[pkgsrc/trunk]: pkgsrc/devel/mantis mantisBT: patch CVE-2017-7615, allowing a...

[maya <maya%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c182b6be86d6
branches:  trunk
changeset: 361212:c182b6be86d6
user:      maya <maya%pkgsrc.org@localhost>
date:      Mon Apr 17 09:57:14 2017 +0000

description:
mantisBT: patch CVE-2017-7615, allowing any user to authenticate as admin
using upstream provided patch.

XXX THIS IS THE WRONG FIX, PACKAGE SHOULD BE UPDATED TO LATEST VERSION

bump PKGREVISION

diffstat:

 devel/mantis/Makefile                 |   8 ++++++--
 devel/mantis/distinfo                 |   3 ++-
 devel/mantis/patches/patch-verify.php |  16 ++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diffs (56 lines):

diff -r 15628b0840b6 -r c182b6be86d6 devel/mantis/Makefile
--- a/devel/mantis/Makefile     Mon Apr 17 09:52:16 2017 +0000
+++ b/devel/mantis/Makefile     Mon Apr 17 09:57:14 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2016/09/11 17:03:25 taca Exp $
+# $NetBSD: Makefile,v 1.49 2017/04/17 09:57:14 maya Exp $
 
 DISTNAME=      mantisbt-1.3.1
-PKGREVISION=   1
+PKGREVISION=   2
 PKGNAME=       ${DISTNAME:S/mantisbt/mantis/}
 CATEGORIES=    devel www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=mantisbt/}
@@ -53,6 +53,10 @@
 post-extract:
        ${CP} ${FILESDIR}/mantis.conf ${WRKSRC}
 
+# Get rid of patch leftovers
+post-patch:
+       ${RM} ${WRKSRC}/*.orig
+
 do-install:
        cd ${WRKSRC}/doc && \
                pax -rwpppm en-US ${DESTDIR}${PREFIX}/share/doc/mantis
diff -r 15628b0840b6 -r c182b6be86d6 devel/mantis/distinfo
--- a/devel/mantis/distinfo     Mon Apr 17 09:52:16 2017 +0000
+++ b/devel/mantis/distinfo     Mon Apr 17 09:57:14 2017 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.19 2016/08/30 12:37:43 ryoon Exp $
+$NetBSD: distinfo,v 1.20 2017/04/17 09:57:14 maya Exp $
 
 SHA1 (mantisbt-1.3.1.tar.gz) = baa398bd59356ed4142270b38fcdf67c6df54a4c
 RMD160 (mantisbt-1.3.1.tar.gz) = 828fc4f24dc17e77dacd20c12fc7917f1834a8bc
 SHA512 (mantisbt-1.3.1.tar.gz) = bac797f7d744b5f8911d2674779c790f6770fbbe7e28203a108cd51d8360cdd0830d3e68459a4d1892ca20c414f1ed37a8e71102bf804deba7073ea53885a1c1
 Size (mantisbt-1.3.1.tar.gz) = 13444685 bytes
+SHA1 (patch-verify.php) = 7e312200115639ad950009d75dae92b675166eb9
diff -r 15628b0840b6 -r c182b6be86d6 devel/mantis/patches/patch-verify.php
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/mantis/patches/patch-verify.php     Mon Apr 17 09:57:14 2017 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-verify.php,v 1.1 2017/04/17 09:57:14 maya Exp $
+
+Patch CVE-2017-7615
+from http://www.mantisbt.org/blog/?p=518
+
+--- verify.php.orig    2016-08-28 04:50:59.000000000 +0000
++++ verify.php
+@@ -63,7 +63,7 @@ if( auth_is_user_authenticated() ) {
+ 
+ $t_token_confirm_hash = token_get_value( TOKEN_ACCOUNT_ACTIVATION, $f_user_id );
+ 
+-if( $f_confirm_hash != $t_token_confirm_hash ) {
++if( $t_token_confirm_hash == null || $f_confirm_hash !== $t_token_confirm_hash ) {
+       trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
+ }
+