From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Nov 1 14:40:22 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F17A16A41F for ; Tue, 1 Nov 2005 14:40:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27CC043D46 for ; Tue, 1 Nov 2005 14:40:21 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jA1EeKuq097698 for ; Tue, 1 Nov 2005 14:40:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jA1EeK72097697; Tue, 1 Nov 2005 14:40:20 GMT (envelope-from gnats) Resent-Date: Tue, 1 Nov 2005 14:40:20 GMT Resent-Message-Id: <200511011440.jA1EeK72097697@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Nick Hilliard Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BE4016A41F for ; Tue, 1 Nov 2005 14:35:47 +0000 (GMT) (envelope-from nick@muffin.acquirer.com) Received: from mail.acquirer.com (mail.acquirer.com [213.94.200.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id F21EA43D46 for ; Tue, 1 Nov 2005 14:35:42 +0000 (GMT) (envelope-from nick@muffin.acquirer.com) Received: from muffin.acquirer.com (localhost [IPv6:::1]) by mail.acquirer.com (8.13.4/8.13.4) with ESMTP id jA1EZNIj039614 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 1 Nov 2005 14:35:23 GMT (envelope-from nick@muffin.acquirer.com) Received: (from nick@localhost) by muffin.acquirer.com (8.13.4/8.12.3/Submit) id jA1EZNeo089993; Tue, 1 Nov 2005 14:35:23 GMT (envelope-from nick) Message-Id: <200511011435.jA1EZNeo089993@muffin.acquirer.com> Date: Tue, 1 Nov 2005 14:35:23 GMT From: Nick Hilliard To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/88332: Update port: devel/flyspray -> 0.9.8 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Nick Hilliard List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2005 14:40:22 -0000 >Number: 88332 >Category: ports >Synopsis: Update port: devel/flyspray -> 0.9.8 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Nov 01 14:40:20 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Nick Hilliard >Release: FreeBSD 5.4-RELEASE-p1 i386 >Organization: Network Ability Ltd >Environment: System: FreeBSD xx 5.4-RELEASE-p1 FreeBSD 5.4-RELEASE-p1 #0: Fri May 20 11:11:40 IST 2005 nick@xx:/data/FreeBSD-src/usr.obj.current/data/FreeBSD-src/current/src/sys/MUFFIN i386 >Description: Update for Flyspray 0.9.7 -> 0.9.8. A couple of days after the author released 0.9.8, a security problem was found, and a separate update archive was released as 0.9.8-update1. This port includes the patches from -update1, and has set PORTEPOCH to 1 in order to note that this is not vanilla 0.9.8. >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # flyspray-0.9.8.1 # flyspray-0.9.8.1/files # flyspray-0.9.8.1/files/README.FreeBSD # flyspray-0.9.8.1/files/patch-.htaccess # flyspray-0.9.8.1/files/patch-docs::CHANGELOG.txt # flyspray-0.9.8.1/files/patch-header.php # flyspray-0.9.8.1/files/patch-includes::functions.inc.php # flyspray-0.9.8.1/files/patch-includes::regexp.php # flyspray-0.9.8.1/files/patch-index.php # flyspray-0.9.8.1/files/patch-remote.php # flyspray-0.9.8.1/files/patch-scripts::details.php # flyspray-0.9.8.1/files/patch-scripts::index.php # flyspray-0.9.8.1/files/patch-scripts::newtask.php # flyspray-0.9.8.1/files/patch-scripts::reports.php # flyspray-0.9.8.1/pkg-message # flyspray-0.9.8.1/pkg-descr # flyspray-0.9.8.1/pkg-deinstall # flyspray-0.9.8.1/distinfo # flyspray-0.9.8.1/pkg-plist # flyspray-0.9.8.1/Makefile # echo c - flyspray-0.9.8.1 mkdir -p flyspray-0.9.8.1 > /dev/null 2>&1 echo c - flyspray-0.9.8.1/files mkdir -p flyspray-0.9.8.1/files > /dev/null 2>&1 echo x - flyspray-0.9.8.1/files/README.FreeBSD sed 's/^X//' >flyspray-0.9.8.1/files/README.FreeBSD << 'END-of-flyspray-0.9.8.1/files/README.FreeBSD' XConfiguration Instructions for Flyspray X======================================= X X0) If you are upgrading from a previous version of flyspray, please skip to X the Upgrading section below. X X1) Create a mysql database for Flyspray to use. Here is one way to do that, X from the unix/linux command line, entering your mysql root password when X prompted: X X# mysqladmin -u root -p create flyspray X X2) Insert the following configuration command into your Apache httpd.conf: X X Alias "/flyspray/" "%%FLYSPRAYDIR%%/" X X AllowOverride All X Options Indexes FollowSymLinks X Order allow,deny X Allow from all X X X3) Point your browser to http://yourserver.com/flyspray/ and you should X see the Flyspray setup script! X X4) Click on the admin links to set up your Options and lists. X X5) Close the sample task, and begin adding your own. X X6) Report any bugs you find back to http://flyspray.rocks.cc/bts/ or the X mailing list linked from the Flyspray homepage. X X XUpgrading from Flyspray 0.9.7 X============================= X XYou can upgrade from a previous version of Flyspray by doing the following: X X0) read %%DOCSDIR%%/UPGRADING.txt. X X1) back up your old flyspray task database using "mysqldump". No, really, X you seriously run the risk of losing data if you don't do this. X X2) load http://yourserver.com/flyspray/ in your browser and follow the X installation instructions. On the "Database setup" page, set the X "Install/Upgrade" field to "Upgrade 0.9.7 - 0.9.8" and enter your X database parameters. X X5) That's it! flyspray has been upgraded to 0.9.8. If you messed up the X sequence of commands, you will probably have lost data in the process, X and may need to re-install your database from your backup. You did X take a backup, right? END-of-flyspray-0.9.8.1/files/README.FreeBSD echo x - flyspray-0.9.8.1/files/patch-.htaccess sed 's/^X//' >flyspray-0.9.8.1/files/patch-.htaccess << 'END-of-flyspray-0.9.8.1/files/patch-.htaccess' X--- .htaccess.orig Tue Nov 1 13:13:20 2005 X+++ .htaccess Tue Nov 1 13:13:20 2005 X@@ -5,6 +5,8 @@ X X RewriteEngine on X X+ReWriteBase /flyspray X+ X RewriteRule ^.*\?do=admin&area=prefs$ index.php?do=admin&area=prefs [L] X X RewriteRule ^([0-9]+)$ index.php?do=details&id=$1 [L] X@@ -12,7 +14,7 @@ X RewriteRule ^task/([0-9]+)comment([0-9]+)$ index.php?do=details&id=$1comment$2 [L] X RewriteRule ^task/([0-9]+)/depends$ index.php?do=depends&id=$1 [L] X RewriteRule ^task/([0-9]+)/edit$ index.php?do=details&id=$1&edit=yep [L] X- X+RewriteRule ^task/([0-9]+)/depends&prune=([0-9]+)$ index.php?do=depends&id=$1&prune=$2 [L] X RewriteRule ^newtask$ index.php?do=newtask [L] X RewriteRule ^newtask/proj([0-9]+)$ index.php?do=newtask&project=$1 [L] X END-of-flyspray-0.9.8.1/files/patch-.htaccess echo x - flyspray-0.9.8.1/files/patch-docs::CHANGELOG.txt sed 's/^X//' >flyspray-0.9.8.1/files/patch-docs::CHANGELOG.txt << 'END-of-flyspray-0.9.8.1/files/patch-docs::CHANGELOG.txt' X--- docs/CHANGELOG.txt.orig Sun Oct 23 01:22:26 2005 X+++ docs/CHANGELOG.txt Sun Oct 30 07:11:06 2005 X@@ -1,4 +1,14 @@ X-0.9.8 - 23 October 2005 X+0.9.8 update1 - 30 October 05 X+ X+FIXED - Lack of .htaccess rewrite rule for dependency graphs X+FIXED - Cross Site Scripting security hole X+FIXED - Project selector permission query X+FIXED - Date range for Reports X+FIXED - Bugs with language pack function X+FIXED - error_reporting() in header.php X+ X+ X+0.9.8 - 23 October 05 X X NEW - Full-featured