[mantis] New upstream release Fixes several security issues CVE-2011-2938 (#731777) Rebase Patch0

Gianluca Sforna giallu at fedoraproject.org
Wed Sep 7 14:42:28 UTC 2011 

commit a5e78ede691c7540b8848cf74e84c1784ed1a455
Author: Gianluca Sforna <giallu at gmail.com>
Date:   Wed Sep 7 16:42:06 2011 +0200

    New upstream release
    Fixes several security issues CVE-2011-2938 (#731777)
    Rebase Patch0

 .gitignore                                         |    1 +
 ...h => mantis-1.2.8-install_no_write_config.patch |   20 +++++++++-----------
 mantis.spec                                        |   12 +++++++++---
 sources                                            |    2 +-
 4 files changed, 20 insertions(+), 15 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 3154b3f..f8b711c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 mantisbt-1.1.8.tar.gz
 /mantisbt-1.2.3.tar.gz
 /mantisbt-1.2.4.tar.gz
+/mantisbt-1.2.8.tar.gz
diff --git a/mantis-1.2.0-install_no_write_config.patch b/mantis-1.2.8-install_no_write_config.patch
similarity index 89%
rename from mantis-1.2.0-install_no_write_config.patch
rename to mantis-1.2.8-install_no_write_config.patch
index b3ec741..cd49ca2 100644
--- a/mantis-1.2.0-install_no_write_config.patch
+++ b/mantis-1.2.8-install_no_write_config.patch
@@ -1,8 +1,6 @@
-diff --git a/admin/install.php b/admin/install.php
-index f3ea11a..120d17b 100644
---- a/admin/install.php
-+++ b/admin/install.php
-@@ -398,10 +398,18 @@ if( 1 == $t_install_state ) {
+--- mantisbt-1.2.8.orig/admin/install.php	2011-09-06 16:23:10.000000000 +0200
++++ mantisbt-1.2.8/admin/install.php	2011-09-07 12:07:59.139218945 +0200
+@@ -398,10 +398,18 @@
  <?php if( !$g_database_upgrade ) {?>
  <tr>
  	<td>
@@ -21,8 +19,8 @@ index f3ea11a..120d17b 100644
 +		<select disabled="true" name="db_type">
  		<?php
  			if( $f_db_type == 'mysql' ) {
- 			echo '<option value="mysql" selected="selected">MySql (default)</option>';
-@@ -451,7 +459,7 @@ if( !$g_database_upgrade ) {?>
+ 			echo '<option value="mysql" selected="selected">MySQL (default)</option>';
+@@ -451,7 +459,7 @@
  		Hostname (for Database Server)
  	</td>
  	<td>
@@ -31,7 +29,7 @@ index f3ea11a..120d17b 100644
  	</td>
  </tr>
  <?php
-@@ -463,7 +471,7 @@ if( !$g_database_upgrade ) {?>
+@@ -463,7 +471,7 @@
  		Username (for Database)
  	</td>
  	<td>
@@ -40,7 +38,7 @@ index f3ea11a..120d17b 100644
  	</td>
  </tr>
  <?php
-@@ -475,7 +483,7 @@ if( !$g_database_upgrade ) {?>
+@@ -475,7 +483,7 @@
  		Password (for Database)
  	</td>
  	<td>
@@ -49,7 +47,7 @@ index f3ea11a..120d17b 100644
  	</td>
  </tr>
  <?php
-@@ -487,7 +495,7 @@ if( !$g_database_upgrade ) {?>
+@@ -487,7 +495,7 @@
  		Database name (for Database)
  	</td>
  	<td>
@@ -58,7 +56,7 @@ index f3ea11a..120d17b 100644
  	</td>
  </tr>
  <?php
-@@ -809,79 +817,9 @@ if( 4 == $t_install_state ) {
+@@ -780,79 +788,9 @@
  if( 5 == $t_install_state ) {
  	$t_config_filename = $g_absolute_path . 'config_inc.php';
  	$t_config_exists = file_exists( $t_config_filename );
diff --git a/mantis.spec b/mantis.spec
index 9b2458d..53c434a 100644
--- a/mantis.spec
+++ b/mantis.spec
@@ -5,8 +5,8 @@
 
 Summary:    Web-based issue tracking system
 Name:       mantis
-Version:    1.2.4
-Release:    2%{?dist}
+Version:    1.2.8
+Release:    1%{?dist}
 License:    GPLv2+
 Group:      Applications/Internet
 URL:        http://www.mantisbt.org/
@@ -15,7 +15,8 @@ Source0:    http://downloads.sourceforge.net/mantisbt/mantisbt-%{version}.tar.gz
 Source1:    mantis-README.Fedora
 
 # Admin is supposed to edit /etc/mantis/config_inc.php
-Patch0:     mantis-1.2.0-install_no_write_config.patch
+Patch0:     mantis-1.2.8-install_no_write_config.patch
+
 Patch1:     mantis-1.2.0-no_example_com.patch
 # We secure admin/ with httpd directives
 Patch2:     mantis-1.2.4-do_not_warn_on_admin_directory.patch
@@ -152,6 +153,11 @@ rm -rf "${RPM_BUILD_ROOT}"
 
 
 %changelog
+* Wed Sep  7 2011 Gianluca Sforna <giallu at gmail.com> - 1.2.8-1
+- New upstream release
+- Fixes several security issues CVE-2011-2938 (#731777)
+- Rebase Patch0
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
 
diff --git a/sources b/sources
index 46a0695..e1cb1e7 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-17cf76d2b343aa23500638405209f125  mantisbt-1.2.4.tar.gz
+054035ba0ebfc8997e10e2bc75d39483  mantisbt-1.2.8.tar.gz

More information about the scm-commits mailing list