Page MenuHomeFreeBSD
Differential D4196

patch databases/mantis with security fix for CVE-2015-5059
ClosedPublic
Actions

Authored by dvl on Nov 17 2015, 5:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 15, 2:08 PM
Unknown Object (File)
Fri, Nov 15, 3:21 AM
Unknown Object (File)
Wed, Nov 13, 11:20 AM
Unknown Object (File)
Sun, Nov 10, 5:20 PM
Unknown Object (File)
Fri, Nov 8, 8:00 AM
Unknown Object (File)
Thu, Nov 7, 9:57 AM
Unknown Object (File)
Thu, Nov 7, 7:13 AM
Unknown Object (File)
Wed, Nov 6, 10:14 AM
View All Files
Subscribers
None

Details

Reviewers
wg
mat
Summary

patch with security fix for CVE-2015-5059

Submitted by: Torsten Zühlsdorff & Jason Unovitch
PR: 201106 202865
Approved by: X (mentor)

Test Plan

http://services.unixathome.org/poudriere/build.html?mastername=102amd64-testing&build=2015-11-17_17h17m03s

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

dvl updated this revision to Diff 10271.Nov 17 2015, 5:22 PM
dvl retitled this revision from to patch databases/mantis with security fix for CVE-2015-5059.
dvl updated this object.
dvl edited the test plan for this revision. (Show Details)
dvl added reviewers: mat, wg.
mat accepted this revision.Nov 17 2015, 10:04 PM
mat edited edge metadata.
This revision is now accepted and ready to land.Nov 17 2015, 10:04 PM
dvl updated this revision to Diff 10281.Nov 17 2015, 10:22 PM
dvl edited edge metadata.

Add in code for https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202865

This revision now requires review to proceed.Nov 17 2015, 10:22 PM
dvl updated this object.Nov 17 2015, 10:23 PM
dvl edited edge metadata.
mat added inline comments.Nov 17 2015, 10:29 PM
databases/mantis/pkg-plist
1–2 ↗(On Diff #10281)

That's most certainly wrong, there's no way it needs to be able to write to all its files. There should be at most a couple of directories with a cache or uploaded stuff go, but not all.

1077–1078 ↗(On Diff #10281)

So, that's not really needed then.

dvl updated this revision to Diff 11590.Dec 22 2015, 3:11 PM

Remove over enthusiastic permissions

dvl added a comment.Dec 22 2015, 3:13 PM

I see databases/mantis/files/patch-configdefaultsinc.php is empty... manual diff coming

dvl updated this revision to Diff 11591.Dec 22 2015, 3:15 PM
dvl removed rP FreeBSD ports repository as the repository for this revision.

Add file to patch the vuln

mat accepted this revision.Dec 23 2015, 8:54 PM
mat edited edge metadata.
This revision is now accepted and ready to land.Dec 23 2015, 8:54 PM
dvl mentioned this in rP404324: patch with security fix for CVE-2015-5059.Dec 23 2015, 9:21 PM
dvl mentioned this in rP404544: MFH: r404324.Dec 27 2015, 2:30 AM
dvl closed this revision.Feb 11 2016, 3:37 PM

See revision 404544

Revision Contents
Changeset List

PathSize
databases/
mantis/
17 lines
files/
17 lines

Diff 11591

View Options

databases/mantis/Makefile

Loading...
View Options

databases/mantis/files/patch-config__defaults__inc.php

Loading...