Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=d0801af75e91d5f9ab94cab137795fe30a076d23
commit d0801af75e91d5f9ab94cab137795fe30a076d23
Author: kikadf <kikadf...@gmail.com>
Date: Thu Sep 25 08:36:08 2014 +0200
mantis-1.2.8-2arcturus1-x86_64
* Fix CVE-2014-1608, CVE-2014-1609
diff --git a/source/network-extra/mantis/CVE-2014-1608.patch
b/source/network-extra/mantis/CVE-2014-1608.patch
new file mode 100644
index 0000000..e0f5398
--- /dev/null
+++ b/source/network-extra/mantis/CVE-2014-1608.patch
@@ -0,0 +1,34 @@
+Patch by Henri Salo
+
+--- mantis-1.2.11.orig/api/soap/mc_file_api.php
++++ mantis-1.2.11/api/soap/mc_file_api.php
+@@ -152,25 +152,21 @@ function mci_file_get( $p_file_id, $p_ty
+
+ # we handle the case where the file is attached to a bug
+ # or attached to a project as a project doc.
+- $query = '';
++ $t_query = '';
+ switch( $p_type ) {
+ case 'bug':
+ $t_bug_file_table = db_get_table(
'mantis_bug_file_table' );
+- $query = "SELECT *
+- FROM $t_bug_file_table
+- WHERE id='$p_file_id'";
++ $t_query = "SELECT * FROM $t_bug_file_table WHERE id="
. db_param();
+ break;
+ case 'doc':
+ $t_project_file_table = db_get_table(
'mantis_project_file_table' );
+- $query = "SELECT *
+- FROM $t_project_file_table
+- WHERE id='$p_file_id'";
++ $t_query = "SELECT * FROM $t_project_file_table WHERE
id=" . db_param();
+ break;
+ default:
+ return new soap_fault( 'Server', '', 'Invalid file type
'.$p_type. ' .' );
+ }
+
+- $result = db_query( $query );
++ $result = db_query_bound( $t_query, array( $p_file_id ) );
+
+ if ( $result->EOF ) {
+ return new soap_fault( 'Client', '', 'Unable to find an
attachment with type ' . $p_type. ' and id ' . $p_file_id . ' .' );
diff --git a/source/network-extra/mantis/CVE-2014-1609.patch
b/source/network-extra/mantis/CVE-2014-1609.patch
new file mode 100644
index 0000000..6b8f4e0
--- /dev/null
+++ b/source/network-extra/mantis/CVE-2014-1609.patch
@@ -0,0 +1,264 @@
+Patch provided by Henri Salo
+
+--- mantis-1.2.11.orig/proj_doc_page.php
++++ mantis-1.2.11/proj_doc_page.php
+@@ -71,14 +71,14 @@
+ FROM $t_project_file_table pft
+ LEFT JOIN $t_project_table pt ON
pft.project_id = pt.id
+ LEFT JOIN $t_project_user_list_table
pult
+- ON pft.project_id =
pult.project_id AND pult.user_id = $t_user_id
+- LEFT JOIN $t_user_table ut ON ut.id =
$t_user_id
++ ON pft.project_id = pult.project_id AND pult.user_id
= " . db_param() . "
++ LEFT JOIN $t_user_table ut ON ut.id = " . db_param() . "
+ WHERE pft.project_id in (" . implode( ',',
$t_projects ) . ") AND
+- ( ( ( pt.view_state = $t_pub OR
pt.view_state is null ) AND pult.user_id is null AND ut.access_level
$t_access_clause ) OR
+- ( ( pult.user_id = $t_user_id )
AND ( pult.access_level $t_access_clause ) ) OR
+- ( ut.access_level >= $t_admin )
)
++ ( ( ( pt.view_state = " . db_param() . " OR pt.view_state
is null ) AND pult.user_id is null AND ut.access_level $t_access_clause ) OR
++ ( ( pult.user_id = " . db_param() . " ) AND (
pult.access_level $t_access_clause ) ) OR
++ ( ut.access_level >= " . db_param() . " ) )
+ ORDER BY pt.name ASC, pft.title ASC";
+- $result = db_query( $query );
++ $result = db_query_bound( $query, array( $t_user_id, $t_user_id, $t_pub,
$t_user_id, $t_admin ) );
+ $num_files = db_num_rows( $result );
+
+ html_page_top( lang_get( 'docs_link' ) );
+--- mantis-1.2.11.orig/admin/db_stats.php
++++ mantis-1.2.11/admin/db_stats.php
+@@ -30,11 +30,11 @@ access_ensure_global_level( config_get_g
+ # --------------------
+ function helper_table_row_count( $p_table ) {
+ $t_table = $p_table;
+- $query = "SELECT COUNT(*) FROM $t_table";
+- $result = db_query_bound( $query );