installer X NEW - Address rewriting for human-readable URLs END-of-flyspray-0.9.8.1/files/patch-docs::CHANGELOG.txt echo x - flyspray-0.9.8.1/files/patch-header.php sed 's/^X//' >flyspray-0.9.8.1/files/patch-header.php << 'END-of-flyspray-0.9.8.1/files/patch-header.php' X--- header.php.orig Sun Oct 23 01:11:14 2005 X+++ header.php Wed Oct 26 04:16:53 2005 X@@ -4,8 +4,11 @@ X // move flyspray.conf.php to a directory where a browser can't access it. X // (RECOMMENDED). X X-// Turn off PHP notices X-error_reporting(E_ALL & -E_NOTICE); X+// You might like to uncomment the next line if you are receiving lots of X+// PHP NOTICE errors. We are in the process of making Flyspray stop making X+// these errors, but this will help hide them until we are finished. X+ X+//error_reporting(E_ALL & ~E_NOTICE); X X // Check PHP Version (Must Be at least 4.3) X // For 0.9.9, this should redirect to the error page END-of-flyspray-0.9.8.1/files/patch-header.php echo x - flyspray-0.9.8.1/files/patch-includes::functions.inc.php sed 's/^X//' >flyspray-0.9.8.1/files/patch-includes::functions.inc.php << 'END-of-flyspray-0.9.8.1/files/patch-includes::functions.inc.php' X--- includes/functions.inc.php.orig Sun Oct 23 09:03:37 2005 X+++ includes/functions.inc.php Sun Oct 30 10:51:12 2005 X@@ -18,19 +18,31 @@ X */ X function get_language_pack($lang, $module) X { X- $before = get_defined_vars(); X+ // MC: functions module is in functions.*inc*.php X+ if ($module == 'functions') { X+ $module .= '.inc'; X+ } X+ X+ $before = get_defined_vars(); X require_once("lang/en/$module.php"); X $after_en = get_defined_vars(); X- $new_var = array_keys(array_diff($after_en, $before)); X- $new_var_name = @$new_var[1]; X- $new_var['en'] = @$$new_var_name; X- if (file_exists("lang/$lang/$module.php")) X- { X- require_once("lang/$lang/$module.php"); X- } X- $new_var[$lang] = @$$new_var_name; X+ $new_var = array_keys(array_diff($after_en, $before)); X X- $$new_var_name = @array_merge($new_var['en'], $new_var[$lang]); X+ if (isset($new_var[1])) { X+ list(, $new_var_name) = $new_var; X+ $new_var['en'] = $$new_var_name; X+ X+ if (file_exists("lang/$lang/$module.php")) { X+ require_once("lang/$lang/$module.php"); X+ } X+ $new_var[$lang] = $$new_var_name; X+ // $$new_var_name = array_merge($new_var['en'], $new_var[$lang]); X+ $$new_var_name = $new_var['en']; X+ $merge_ref =& $$new_var_name; X+ foreach ($new_var[$lang] as $key => $val) { X+ $merge_ref[$key] = $val; X+ } X+ } X } X X /** Redirects the browser to the page in $url X@@ -189,17 +201,19 @@ X X $status_id = $get_details['item_status']; X X- require("lang/$lang/status.php"); X+ global $status_list, $severity_list, $priority_list; X+ $this->get_language_pack($lang, 'status'); X+ $this->get_language_pack($lang, 'severity'); X+ $this->get_language_pack($lang, 'priority'); X+ X $tmp_array = array("status_name" => $status_list[$status_id]); X $get_details = $get_details + $tmp_array; X X $severity_id = $get_details['task_severity']; X- require("lang/$lang/severity.php"); X $tmp_array = array("severity_name" => $severity_list[$severity_id]); X $get_details = $get_details + $tmp_array; X X $priority_id = $get_details['task_priority']; X- require("lang/$lang/priority.php"); X $tmp_array = array("priority_name" => $priority_list[$priority_id]); X $get_details = $get_details + $tmp_array; X X@@ -301,8 +315,9 @@ X global $db; X global $dbprefix; X global $lang; X+ global $functions_text; X X- require("lang/$lang/functions.inc.php"); X+ $this->get_language_pack($lang, 'functions'); X X // Just in case $perpage is something weird, like 0, fix it here: X if ($perpage < 1) { $perpage = ($totalcount > 0 ? $totalcount : 1); } END-of-flyspray-0.9.8.1/files/patch-includes::functions.inc.php echo x - flyspray-0.9.8.1/files/patch-includes::regexp.php sed 's/^X//' >flyspray-0.9.8.1/files/patch-includes::regexp.php << 'END-of-flyspray-0.9.8.1/files/patch-includes::regexp.php' X--- includes/regexp.php.orig Sun Jul 24 12:00:47 2005 X+++ includes/regexp.php Wed Oct 26 23:03:01 2005 X@@ -55,6 +55,20 @@ X X }; X X+if (isset($_GET['sort2']) && !empty($_GET['sort2'])) X+{ X+ // Yes. Now check its regex format for safety -- Limited range X+ if (preg_match ("/^(asc|desc)$/", $_GET['sort2'])) { X+ X+ // continue; X+ } else { X+ X+ $fs->Redirect($fs->CreateURL('error', null)); X+// print "Sorting request is invalid."; exit; X+ }; X+ X+}; X+ X if (isset($_GET['project']) && !empty($_GET['project'])) { X X // Yes. Now check its regex format for safety -- Numbers only X@@ -69,6 +83,21 @@ X }; X }; X X+if (isset($_GET['type']) && !empty($_GET['type'])) { X+ X+ // Yes. Now check its regex format for safety -- Numbers only X+ if (preg_match ("/^\d+$/", $_GET['type'])) { X+ X+ // continue; X+ X+ } else { X+ X+ $fs->Redirect($fs->CreateURL('error', null)); X+// print "Tasktype request is invalid."; exit; X+ }; X+}; X+ X+ X if (isset($_GET['page']) && !empty($_GET['page'])) X { X // Yes. Now check its regex format for safety -- Numbers only X@@ -324,4 +353,48 @@ X // print "Magic URL is invalid."; exit; X }; X }; X+ X+if (isset($_GET['tasks']) && !empty($_GET['tasks'])) X+{ X+ // Yes. Now check its regex format for safety -- Limited range X+ if (preg_match ("/^(all|assigned|reported|watched)$/", $_GET['tasks'])) { X+ X+ // continue; X+ } else { X+ X+ $fs->Redirect($fs->CreateURL('error', null)); X+// print "Tasks request is invalid."; exit; X+ }; X+ X+}; X+ X+if (isset($_GET['due']) && !empty($_GET['due'])) { X+ X+ // Yes. Now check its regex format for safety -- Numbers only X+ if (preg_match ("/^\d+$/", $_GET['due'])) { X+ X+ // continue; X+ } else { X+ X+ $fs->Redirect($fs->CreateURL('error', null)); X+// print "Due version request is invalid."; exit; X+ }; X+}; X+ X+if (isset($_GET['string']) && !empty($_GET['string'])) { X+ X+ // Yes. Now check its regex format for safety -- Numbers only X+ if (preg_match ("!<.*>!", $_GET['string'])) { X+ $fs->Redirect($fs->CreateURL('error', null)); X+ }; X+}; X+ X+if (isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) { X+ X+ // Yes. Now check its regex format for safety -- Numbers only X+ if (preg_match ("!<.*>!", $_GET['PHPSESSID'])) { X+ $fs->Redirect($fs->CreateURL('error', null)); X+ }; X+}; X+ X ?> END-of-flyspray-0.9.8.1/files/patch-includes::regexp.php echo x - flyspray-0.9.8.1/files/patch-index.php sed 's/^X//' >flyspray-0.9.8.1/files/patch-index.php << 'END-of-flyspray-0.9.8.1/files/patch-index.php' X--- index.php.orig Sat Oct 22 13:40:26 2005 X+++ index.php Thu Oct 27 00:09:01 2005 X@@ -384,15 +384,17 @@ X // or, if the user is logged in X } elseif (isset($_COOKIE['flyspray_userid'])) X { X- $get_projects = $db->Query("SELECT DISTINCT p.* X- FROM {$dbprefix}users_in_groups uig X- LEFT JOIN {$dbprefix}groups g ON uig.group_id = g.group_id, X- {$dbprefix}projects p X- WHERE ((uig.user_id = ? X- AND g.view_tasks = '1') X- OR p.others_view = '1') X- AND p.project_is_active = '1' X- GROUP BY p.project_id", X+ $get_projects = $db->Query("SELECT p.