
--- pkgsrc/devel/mantis/distinfo:1.19 Tue Aug 30 12:37:43 2016
+++ pkgsrc/devel/mantis/distinfo Mon Apr 17 09:57:14 2017
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.19 2016/08/30 12:37:43 ryoon Exp $
+$NetBSD: distinfo,v 1.20 2017/04/17 09:57:14 maya Exp $
SHA1 (mantisbt-1.3.1.tar.gz) = baa398bd59356ed4142270b38fcdf67c6df54a4c
RMD160 (mantisbt-1.3.1.tar.gz) = 828fc4f24dc17e77dacd20c12fc7917f1834a8bc
SHA512 (mantisbt-1.3.1.tar.gz) = bac797f7d744b5f8911d2674779c790f6770fbbe7e28203a108cd51d8360cdd0830d3e68459a4d1892ca20c414f1ed37a8e71102bf804deba7073ea53885a1c1
Size (mantisbt-1.3.1.tar.gz) = 13444685 bytes
+SHA1 (patch-verify.php) = 7e312200115639ad950009d75dae92b675166eb9
Added files:
Index: pkgsrc/devel/mantis/patches/patch-verify.php
diff -u /dev/null pkgsrc/devel/mantis/patches/patch-verify.php:1.1
--- /dev/null Mon Apr 17 09:57:14 2017
+++ pkgsrc/devel/mantis/patches/patch-verify.php Mon Apr 17 09:57:14 2017
@@ -0,0 +1,16 @@
+$NetBSD: patch-verify.php,v 1.1 2017/04/17 09:57:14 maya Exp $
+
+Patch CVE-2017-7615
+from http://www.mantisbt.org/blog/?p=518
+
+--- verify.php.orig 2016-08-28 04:50:59.000000000 +0000
++++ verify.php
+@@ -63,7 +63,7 @@ if( auth_is_user_authenticated() ) {
+
+ $t_token_confirm_hash = token_get_value( TOKEN_ACCOUNT_ACTIVATION, $f_user_id );
+
+-if( $f_confirm_hash != $t_token_confirm_hash ) {
++if( $t_token_confirm_hash == null || $f_confirm_hash !== $t_token_confirm_hash ) {
+ trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
+ }
+
Home |
Main Index |
Thread Index |
Old Index