+- $t_users = db_result( $result );
++ $t_query = "SELECT COUNT(*) FROM $t_table";
++ $t_result = db_query_bound( $t_query );
++ $t_count = db_result( $t_result );
+
+- return $t_users;
++ return $t_count;
+ }
+
+ # --------------------
+--- mantis-1.2.11.orig/plugins/MantisGraph/core/graph_api.php
++++ mantis-1.2.11/plugins/MantisGraph/core/graph_api.php
+@@ -583,11 +583,15 @@ function create_bug_enum_summary( $p_enu
+ $t_metrics = array();
+ $t_assoc_array = MantisEnum::getAssocArrayIndexedByValues(
$p_enum_string );
+
++ if( !db_field_exists( $p_enum, $t_bug_table ) ) {
++ trigger_error( ERROR_DB_FIELD_NOT_FOUND, ERROR );
++ }
++
+ foreach ( $t_assoc_array as $t_value => $t_label ) {
+ $query = "SELECT COUNT(*)
+ FROM $t_bug_table
+- WHERE $p_enum='$t_value'
$specific_where";
+- $result = db_query( $query );
++ WHERE $p_enum=" . db_param() . " $specific_where";
++ $result = db_query_bound( $query, array( $t_value ) );
+ $t_metrics[$t_label] = db_result( $result, 0 );
+ }
+
+@@ -605,15 +609,19 @@ function enum_bug_group( $p_enum_string,
+ $t_clo_val = config_get( 'bug_closed_status_threshold' );
+ $specific_where = " AND " . helper_project_specific_where(
$t_project_id, $t_user_id );
+
++ if( !db_field_exists( $p_enum, $t_bug_table ) ) {
++ trigger_error( ERROR_DB_FIELD_NOT_FOUND, ERROR );
++ }
++
+ $t_array_indexed_by_enum_values =
MantisEnum::getAssocArrayIndexedByValues( $p_enum_string );
+ $enum_count = count( $t_array_indexed_by_enum_values );
+ foreach ( $t_array_indexed_by_enum_values as $t_value => $t_label ) {
+ # Calculates the number of bugs opened and puts the results in
a table
+ $query = "SELECT COUNT(*)
+ FROM $t_bug_table
+- WHERE $p_enum='$t_value' AND
+- status<'$t_res_val'
$specific_where";
+- $result2 = db_query( $query );
++ WHERE $p_enum=" . db_param() . " AND
++ status<" . db_param() . " $specific_where";
++ $result2 = db_query( $query, array( $t_value, $t_res_val ) );
+ $t_metrics['open'][$t_label] = db_result( $result2, 0, 0 );
+
+ # Calculates the number of bugs closed and puts the results in
a table
+@@ -627,10 +635,10 @@ function enum_bug_group( $p_enum_string,
+ # Calculates the number of bugs resolved and puts the results
in a table
+ $query = "SELECT COUNT(*)
+ FROM $t_bug_table
+- WHERE $p_enum='$t_value' AND
+- status>='$t_res_val' AND
+- status<'$t_clo_val'
$specific_where";
+- $result2 = db_query( $query );
++ WHERE $p_enum=" . db_param() . " AND
++ status>=" . db_param() . " AND
++ status<" . db_param() . " $specific_where";
++ $result2 = db_query_bound( $query, array( $t_value, $t_res_val,
$t_clo_val ) );
+ $t_metrics['resolved'][$t_label] = db_result( $result2, 0, 0 );
+ }
+
+@@ -818,12 +826,12 @@ function create_cumulative_bydate() {
+ FROM $t_bug_table LEFT JOIN $t_history_table
+ ON $t_bug_table.id = $t_history_table.bug_id
+ WHERE $specific_where
+- AND $t_bug_table.status >=
'$t_res_val'
+- AND ( (
$t_history_table.new_value >= '$t_res_val'
++ AND $t_bug_table.status >= " . db_param() . "
++ AND ( ( $t_history_table.new_value >= " . db_param()
. "
+ AND
$t_history_table.field_name = 'status' )
+ OR $t_history_table.id is NULL )
+ ORDER BY $t_bug_table.id, date_modified ASC";
+- $result = db_query( $query );
++ $result = db_query( $query, array( $t_res_val, $t_res_val ) );
+ $bug_count = db_num_rows( $result );
+
+ $t_last_id = 0;
+--- mantis-1.2.11.orig/plugins/MantisGraph/pages/bug_graph_bycategory.php
++++ mantis-1.2.11/plugins/MantisGraph/pages/bug_graph_bycategory.php
+@@ -105,9 +105,9 @@
+ ' WHERE bug_id in ('.implode(',', $t_bug).') and '.
+ '( (type='.NORMAL_TYPE.' and field_name=\'category\') or '.