* FROM {$dbprefix}projects p X+ LEFT JOIN {$dbprefix}groups g X+ ON p.project_id=g.belongs_to_project X+ AND g.view_tasks=1 X+ LEFT JOIN {$dbprefix}users_in_groups uig X+ ON uig.group_id = g.group_id X+ AND uig.user_id = ? X+ WHERE p.project_is_active='1' X+ AND (p.others_view X+ OR uig.user_id IS NOT NULL) X+ ORDER BY p.project_title", X array($current_user['user_id']) X ); X // Anonymous users END-of-flyspray-0.9.8.1/files/patch-index.php echo x - flyspray-0.9.8.1/files/patch-remote.php sed 's/^X//' >flyspray-0.9.8.1/files/patch-remote.php << 'END-of-flyspray-0.9.8.1/files/patch-remote.php' X--- remote.php.orig Thu Aug 25 01:53:36 2005 X+++ remote.php Wed Oct 26 23:03:01 2005 X@@ -564,6 +564,7 @@ X { X global $fs; X global $db; X+ global $dbprefix; X include_once('includes/notify.inc.php'); X $notify = new Notifications; X END-of-flyspray-0.9.8.1/files/patch-remote.php echo x - flyspray-0.9.8.1/files/patch-scripts::details.php sed 's/^X//' >flyspray-0.9.8.1/files/patch-scripts::details.php << 'END-of-flyspray-0.9.8.1/files/patch-scripts::details.php' X--- scripts/details.php.orig Sat Oct 22 13:41:22 2005 X+++ scripts/details.php Thu Oct 27 00:09:01 2005 X@@ -91,17 +91,19 @@ X } elseif (isset($_COOKIE['flyspray_userid'])) X { X X- $get_projects = $db->Query("SELECT DISTINCT p.* X- FROM {$dbprefix}users_in_groups uig X- LEFT JOIN {$dbprefix}groups g ON uig.group_id = g.group_id, X- {$dbprefix}projects p X- WHERE ((uig.user_id = ? X- AND g.view_tasks = '1') X- OR p.others_view = '1') X- AND p.project_is_active = '1' X- ORDER BY p.project_title", X- array($current_user['user_id']) X- ); X+ $get_projects = $db->Query("SELECT p.* FROM {$dbprefix}projects p X+ LEFT JOIN {$dbprefix}groups g X+ ON p.project_id=g.belongs_to_project X+ AND g.view_tasks=1 X+ LEFT JOIN {$dbprefix}users_in_groups uig X+ ON uig.group_id = g.group_id X+ AND uig.user_id = ? X+ WHERE p.project_is_active='1' X+ AND (p.others_view X+ OR uig.user_id IS NOT NULL) X+ ORDER BY p.project_title", X+ array($current_user['user_id']) X+ ); X X } else X { X@@ -242,7 +244,7 @@ X X get_language_pack($lang, 'severity'); X foreach($severity_list as $key => $val) X { X if ($task_details['task_severity'] == $key) X@@ -340,7 +342,7 @@ X X X get_language_pack($lang, 'severity'); X foreach($severity_list as $key => $val) X { X if (isset($_GET['sev']) && $_GET['sev'] == $key) X@@ -430,7 +432,7 @@ X X X get_language_pack($lang, 'status'); X foreach($status_list as $key => $val) X { X if (isset($_GET['status']) && $_GET['status'] == $key) X@@ -739,18 +741,18 @@ X { X // Get the full status name X $status_id = $task_details['item_status']; X- require("lang/$lang/status.php"); X+ $fs->get_language_pack($lang, 'status'); X $status = $status_list[$status_id]; X } X X // Get the full severity name X $severity_id = $task_details['task_severity']; X- require("lang/$lang/severity.php"); X+ $fs->get_language_pack($lang, 'severity'); X $severity = $severity_list[$severity_id]; X X // Get the full priority name X $priority_id = $task_details['task_priority']; X- require("lang/$lang/priority.php"); X+ $fs->get_language_pack($lang, 'priority'); X $priority = $priority_list[$priority_id]; X X // see if it's been assigned END-of-flyspray-0.9.8.1/files/patch-scripts::index.php echo x - flyspray-0.9.8.1/files/patch-scripts::newtask.php sed 's/^X//' >flyspray-0.9.8.1/files/patch-scripts::newtask.php << 'END-of-flyspray-0.9.8.1/files/patch-scripts::newtask.php' X--- scripts/newtask.php.orig Thu Sep 29 21:43:25 2005 X+++ scripts/newtask.php Wed Oct 26 23:03:01 2005 X@@ -104,7 +104,7 @@ X X get_language_pack($lang, 'severity'); X foreach($severity_list as $key => $val) X { X if ($key == '2') X@@ -198,7 +198,7 @@ X