Security bump wrt bug 489050

(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 42618354)

3 files changed, 69 insertions, 1 deletions

diff --git a/www-apps/mantisbt/ChangeLog b/www-apps/mantisbt/ChangeLog
index bfae513c4438..8d8bdc7cd74d 100644
--- a/www-apps/mantisbt/ChangeLog
+++ b/www-apps/mantisbt/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apps/mantisbt
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.124 2013/05/21 03:02:16 patrick Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/ChangeLog,v 1.125 2013/12/03 01:31:09 creffett Exp $
+
+*mantisbt-1.2.15-r1 (03 Dec 2013)
+
+  03 Dec 2013; Chris Reffett <creffett@gentoo.org>
+  +files/mantisbt-1.2.15-cve20134460.patch, +mantisbt-1.2.15-r1.ebuild:
+  Security bump wrt bug 489050
 
   21 May 2013; Patrick Lauer <patrick@gentoo.org> -mantisbt-1.2.11.ebuild,
   -mantisbt-1.2.12.ebuild, -mantisbt-1.2.8.ebuild:
diff --git a/www-apps/mantisbt/files/mantisbt-1.2.15-cve20134460.patch b/www-apps/mantisbt/files/mantisbt-1.2.15-cve20134460.patch
new file mode 100644
index 000000000000..94f7af27a521
--- /dev/null
+++ b/www-apps/mantisbt/files/mantisbt-1.2.15-cve20134460.patch
@@ -0,0 +1,22 @@
+diff --git a/account_sponsor_page.php b/account_sponsor_page.php
+index cccdf25..197564c 100644
+--- a/account_sponsor_page.php
++++ b/account_sponsor_page.php
+@@ -138,7 +138,7 @@
+ 
+ 			echo '<tr bgcolor="' . get_status_color( $t_bug->status, auth_get_current_user_id(), $t_bug->project_id ) . '">';
+ 			echo '<td><a href="' . string_get_bug_view_url( $row['bug'] ) . '">' . bug_format_id( $row['bug'] ) . '</a></td>';
+-			echo '<td>' . project_get_field( $t_bug->project_id, 'name' ) . '&#160;</td>';
++			echo '<td>' . string_display_line( project_get_field( $t_bug->project_id, 'name' ) ) . '&#160;</td>';
+ 			echo '<td class="right">' . $t_released_label . '&#160;</td>';
+ 			echo '<td><span class="issue-status" title="' . $t_resolution . '">' . $t_status . '</span></td>';
+ 			echo '<td>';
+@@ -248,7 +248,7 @@
+ 
+ 			echo '<tr bgcolor="' . get_status_color( $t_bug->status, auth_get_current_user_id(), $t_bug->project_id ) . '">';
+ 			echo '<td><a href="' . string_get_bug_view_url( $row['bug'] ) . '">' . bug_format_id( $row['bug'] ) . '</a></td>';
+-			echo '<td>' . project_get_field( $t_bug->project_id, 'name' ) . '&#160;</td>';
++			echo '<td>' . string_display_line( project_get_field( $t_bug->project_id, 'name' ) ) . '&#160;</td>';
+ 			echo '<td class="right">' . $t_released_label . '&#160;</td>';
+ 			echo '<td><a title="' . $t_resolution . '"><u>' . $t_status . '</u>&#160;</a></td>';
+ 
diff --git a/www-apps/mantisbt/mantisbt-1.2.15-r1.ebuild b/www-apps/mantisbt/mantisbt-1.2.15-r1.ebuild
new file mode 100644
index 000000000000..732dfaccc7de
--- /dev/null
+++ b/www-apps/mantisbt/mantisbt-1.2.15-r1.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/mantisbt/mantisbt-1.2.15-r1.ebuild,v 1.1 2013/12/03 01:31:09 creffett Exp $
+
+EAPI=5
+
+inherit eutils webapp depend.php
+
+DESCRIPTION="PHP/MySQL/Web based bugtracking system"
+HOMEPAGE="http://www.mantisbt.org/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND="
+	virtual/httpd-php
+	virtual/httpd-cgi
+	>=dev-php/adodb-5.10"
+
+src_prepare() {
+	# Drop external libraries
+	rm -r "${S}/library/adodb/"
+	epatch "${FILESDIR}/${PN}-1.2.15-cve20134460.patch"
+}
+
+src_install() {
+	webapp_src_preinst
+	rm doc/{LICENSE,INSTALL}
+	dodoc doc/{CREDITS,CUSTOMIZATION,RELEASE} doc/en/*
+
+	rm -rf doc packages
+	mv config_inc.php.sample config_inc.php
+	cp -R . "${D}/${MY_HTDOCSDIR}"
+
+	webapp_configfile "${MY_HTDOCSDIR}/config_inc.php"
+	webapp_postinst_txt en "${FILESDIR}/postinstall-en-1.0.0.txt"
+	webapp_src_install
+}