+ '(type='.NORMAL_TYPE.' and field_name=\'status\') or
type='.NEW_BUG.' ) and '.
+- 'date_modified >= \''. $t_start .'\''.
++ 'date_modified >= ' . db_param() .
+ ' order by date_modified DESC';
+- $t_result = db_query( $t_select );
++ $t_result = db_query_bound( $t_select, array( $t_start ) );
+ $row = db_fetch_array( $t_result );
+
+ for ($t_now = time() - $t_incr; $t_now >= $t_start; $t_now -= $t_incr) {
+--- mantis-1.2.11.orig/plugins/MantisGraph/pages/bug_graph_bystatus.php
++++ mantis-1.2.11/plugins/MantisGraph/pages/bug_graph_bystatus.php
+@@ -101,9 +101,9 @@
+ $t_select = 'SELECT bug_id, type, old_value, new_value, date_modified
FROM '.$t_bug_hist_table.
+ ' WHERE bug_id in ('.implode(',', $t_bug).
+ ') and ( (type='.NORMAL_TYPE.' and field_name=\'status\')
+- or type='.NEW_BUG.' ) and date_modified >= \''. $t_start .'\''.
++ or type='.NEW_BUG.' ) and date_modified >= ' . db_param() .
+ ' order by date_modified DESC';
+- $t_result = db_query( $t_select );
++ $t_result = db_query_bound( $t_select, array( $t_start ) );
+ $t_row = db_fetch_array( $t_result );
+
+ for ($t_now = time() - $t_incr; $t_now >= $t_start; $t_now -= $t_incr) {
+--- mantis-1.2.11.orig/core/summary_api.php
++++ mantis-1.2.11/core/summary_api.php
+@@ -58,7 +58,7 @@ function summary_print_by_enum( $p_enum
+ WHERE $t_project_filter
+ GROUP BY $p_enum $t_status_query
+ ORDER BY $p_enum $t_status_query";
+- $result = db_query( $query );
++ $result = db_query_bound( $query );
+
+ $t_last_value = -1;
+ $t_bugs_open = 0;
+@@ -355,10 +355,10 @@ function summary_print_by_age() {
+ return;
+ }
+ $query = "SELECT * FROM $t_mantis_bug_table
+- WHERE status < $t_resolved
++ WHERE status < " . db_param() . "
+ AND $specific_where
+ ORDER BY date_submitted ASC, priority DESC";
+- $result = db_query( $query );
++ $result = db_query_bound( $query, array( $t_resolved ) );
+
+ $t_count = 0;
+ $t_private_bug_threshold = config_get( 'private_bug_threshold' );
+@@ -404,7 +404,7 @@ function summary_print_by_developer() {
+ WHERE handler_id>0 AND $specific_where
+ GROUP BY handler_id, status
+ ORDER BY handler_id, status";
+- $result = db_query( $query );
++ $result = db_query_bound( $query );
+
+ $t_last_handler = -1;
+ $t_bugs_open = 0;
+@@ -505,7 +505,7 @@ function summary_print_by_reporter() {
+ WHERE $specific_where
+ GROUP BY reporter_id
+ ORDER BY num DESC";
+- $result = db_query( $query, $t_reporter_summary_limit );
++ $result = db_query_bound( $query, null, $t_reporter_summary_limit );
+
+ $t_reporters = array();
+ while( $row = db_fetch_array( $result ) ) {
+@@ -517,11 +517,11 @@ function summary_print_by_reporter() {
+ foreach( $t_reporters as $t_reporter ) {
+ $v_reporter_id = $t_reporter;
+ $query = "SELECT COUNT(id) as bugcount, status FROM
$t_mantis_bug_table
+- WHERE reporter_id=$v_reporter_id
++ WHERE reporter_id=" . db_param() . "
+ AND $specific_where
+ GROUP BY status
+ ORDER BY status";
+- $result2 = db_query( $query );
++ $result2 = db_query_bound( $query, array( $v_reporter_id ) );
+
+ $last_reporter = -1;
+ $t_bugs_open = 0;
+@@ -589,7 +589,7 @@ function summary_print_by_category() {
+ GROUP BY $t_project_query category_id, c.name,
b.status
+ ORDER BY $t_project_query category_id, c.name,
b.status";
+
+- $result = db_query( $query );
++ $result = db_query_bound( $query );
+
+ $last_category_name = -1;
+ $last_category_id = -1;
+--- mantis-1.2.11.orig/core/news_api.php
++++ mantis-1.2.11/core/news_api.php
+@@ -204,9 +204,11 @@ function news_get_rows( $p_project_id, $
+
+ if( 1 == count( $t_projects ) ) {
+ $c_project_id = $t_projects[0];
+- $query .= " WHERE project_id='$c_project_id'";
++ $query .= " WHERE project_id=" . db_params();
++ $t_params = array( $c_project_id );
+ } else {
+ $query .= ' WHERE project_id IN (' . join( $t_projects, ',' ) .
')';
++ $t_params = null;
+ }
+
+ $query .= " ORDER BY date_posted DESC";
+@@ -272,7 +274,7 @@ function news_get_limited_rows( $p_offse
+ }
+
+ $query .= ' ORDER BY announcement DESC, id DESC';
+- $result = db_query( $query, $t_news_view_limit,
$c_offset );
++ $result = db_query_bound( $query, $t_params, $t_news_view_limit,
$c_offset );
+ break;
+ case 1:
+
+@@ -323,4 +325,4 @@ function news_ensure_enabled() {
+ if ( !news_is_enabled() ) {
+ access_denied();
+ }
+-}
+\ No newline at end of file
++}
+--- mantis-1.2.11.orig/api/soap/mc_project_api.php
++++ mantis-1.2.11/api/soap/mc_project_api.php
+@@ -593,14 +593,14 @@ function mc_project_get_attachments( $p_
+ FROM $t_project_file_table pft
+ LEFT JOIN $t_project_table pt ON pft.project_id = pt.id
+ LEFT JOIN $t_project_user_list_table pult
+- ON pft.project_id = pult.project_id AND pult.user_id =
$t_user_id
+- LEFT JOIN $t_user_table ut ON ut.id = $t_user_id
++ ON pft.project_id = pult.project_id AND pult.user_id = " . db_param()
. "
++ LEFT JOIN $t_user_table ut ON ut.id = " . db_param() . "
+ WHERE pft.project_id in (" . implode( ',', $t_projects ) . ")
AND
+- ( ( ( pt.view_state = $t_pub OR pt.view_state is null ) AND
pult.user_id is null AND ut.access_level $t_access_clause ) OR
+- ( ( pult.user_id = $t_user_id ) AND ( pult.access_level
$t_access_clause ) ) OR
+- ( ut.access_level = $t_admin ) )
++ ( ( ( pt.view_state = " . db_param() . " OR pt.view_state is null )
AND pult.user_id is null AND ut.access_level $t_access_clause ) OR
++ ( ( pult.user_id = " . db_param() . " ) AND ( pult.access_level
$t_access_clause ) ) OR
++ ( ut.access_level = " . db_param() . " ) )
+ ORDER BY pt.name ASC, pft.title ASC";
+- $result = db_query( $query );
++ $result = db_query_bound( $query, array( $t_user_id, $t_user_id, $t_pub,
$t_user_id, $t_admin ) );
+ $num_files = db_num_rows( $result );
+
+ $t_result = array();
diff --git a/source/network-extra/mantis/FrugalBuild
b/source/network-extra/mantis/FrugalBuild
index f8abb3c..13459cf 100644
--- a/source/network-extra/mantis/FrugalBuild
+++ b/source/network-extra/mantis/FrugalBuild
@@ -3,7 +3,7 @@
pkgname=mantis
pkgver=1.2.8
-pkgrel=1
+pkgrel=2arcturus1
pkgdesc="a free popular web-based bugtracking system"
rodepends=('php>=4.0.6' 'mysql>=3.23.2')
groups=('network-extra')
@@ -16,6 +16,17 @@ up2date="lynx -dump http://www.mantisbt.org/ | grep 'latest
stable' | sed 's/.*]
source=($source strings_hungarian.txt email_padding.patch README.Frugalware)
options=('stick')
backup=('var/www/mantis/config_inc.php')
+sha1sums=('6cff6fd7d709e25c620c9717d6bf079ce52b73c5' \
+ 'e316589c6f369eeeb8a937f4b849aed3c9c73fee' \
+ 'c8a65e327a828a702623ea917277ef55c92cdaa8' \
+ 'd62d9493d254e33f8ec793a50ed3d3742e7b8110')
+
+# FSA fix ***
+source=(${source[@]} CVE-2014-1608.patch CVE-2014-1609.patch)
+sha1sums=(${sha1sums[@]} 'f89a1245b0883e0cd8a35f3d50f7e5f6442bd263' \
+ '1e6ab8ddc7072be1e897ab5893be6af5ac96a334')
+# ***********
+
build()
{
@@ -35,7 +46,4 @@ build()
chown nobody:nobody $Fdestdir/var/www/$pkgname -R
}
-sha1sums=('6cff6fd7d709e25c620c9717d6bf079ce52b73c5' \
- 'e316589c6f369eeeb8a937f4b849aed3c9c73fee' \
- 'c8a65e327a828a702623ea917277ef55c92cdaa8' \
- 'd62d9493d254e33f8ec793a50ed3d3742e7b8110')
+
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git
